./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3237085345 <...> Warning: Permanently added '10.128.0.18' (ED25519) to the list of known hosts. execve("./syz-executor3237085345", ["./syz-executor3237085345"], 0x7ffe0efa2a10 /* 10 vars */) = 0 brk(NULL) = 0x55558bffa000 brk(0x55558bffad40) = 0x55558bffad40 arch_prctl(ARCH_SET_FS, 0x55558bffa3c0) = 0 set_tid_address(0x55558bffa690) = 5828 set_robust_list(0x55558bffa6a0, 24) = 0 rseq(0x55558bfface0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3237085345", 4096) = 28 getrandom("\x7e\x7e\x24\x5e\x5c\x0e\xe8\x86", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558bffad40 brk(0x55558c01bd40) = 0x55558c01bd40 brk(0x55558c01c000) = 0x55558c01c000 mprotect(0x7fb77d6d7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x55558bffa690) = 5829 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] set_robust_list(0x55558bffa6a0, 24) = 0 ./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5829] mkdir("./syzkaller.6DWJ0b", 0700 [pid 5828] <... clone resumed>, child_tidptr=0x55558bffa690) = 5830 [pid 5830] mkdir("./syzkaller.mhbJUz", 0700 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 5831 ./strace-static-x86_64: Process 5831 attached [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] set_robust_list(0x55558bffa6a0, 24 [pid 5829] chmod("./syzkaller.6DWJ0b", 0777./strace-static-x86_64: Process 5832 attached [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] chmod("./syzkaller.mhbJUz", 0777) = 0 [pid 5829] <... chmod resumed>) = 0 [pid 5832] set_robust_list(0x55558bffa6a0, 24 [pid 5830] chdir("./syzkaller.mhbJUz" [pid 5832] <... set_robust_list resumed>) = 0 [pid 5829] chdir("./syzkaller.6DWJ0b" [pid 5830] <... chdir resumed>) = 0 [pid 5829] <... chdir resumed>) = 0 [pid 5831] mkdir("./syzkaller.az27jI", 0700 [pid 5830] mkdir("./0", 0777 [pid 5832] mkdir("./syzkaller.AfcRSK", 0700 [pid 5828] <... clone resumed>, child_tidptr=0x55558bffa690) = 5832 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] mkdir("./0", 0777 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] chmod("./syzkaller.AfcRSK", 0777 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5833 attached [pid 5832] <... chmod resumed>) = 0 [pid 5831] chmod("./syzkaller.az27jI", 0777 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... clone resumed>, child_tidptr=0x55558bffa690) = 5833 [pid 5833] set_robust_list(0x55558bffa6a0, 24 [pid 5832] chdir("./syzkaller.AfcRSK" [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... chmod resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] <... chdir resumed>) = 0 [pid 5831] chdir("./syzkaller.az27jI" [pid 5829] <... openat resumed>) = 3 [pid 5833] mkdir("./syzkaller.HSEAn9", 0700 [pid 5831] <... chdir resumed>) = 0 [pid 5832] mkdir("./0", 0777 [pid 5831] mkdir("./0", 0777 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5833] <... mkdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... mkdir resumed>) = 0 [pid 5833] chmod("./syzkaller.HSEAn9", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] close(3 [pid 5829] close(3 [pid 5833] <... chmod resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] chdir("./syzkaller.HSEAn9" [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached [pid 5833] <... chdir resumed>) = 0 [pid 5833] mkdir("./0", 0777 [pid 5832] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5834 attached [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5835] set_robust_list(0x55558bffa6a0, 24 [pid 5832] close(3 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5835] chdir("./0" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached [pid 5835] <... chdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 5835 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5836] set_robust_list(0x55558bffa6a0, 24 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 5836 [pid 5836] chdir("./0" [pid 5835] <... openat resumed>) = 3 [pid 5834] set_robust_list(0x55558bffa6a0, 24 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 5834 [pid 5834] <... set_robust_list resumed>) = 0 [pid 5836] <... chdir resumed>) = 0 [pid 5835] write(3, "1000", 4 [pid 5833] <... openat resumed>) = 3 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] chdir("./0" [pid 5836] <... prctl resumed>) = 0 [pid 5835] <... write resumed>) = 4 [pid 5834] <... chdir resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] <... close resumed>) = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5836] setpgid(0, 0 [pid 5834] <... prctl resumed>) = 0 [pid 5835] close(3 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5836] <... setpgid resumed>) = 0 [pid 5834] setpgid(0, 0 [pid 5835] <... close resumed>) = 0 [pid 5833] close(3 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... setpgid resumed>) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5837 attached [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5835] <... symlink resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5837] set_robust_list(0x55558bffa6a0, 24 [pid 5836] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 5837 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] chdir("./0" [pid 5834] write(3, "1000", 4 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 ./strace-static-x86_64: Process 5838 attached [pid 5837] <... chdir resumed>) = 0 [pid 5834] <... write resumed>) = 4 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] close(3executing program [pid 5838] set_robust_list(0x55558bffa6a0, 24 [pid 5837] <... prctl resumed>) = 0 [pid 5838] <... set_robust_list resumed>) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... close resumed>) = 0 [pid 5835] write(1, "executing program\n", 18 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 5838 [pid 5837] setpgid(0, 0) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs" [pid 5838] chdir("./0" [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... symlink resumed>) = 0 [pid 5834] <... symlink resumed>) = 0 [pid 5835] <... write resumed>) = 18 [pid 5838] <... chdir resumed>) = 0 executing program [pid 5837] <... openat resumed>) = 3 [pid 5834] write(1, "executing program\n", 18 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 executing program [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5837] write(3, "1000", 4 [pid 5836] write(1, "executing program\n", 18 [pid 5834] <... write resumed>) = 18 [pid 5835] <... futex resumed>) = 0 [pid 5838] <... prctl resumed>) = 0 [pid 5837] <... write resumed>) = 4 [pid 5836] <... write resumed>) = 18 [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5838] setpgid(0, 0 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5835] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5837] close(3 [pid 5838] <... setpgid resumed>) = 0 [pid 5836] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5834] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] <... close resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] symlink("/dev/binderfs", "./binderfs" [pid 5836] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5837] <... symlink resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], executing program [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5835] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5838] <... openat resumed>) = 3 [pid 5837] write(1, "executing program\n", 18 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5838] write(3, "1000", 4 [pid 5837] <... write resumed>) = 18 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5835] <... mprotect resumed>) = 0 [pid 5838] <... write resumed>) = 4 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5838] close(3) = 0 [pid 5836] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5834] <... mprotect resumed>) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5838] symlink("/dev/binderfs", "./binderfs" [pid 5837] <... futex resumed>) = 0 [pid 5836] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5835] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5838] <... symlink resumed>) = 0 [pid 5837] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5836] <... mprotect resumed>) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} executing program [pid 5838] write(1, "executing program\n", 18 [pid 5837] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5840 attached [pid 5838] <... write resumed>) = 18 [pid 5837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5836] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5835] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5835] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5841 attached [pid 5840] <... rseq resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] set_robust_list(0x7fb77d6019a0, 24 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5841] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5838] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5837] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5834] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5841] <... rseq resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5837] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] set_robust_list(0x7fb77d6019a0, 24 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5837] <... mprotect resumed>) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5842 attached [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5837] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5836] <... clone3 resumed> => {parent_tid=[5841]}, 88) = 5841 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5841] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... futex resumed>) = 0 [pid 5838] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5837] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5842] <... rseq resumed>) = 0 [pid 5840] memfd_create("syzkaller", 0 [pid 5838] <... mprotect resumed>) = 0 [pid 5837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] set_robust_list(0x7fb77d6019a0, 24 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5836] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5843 attached [pid 5842] <... set_robust_list resumed>) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5840] <... memfd_create resumed>) = 3 [pid 5838] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5843] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] memfd_create("syzkaller", 0 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5837] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5844 attached [pid 5843] <... rseq resumed>) = 0 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... memfd_create resumed>) = 3 [pid 5840] <... mmap resumed>) = 0x7fb775000000 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5843] set_robust_list(0x7fb77d6019a0, 24 [pid 5842] memfd_create("syzkaller", 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... rseq resumed>) = 0 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... clone3 resumed> => {parent_tid=[5844]}, 88) = 5844 [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... memfd_create resumed>) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... futex resumed>) = 0 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... mmap resumed>) = 0x7fb775000000 [pid 5841] <... mmap resumed>) = 0x7fb775000000 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] set_robust_list(0x7fb77d6019a0, 24 [pid 5843] memfd_create("syzkaller", 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5843] <... memfd_create resumed>) = 3 [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... futex resumed>) = 0 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5844] memfd_create("syzkaller", 0 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... memfd_create resumed>) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] <... write resumed>) = 16777216 [pid 5842] <... write resumed>) = 16777216 [pid 5840] <... write resumed>) = 16777216 [pid 5840] munmap(0x7fb775000000, 138412032 [pid 5843] munmap(0x7fb775000000, 138412032 [pid 5842] munmap(0x7fb775000000, 138412032 [pid 5843] <... munmap resumed>) = 0 [pid 5840] <... munmap resumed>) = 0 [pid 5842] <... munmap resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5844] <... write resumed>) = 16777216 [pid 5844] munmap(0x7fb775000000, 138412032 [pid 5843] <... openat resumed>) = 4 [pid 5842] <... openat resumed>) = 4 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... openat resumed>) = 4 [pid 5840] ioctl(4, LOOP_SET_FD, 3 [pid 5844] <... munmap resumed>) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5843] <... ioctl resumed>) = 0 [pid 5842] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... write resumed>) = 16777216 [pid 5844] <... openat resumed>) = 4 [pid 5843] close(3 [pid 5840] <... ioctl resumed>) = 0 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... close resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] munmap(0x7fb775000000, 138412032 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5840] close(3 [pid 5844] <... ioctl resumed>) = 0 [pid 5843] close(4 [pid 5842] mkdir("./file0", 0777 [pid 5840] <... close resumed>) = 0 [pid 5844] close(3 [pid 5843] <... close resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5840] close(4 [pid 5844] <... close resumed>) = 0 [pid 5843] mkdir("./file0", 0777 [pid 5844] close(4 [pid 5843] <... mkdir resumed>) = 0 [pid 5842] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5840] <... close resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5843] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5841] <... munmap resumed>) = 0 [pid 5840] mkdir("./file0", 0777 [pid 5844] mkdir("./file0", 0777 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... mkdir resumed>) = 0 syzkaller login: [ 59.199949][ T5843] loop2: detected capacity change from 0 to 32768 [ 59.202962][ T5840] loop0: detected capacity change from 0 to 32768 [ 59.209930][ T5842] loop1: detected capacity change from 0 to 32768 [ 59.227057][ T5844] loop4: detected capacity change from 0 to 32768 [pid 5844] <... mkdir resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5840] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5841] ioctl(4, LOOP_SET_FD, 3 [pid 5844] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5841] <... ioctl resumed>) = 0 [ 59.261296][ T5842] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (5842) [ 59.282132][ T5841] loop3: detected capacity change from 0 to 32768 [ 59.288950][ T5842] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.301914][ T5843] BTRFS: device /dev/loop2 (7:2) using temp-fsid eba9269b-305b-4bf3-b40a-abc74c12b92d [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] mkdir("./file0", 0777) = 0 [ 59.305206][ T5842] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 59.321233][ T5843] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (5843) [ 59.353537][ T5842] BTRFS info (device loop1): using free-space-tree [ 59.365770][ T5840] BTRFS: device /dev/loop0 (7:0) using temp-fsid b2939d16-c039-4d41-b819-37fdd6959c81 [ 59.383779][ T5843] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.402020][ T5840] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (5840) [ 59.427944][ T5843] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 59.447518][ T5843] BTRFS info (device loop2): using free-space-tree [ 59.459222][ T5844] BTRFS: device /dev/loop4 (7:4) using temp-fsid a5245226-b64c-4476-96df-990dcd9865c9 [ 59.469740][ T5840] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.470018][ T5844] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (5844) [ 59.496601][ T5840] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 59.506332][ T5840] BTRFS info (device loop0): using free-space-tree [ 59.516474][ T5841] BTRFS: device /dev/loop3 (7:3) using temp-fsid 505686f1-4367-4c0b-b8d7-621d03f6ac7a [ 59.527722][ T5844] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.538931][ T5841] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (5841) [ 59.552625][ T5844] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 59.563612][ T5844] BTRFS info (device loop4): using free-space-tree [ 59.593956][ T5841] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5841] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5842] <... mount resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] chdir("./file0") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_CLR_FD) = 0 [pid 5842] close(4) = 0 [ 59.605077][ T5841] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 59.615154][ T5841] BTRFS info (device loop3): using free-space-tree [pid 5842] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5842] memfd_create("syzkaller", 0 [pid 5834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... memfd_create resumed>) = 4 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5843] <... mount resumed>) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5841] <... mount resumed>) = 0 [pid 5840] <... mount resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5843] chdir("./file0" [pid 5841] <... openat resumed>) = 3 [pid 5843] <... chdir resumed>) = 0 [pid 5841] chdir("./file0" [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] <... chdir resumed>) = 0 [pid 5844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5843] <... openat resumed>) = 4 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5844] <... openat resumed>) = 3 [pid 5843] ioctl(4, LOOP_CLR_FD [pid 5841] <... openat resumed>) = 4 [pid 5840] <... openat resumed>) = 3 [pid 5844] chdir("./file0" [pid 5843] <... ioctl resumed>) = 0 [pid 5841] ioctl(4, LOOP_CLR_FD [pid 5844] <... chdir resumed>) = 0 [pid 5843] close(4 [pid 5840] chdir("./file0" [pid 5844] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5843] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5844] <... openat resumed>) = 4 [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] close(4 [pid 5844] ioctl(4, LOOP_CLR_FD [pid 5843] <... futex resumed>) = 1 [pid 5841] <... close resumed>) = 0 [pid 5840] <... chdir resumed>) = 0 [pid 5844] <... ioctl resumed>) = 0 [pid 5843] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5844] close(4 [pid 5841] <... futex resumed>) = 1 [pid 5840] <... openat resumed>) = 4 [pid 5836] <... futex resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5841] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] ioctl(4, LOOP_CLR_FD [pid 5836] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5837] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5840] <... ioctl resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] memfd_create("syzkaller", 0 [pid 5841] memfd_create("syzkaller", 0 [pid 5840] close(4 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... memfd_create resumed>) = 4 [pid 5843] <... futex resumed>) = 0 [pid 5841] <... memfd_create resumed>) = 4 [pid 5837] <... futex resumed>) = 1 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] memfd_create("syzkaller", 0 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... close resumed>) = 0 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... mmap resumed>) = 0x7fb775000000 [pid 5843] <... memfd_create resumed>) = 4 [pid 5841] <... mmap resumed>) = 0x7fb775000000 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... futex resumed>) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] <... mmap resumed>) = 0x7fb775000000 [pid 5840] memfd_create("syzkaller", 0) = 4 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5842] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5844] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5841] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5840] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5842] <... write resumed>) = 16777216 [pid 5842] munmap(0x7fb775000000, 138412032) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 5842] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5842] ioctl(5, LOOP_CLR_FD) = 0 [pid 5842] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5842] close(5) = 0 [pid 5842] close(4 [pid 5841] <... write resumed>) = 16777216 [pid 5844] <... write resumed>) = 16777216 [pid 5843] <... write resumed>) = 16777216 [pid 5844] munmap(0x7fb775000000, 138412032 [pid 5843] munmap(0x7fb775000000, 138412032 [pid 5841] munmap(0x7fb775000000, 138412032 [pid 5840] <... write resumed>) = 16777216 [pid 5840] munmap(0x7fb775000000, 138412032 [pid 5841] <... munmap resumed>) = 0 [pid 5844] <... munmap resumed>) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 5844] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5844] ioctl(5, LOOP_CLR_FD) = 0 [pid 5843] <... munmap resumed>) = 0 [pid 5844] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5840] <... munmap resumed>) = 0 [pid 5844] close(5) = 0 [pid 5844] close(4 [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] <... openat resumed>) = 5 [pid 5843] ioctl(5, LOOP_SET_FD, 4 [pid 5841] <... openat resumed>) = 5 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] ioctl(5, LOOP_SET_FD, 4 [pid 5840] <... openat resumed>) = 5 [pid 5843] ioctl(5, LOOP_CLR_FD [pid 5841] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] ioctl(5, LOOP_SET_FD, 4 [pid 5843] <... ioctl resumed>) = 0 [pid 5841] ioctl(5, LOOP_CLR_FD) = 0 [pid 5840] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] ioctl(5, LOOP_CLR_FD) = 0 [pid 5843] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5843] close(5 [pid 5841] ioctl(5, LOOP_SET_FD, 4 [pid 5840] ioctl(5, LOOP_SET_FD, 4 [pid 5843] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] close(4 [pid 5841] close(5 [pid 5840] close(5 [pid 5841] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] close(4 [pid 5840] close(4 [pid 5842] <... close resumed>) = 0 [pid 5842] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5842] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5842] rename("./file1", "./file0/file0" [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 5834] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 5935 attached => {parent_tid=[5935]}, 88) = 5935 [pid 5935] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... rseq resumed>) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] set_robust_list(0x7fb77d5e09a0, 24 [pid 5834] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] mkdir(".", 0777) = -1 EEXIST (File exists) [ 61.053649][ T5935] ======================================================= [ 61.053649][ T5935] WARNING: The mand mount option has been deprecated and [ 61.053649][ T5935] and is ignored by this kernel. Remove the mand [ 61.053649][ T5935] option from the mount to silence this warning. [ 61.053649][ T5935] ======================================================= [pid 5935] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5842] <... rename resumed>) = 0 [pid 5842] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... close resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... close resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... close resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5841] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 1 [pid 5841] <... futex resumed>) = 1 [pid 5840] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] rename("./file1", "./file0/file0" [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5840] rename("./file1", "./file0/file0" [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5844] rename("./file1", "./file0/file0" [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... rename resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... rename resumed>) = 0 [pid 5840] mkdir(".", 0777 [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5844] <... futex resumed>) = 1 [pid 5840] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5838] <... futex resumed>) = 0 [ 61.312027][ T5935] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5843] <... futex resumed>) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 0 [pid 5836] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] mkdir(".", 0777 [pid 5843] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... rename resumed>) = 0 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... mmap resumed>) = 0x7fb77d5c0000 [pid 5836] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 5844] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5841] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5844] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5841] <... futex resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] rename("./file1", "./file0/file0" [pid 5836] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5939 attached ) = 0 [pid 5836] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [ 61.368343][ T5935] BTRFS info (device loop1 state M): setting nodatasum [ 61.404569][ T5935] BTRFS info (device loop1 state M): setting nodatasum [pid 5939] set_robust_list(0x7fb77d5e09a0, 24 [pid 5843] <... rename resumed>) = 0 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5939] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5843] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] <... futex resumed>) = 0 [pid 5939] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5843] mkdir(".", 0777 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] <... mkdir resumed>) = -1 EEXIST (File exists) [ 61.406335][ T5840] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 61.428768][ T5844] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 61.446145][ T5935] BTRFS info (device loop1 state M): turning off barriers [ 61.464680][ T5840] BTRFS info (device loop0 state M): setting nodatasum [ 61.483500][ T5939] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 61.495407][ T5843] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 61.501756][ T5844] BTRFS info (device loop4 state M): setting nodatasum [ 61.506650][ T5843] BTRFS info (device loop2 state M): setting nodatasum [ 61.515878][ T5935] BTRFS info (device loop1 state M): turning on flush-on-commit [ 61.520443][ T5843] BTRFS info (device loop2 state M): setting nodatasum [ 61.531898][ T5840] BTRFS info (device loop0 state M): setting nodatasum [ 61.535070][ T5843] BTRFS info (device loop2 state M): turning off barriers [ 61.549107][ T5843] BTRFS info (device loop2 state M): turning on flush-on-commit [ 61.557083][ T5843] BTRFS info (device loop2 state M): force clearing of disk cache [ 61.565207][ T5843] BTRFS info (device loop2 state M): doing ref verification [ 61.571751][ T5939] BTRFS info (device loop3 state M): setting nodatasum [ 61.572760][ T5843] BTRFS info (device loop2 state M): max_inline set to 26856 [ 61.579337][ T5939] BTRFS info (device loop3 state M): setting nodatasum [ 61.593618][ T5844] BTRFS info (device loop4 state M): setting nodatasum [ 61.600535][ T5844] BTRFS info (device loop4 state M): turning off barriers [ 61.608170][ T5935] BTRFS info (device loop1 state M): force clearing of disk cache [pid 5843] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5935] <... mount resumed>) = 0 [pid 5935] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5843] <... mount resumed>) = 0 [pid 5935] <... openat resumed>) = 4 [ 61.616180][ T5840] BTRFS info (device loop0 state M): turning off barriers [ 61.623348][ T5935] BTRFS info (device loop1 state M): doing ref verification [ 61.623371][ T5935] BTRFS info (device loop1 state M): max_inline set to 26856 [ 61.630752][ T5844] BTRFS info (device loop4 state M): turning on flush-on-commit [ 61.647309][ T5844] BTRFS info (device loop4 state M): force clearing of disk cache [ 61.656093][ T5844] BTRFS info (device loop4 state M): doing ref verification [pid 5843] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5935] chdir("." [pid 5844] <... mount resumed>) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5843] chdir("." [pid 5935] <... chdir resumed>) = 0 [pid 5935] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5843] <... chdir resumed>) = 0 [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 1 [pid 5844] <... openat resumed>) = 4 [pid 5843] <... futex resumed>) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 0 [pid 5837] exit_group(0) = ? [ 61.664699][ T5844] BTRFS info (device loop4 state M): max_inline set to 26856 [ 61.672531][ T5939] BTRFS info (device loop3 state M): turning off barriers [ 61.679743][ T5939] BTRFS info (device loop3 state M): turning on flush-on-commit [ 61.688134][ T5939] BTRFS info (device loop3 state M): force clearing of disk cache [ 61.696992][ T5939] BTRFS info (device loop3 state M): doing ref verification [ 61.710749][ T5939] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5939] <... mount resumed>) = 0 [pid 5935] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] chdir("." [pid 5834] exit_group(0 [pid 5843] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ [pid 5844] <... chdir resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=67 /* 0.67 s */} --- [pid 5834] <... exit_group resumed>) = ? [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = ? [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5935] <... futex resumed>) = ? [pid 5844] <... futex resumed>) = 1 [pid 5842] +++ exited with 0 +++ [pid 5838] <... futex resumed>) = 0 [pid 5844] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] exit_group(0) = ? [pid 5935] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ [pid 5844] <... futex resumed>) = ? [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=58 /* 0.58 s */} --- [pid 5844] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5939] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=63 /* 0.63 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5939] <... openat resumed>) = 4 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5939] chdir("." [pid 5833] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./0/binderfs" [pid 5939] <... chdir resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5939] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] newfstatat(3, "", [pid 5830] newfstatat(3, "", [pid 5939] <... futex resumed>) = 1 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5939] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5836] exit_group(0) = ? [pid 5841] <... futex resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5939] <... futex resumed>) = ? [pid 5830] getdents64(3, [pid 5939] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=59 /* 0.59 s */} --- [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] getdents64(3, [pid 5830] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [ 61.719637][ T5840] BTRFS info (device loop0 state M): turning on flush-on-commit [ 61.739235][ T5840] BTRFS info (device loop0 state M): force clearing of disk cache [ 61.750100][ T5840] BTRFS info (device loop0 state M): doing ref verification [ 61.759830][ T5833] BTRFS info (device loop4): last unmount of filesystem a5245226-b64c-4476-96df-990dcd9865c9 [pid 5830] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5831] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./0/binderfs") = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./0/binderfs" [pid 5840] <... mount resumed>) = 0 [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5830] <... unlink resumed>) = 0 [pid 5840] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./0/binderfs" [pid 5840] <... openat resumed>) = 4 [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] chdir(".") = 0 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] exit_group(0) = ? [pid 5840] <... futex resumed>) = ? [pid 5840] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=73 /* 0.73 s */} --- [pid 5829] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 61.784349][ T5840] BTRFS info (device loop0 state M): max_inline set to 26856 [ 61.796197][ T5832] BTRFS info (device loop3): last unmount of filesystem 505686f1-4367-4c0b-b8d7-621d03f6ac7a [ 61.810198][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 61.821359][ T5831] BTRFS info (device loop2): last unmount of filesystem eba9269b-305b-4bf3-b40a-abc74c12b92d [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./0/binderfs") = 0 [ 61.899781][ T5829] BTRFS info (device loop0): last unmount of filesystem b2939d16-c039-4d41-b819-37fdd6959c81 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./0/file0") = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./0" [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./0/file0", [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./0/file0", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./0/file0", [pid 5830] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, [pid 5833] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 4 [pid 5830] getdents64(4, [pid 5833] newfstatat(4, "", [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./0/file0" [pid 5833] getdents64(4, [pid 5832] newfstatat(4, "", [pid 5830] <... rmdir resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5833] getdents64(4, [pid 5832] getdents64(4, [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] mkdir("./1", 0777 [pid 5833] close(4 [pid 5831] <... mkdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./0/file0") = 0 [pid 5832] getdents64(4, [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] getdents64(3, [pid 5833] getdents64(3, [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] close(3 [pid 5833] close(3 [pid 5832] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] rmdir("./0/file0" [pid 5830] rmdir("./0" [pid 5833] rmdir("./0" [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] getdents64(3, [pid 5830] mkdir("./1", 0777 [pid 5833] mkdir("./1", 0777 [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5940 attached [pid 5833] <... mkdir resumed>) = 0 [pid 5832] close(3 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 5940 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./0") = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] mkdir("./1", 0777 [pid 5940] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] close(3 [pid 5833] close(3 [pid 5830] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5940] <... set_robust_list resumed>) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5941 attached [pid 5832] close(3) = 0 [pid 5942] set_robust_list(0x55558bffa6a0, 24 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5943 attached [pid 5941] set_robust_list(0x55558bffa6a0, 24 [pid 5940] chdir("./1" [pid 5943] set_robust_list(0x55558bffa6a0, 24 [pid 5942] <... set_robust_list resumed>) = 0 [pid 5941] <... set_robust_list resumed>) = 0 [pid 5940] <... chdir resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 5942 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 5941 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5941] chdir("./1" [pid 5940] <... prctl resumed>) = 0 [pid 5940] setpgid(0, 0 [pid 5941] <... chdir resumed>) = 0 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] chdir("./1") = 0 [pid 5943] chdir("./1") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5940] <... setpgid resumed>) = 0 [pid 5942] <... prctl resumed>) = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 5943 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5942] setpgid(0, 0 [pid 5943] <... prctl resumed>) = 0 [pid 5941] <... prctl resumed>) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] setpgid(0, 0 [pid 5942] <... setpgid resumed>) = 0 [pid 5943] <... setpgid resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5941] setpgid(0, 0 [pid 5940] <... openat resumed>) = 3 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5942] <... openat resumed>) = 3 [pid 5941] <... setpgid resumed>) = 0 [pid 5943] <... openat resumed>) = 3 [pid 5940] write(3, "1000", 4 [pid 5943] write(3, "1000", 4) = 4 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5940] <... write resumed>) = 4 [pid 5943] close(3) = 0 [pid 5941] <... openat resumed>) = 3 [pid 5940] close(3 [pid 5941] write(3, "1000", 4 [pid 5942] write(3, "1000", 4 [pid 5941] <... write resumed>) = 4 [pid 5940] <... close resumed>) = 0 [pid 5941] close(3 [pid 5940] symlink("/dev/binderfs", "./binderfs" [pid 5941] <... close resumed>) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... write resumed>) = 4 [pid 5942] close(3 [pid 5941] symlink("/dev/binderfs", "./binderfs" [pid 5940] <... symlink resumed>) = 0 executing program executing program [pid 5943] <... symlink resumed>) = 0 [pid 5942] <... close resumed>) = 0 [pid 5941] <... symlink resumed>) = 0 [pid 5940] write(1, "executing program\n", 18 [pid 5941] write(1, "executing program\n", 18 [pid 5940] <... write resumed>) = 18 [pid 5941] <... write resumed>) = 18 [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] symlink("/dev/binderfs", "./binderfs" [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = 0 [pid 5942] <... symlink resumed>) = 0 [pid 5940] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, executing program [pid 5943] write(1, "executing program\n", 18executing program [pid 5940] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5943] <... write resumed>) = 18 [pid 5942] write(1, "executing program\n", 18 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... write resumed>) = 18 [pid 5940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5943] <... futex resumed>) = 0 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5942] <... futex resumed>) = 0 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5942] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5940] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5940] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] <... mprotect resumed>) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5942] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5943] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5942] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5943] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5942] <... mprotect resumed>) = 0 [pid 5943] <... mprotect resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5942] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5943] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 5944 attached [pid 5943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5940] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5945 attached [pid 5941] <... futex resumed>) = 0 [pid 5944] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5944]}, 88) = 5944 [pid 5944] <... rseq resumed>) = 0 [pid 5943] <... clone3 resumed> => {parent_tid=[5945]}, 88) = 5945 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5944] set_robust_list(0x7fb77d6019a0, 24 [pid 5941] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5940] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] memfd_create("syzkaller", 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... futex resumed>) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5944] <... memfd_create resumed>) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5941] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5945] <... rseq resumed>) = 0 [pid 5941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5945] set_robust_list(0x7fb77d6019a0, 24 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] <... mmap resumed>) = 0x7fb77d5e1000 ./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5945] memfd_create("syzkaller", 0 [pid 5941] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5940] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5946] <... rseq resumed>) = 0 [pid 5941] <... mprotect resumed>) = 0 [pid 5945] <... memfd_create resumed>) = 3 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] set_robust_list(0x7fb77d6019a0, 24 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... mmap resumed>) = 0x7fb775000000 [pid 5941] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5947 attached [pid 5946] memfd_create("syzkaller", 0 [pid 5947] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5941] <... clone3 resumed> => {parent_tid=[5947]}, 88) = 5947 [pid 5947] <... rseq resumed>) = 0 [pid 5946] <... memfd_create resumed>) = 3 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5947] set_robust_list(0x7fb77d6019a0, 24 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... futex resumed>) = 0 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5947] memfd_create("syzkaller", 0 [pid 5829] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5947] <... memfd_create resumed>) = 3 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] getdents64(4, [pid 5947] <... mmap resumed>) = 0x7fb775000000 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./0/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./0") = 0 [pid 5829] mkdir("./1", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 5948 ./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5948] chdir("./1") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] write(1, "executing program\n", 18) = 18 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 5948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 5948] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 5949 attached => {parent_tid=[5949]}, 88) = 5949 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 5949] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5946] <... write resumed>) = 16777216 [pid 5946] munmap(0x7fb775000000, 138412032 [pid 5944] <... write resumed>) = 16777216 [pid 5946] <... munmap resumed>) = 0 [pid 5945] <... write resumed>) = 16777216 [pid 5944] munmap(0x7fb775000000, 138412032 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5944] <... munmap resumed>) = 0 [pid 5949] <... write resumed>) = 16777216 [pid 5946] <... openat resumed>) = 4 [pid 5945] munmap(0x7fb775000000, 138412032 [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5944] <... openat resumed>) = 4 [pid 5949] munmap(0x7fb775000000, 138412032 [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5946] <... ioctl resumed>) = 0 [pid 5947] <... write resumed>) = 16777216 [pid 5945] <... munmap resumed>) = 0 [pid 5944] <... ioctl resumed>) = 0 [pid 5949] <... munmap resumed>) = 0 [pid 5947] munmap(0x7fb775000000, 138412032 [pid 5946] close(3 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5944] close(3 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5946] <... close resumed>) = 0 [pid 5945] <... openat resumed>) = 4 [pid 5944] <... close resumed>) = 0 [pid 5949] <... openat resumed>) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5944] close(4 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5946] close(4) = 0 [pid 5944] <... close resumed>) = 0 [pid 5944] mkdir("./file0", 0777) = 0 [ 63.036035][ T5946] loop2: detected capacity change from 0 to 32768 [ 63.043701][ T5944] loop4: detected capacity change from 0 to 32768 [ 63.058609][ T5945] loop3: detected capacity change from 0 to 32768 [ 63.065725][ T5949] loop0: detected capacity change from 0 to 32768 [pid 5944] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5945] <... ioctl resumed>) = 0 [pid 5949] <... ioctl resumed>) = 0 [pid 5947] <... munmap resumed>) = 0 [pid 5946] mkdir("./file0", 0777 [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5945] close(3 [pid 5947] <... openat resumed>) = 4 [pid 5945] <... close resumed>) = 0 [pid 5947] ioctl(4, LOOP_SET_FD, 3 [pid 5945] close(4 [pid 5949] close(3 [pid 5946] <... mkdir resumed>) = 0 [pid 5945] <... close resumed>) = 0 [pid 5949] <... close resumed>) = 0 [pid 5945] mkdir("./file0", 0777 [pid 5949] close(4 [pid 5945] <... mkdir resumed>) = 0 [pid 5946] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5949] <... close resumed>) = 0 [pid 5945] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5949] mkdir("./file0", 0777) = 0 [pid 5949] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5947] <... ioctl resumed>) = 0 [pid 5947] close(3) = 0 [pid 5947] close(4) = 0 [pid 5947] mkdir("./file0", 0777) = 0 [ 63.075831][ T5944] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (5944) [ 63.093296][ T5947] loop1: detected capacity change from 0 to 32768 [ 63.112991][ T5945] BTRFS: device /dev/loop3 (7:3) using temp-fsid c2114a83-e7d6-483c-acce-85b519638f12 [ 63.127048][ T5944] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.127402][ T5945] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (5945) [ 63.150811][ T5944] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 63.164966][ T5946] BTRFS: device /dev/loop2 (7:2) using temp-fsid df24d4d1-166a-4b76-b073-c7fe267752b9 [ 63.175988][ T5945] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.187819][ T5944] BTRFS info (device loop4): using free-space-tree [ 63.195093][ T5946] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (5946) [ 63.211249][ T5945] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 63.221284][ T5945] BTRFS info (device loop3): using free-space-tree [ 63.229456][ T5946] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.233944][ T5949] BTRFS: device /dev/loop0 (7:0) using temp-fsid a510a99e-7a66-4216-8020-332ea989bdc2 [ 63.240894][ T5946] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 63.251355][ T5949] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (5949) [ 63.260129][ T5946] BTRFS info (device loop2): using free-space-tree [ 63.279497][ T5947] BTRFS: device /dev/loop1 (7:1) using temp-fsid 5adf2d01-46cc-40d0-876a-a348388c17a2 [ 63.295222][ T5947] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (5947) [ 63.308731][ T5949] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.320669][ T5949] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 63.333537][ T5947] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.351669][ T5949] BTRFS info (device loop0): using free-space-tree [ 63.360885][ T5947] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 63.387044][ T5947] BTRFS info (device loop1): using free-space-tree [pid 5947] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5944] <... mount resumed>) = 0 [pid 5944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5944] chdir("./file0") = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5944] ioctl(4, LOOP_CLR_FD) = 0 [pid 5944] close(4) = 0 [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5944] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5944] memfd_create("syzkaller", 0 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5944] <... memfd_create resumed>) = 4 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5945] <... mount resumed>) = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file0") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_CLR_FD) = 0 [pid 5945] close(4) = 0 [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5945] memfd_create("syzkaller", 0) = 4 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... mount resumed>) = 0 [pid 5946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./file0") = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_CLR_FD) = 0 [pid 5946] close(4) = 0 [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 1 [pid 5946] memfd_create("syzkaller", 0 [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... memfd_create resumed>) = 4 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5949] <... mount resumed>) = 0 [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file0") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_CLR_FD) = 0 [pid 5949] close(4) = 0 [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] memfd_create("syzkaller", 0 [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... memfd_create resumed>) = 4 [pid 5948] <... futex resumed>) = 0 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... mmap resumed>) = 0x7fb775000000 [pid 5945] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5947] <... mount resumed>) = 0 [pid 5947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5947] chdir("./file0") = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_CLR_FD) = 0 [pid 5947] close(4) = 0 [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5947] memfd_create("syzkaller", 0 [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5947] <... memfd_create resumed>) = 4 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5946] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5944] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5949] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5947] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5946] <... write resumed>) = 16777216 [pid 5946] munmap(0x7fb775000000, 138412032) = 0 [pid 5944] <... write resumed>) = 16777216 [pid 5945] <... write resumed>) = 16777216 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5944] munmap(0x7fb775000000, 138412032 [pid 5946] <... openat resumed>) = 5 [pid 5945] munmap(0x7fb775000000, 138412032 [pid 5946] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5946] ioctl(5, LOOP_CLR_FD) = 0 [pid 5945] <... munmap resumed>) = 0 [pid 5946] ioctl(5, LOOP_SET_FD, 4 [pid 5944] <... munmap resumed>) = 0 [pid 5946] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5946] close(5 [pid 5944] <... openat resumed>) = 5 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5944] ioctl(5, LOOP_SET_FD, 4 [pid 5946] <... close resumed>) = 0 [pid 5946] close(4 [pid 5945] <... openat resumed>) = 5 [pid 5944] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5945] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5945] ioctl(5, LOOP_CLR_FD) = 0 [pid 5944] ioctl(5, LOOP_CLR_FD) = 0 [pid 5945] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5945] close(5) = 0 [pid 5944] ioctl(5, LOOP_SET_FD, 4 [pid 5945] close(4 [pid 5944] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5944] close(5) = 0 [pid 5944] close(4 [pid 5947] <... write resumed>) = 16777216 [pid 5949] <... write resumed>) = 16777216 [pid 5946] <... close resumed>) = 0 [pid 5947] munmap(0x7fb775000000, 138412032 [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... munmap resumed>) = 0 [pid 5949] munmap(0x7fb775000000, 138412032 [pid 5945] <... close resumed>) = 0 [pid 5944] <... close resumed>) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 1 [pid 5946] rename("./file1", "./file0/file0" [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5947] ioctl(5, LOOP_SET_FD, 4 [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] rename("./file1", "./file0/file0" [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5946] <... rename resumed>) = 0 [pid 5945] rename("./file1", "./file0/file0" [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5947] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] ioctl(5, LOOP_CLR_FD [pid 5946] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... ioctl resumed>) = 0 [pid 5946] mkdir(".", 0777 [pid 5940] <... futex resumed>) = 0 [pid 5946] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5946] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5947] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5947] close(5) = 0 [pid 5947] close(4 [pid 5949] <... munmap resumed>) = 0 [pid 5945] <... rename resumed>) = 0 [pid 5944] <... rename resumed>) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5945] mkdir(".", 0777 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] <... futex resumed>) = 0 [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] mkdir(".", 0777 [pid 5942] <... futex resumed>) = 0 [pid 5944] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... openat resumed>) = 5 [pid 5945] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5944] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5945] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5949] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5949] ioctl(5, LOOP_CLR_FD) = 0 [ 64.750117][ T5946] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5949] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 64.803451][ T5946] BTRFS info (device loop2 state M): setting nodatasum [ 64.815493][ T5945] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 64.839603][ T5946] BTRFS info (device loop2 state M): setting nodatasum [pid 5949] close(5) = 0 [ 64.851242][ T5944] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 64.871612][ T5945] BTRFS info (device loop3 state M): setting nodatasum [ 64.878576][ T5945] BTRFS info (device loop3 state M): setting nodatasum [ 64.890355][ T5946] BTRFS info (device loop2 state M): turning off barriers [ 64.920156][ T5944] BTRFS info (device loop4 state M): setting nodatasum [ 64.939511][ T5946] BTRFS info (device loop2 state M): turning on flush-on-commit [ 64.939535][ T5945] BTRFS info (device loop3 state M): turning off barriers [ 64.962107][ T5944] BTRFS info (device loop4 state M): setting nodatasum [ 64.983744][ T5946] BTRFS info (device loop2 state M): force clearing of disk cache [ 65.002111][ T5944] BTRFS info (device loop4 state M): turning off barriers [ 65.023072][ T5945] BTRFS info (device loop3 state M): turning on flush-on-commit [ 65.030766][ T5945] BTRFS info (device loop3 state M): force clearing of disk cache [ 65.041865][ T5946] BTRFS info (device loop2 state M): doing ref verification [ 65.049196][ T5946] BTRFS info (device loop2 state M): max_inline set to 26856 [ 65.057100][ T5944] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 5949] close(4 [pid 5946] <... mount resumed>) = 0 [pid 5946] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5947] <... close resumed>) = 0 [pid 5946] <... openat resumed>) = 4 [ 65.091596][ T5944] BTRFS info (device loop4 state M): force clearing of disk cache [ 65.096760][ T5945] BTRFS info (device loop3 state M): doing ref verification [ 65.112943][ T5944] BTRFS info (device loop4 state M): doing ref verification [pid 5946] chdir("." [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... chdir resumed>) = 0 [pid 5944] <... mount resumed>) = 0 [pid 5941] <... futex resumed>) = 0 [pid 5947] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5941] <... futex resumed>) = 0 [pid 5947] rename("./file1", "./file0/file0" [pid 5946] <... futex resumed>) = 1 [pid 5944] <... openat resumed>) = 4 [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... futex resumed>) = 0 [pid 5946] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] chdir("." [pid 5940] exit_group(0 [pid 5944] <... chdir resumed>) = 0 [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5949] <... close resumed>) = 0 [pid 5947] <... rename resumed>) = 0 [pid 5946] <... futex resumed>) = ? [pid 5944] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] exit_group(0 [pid 5940] <... exit_group resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5944] <... futex resumed>) = ? [pid 5942] <... exit_group resumed>) = ? [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ [pid 5947] <... futex resumed>) = 1 [pid 5945] <... mount resumed>) = 0 [pid 5942] +++ exited with 0 +++ [pid 5941] <... futex resumed>) = 0 [pid 5947] mkdir(".", 0777 [pid 5945] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=77 /* 0.77 s */} --- [pid 5947] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5945] <... openat resumed>) = 4 [pid 5941] <... futex resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=59 /* 0.59 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5947] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5945] chdir("." [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] <... chdir resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... restart_syscall resumed>) = 0 [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5945] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] exit_group(0 [pid 5945] <... futex resumed>) = ? [pid 5943] <... exit_group resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5943] +++ exited with 0 +++ [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=64 /* 0.64 s */} --- [ 65.141746][ T5944] BTRFS info (device loop4 state M): max_inline set to 26856 [ 65.149311][ T5945] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5831] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] newfstatat(3, "", [pid 5832] <... openat resumed>) = 3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] newfstatat(3, "", [pid 5833] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(3, [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5833] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5948] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5831] <... openat resumed>) = 3 [pid 5949] rename("./file1", "./file0/file0" [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./1/binderfs" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(3, "", [pid 5833] <... unlink resumed>) = 0 [pid 5832] unlink("./1/binderfs" [pid 5833] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 65.202993][ T5947] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 65.225715][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 65.237556][ T5832] BTRFS info (device loop3): last unmount of filesystem c2114a83-e7d6-483c-acce-85b519638f12 [pid 5831] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./1/binderfs" [pid 5949] <... rename resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] mkdir(".", 0777) = -1 EEXIST (File exists) [ 65.241849][ T5947] BTRFS info (device loop1 state M): setting nodatasum [ 65.267939][ T5831] BTRFS info (device loop2): last unmount of filesystem df24d4d1-166a-4b76-b073-c7fe267752b9 [ 65.282040][ T5947] BTRFS info (device loop1 state M): setting nodatasum [ 65.289604][ T5947] BTRFS info (device loop1 state M): turning off barriers [ 65.299462][ T5947] BTRFS info (device loop1 state M): turning on flush-on-commit [ 65.338147][ T5947] BTRFS info (device loop1 state M): force clearing of disk cache [ 65.345791][ T5949] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 65.357079][ T5947] BTRFS info (device loop1 state M): doing ref verification [ 65.358261][ T5949] BTRFS info (device loop0 state M): setting nodatasum [pid 5949] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5947] <... mount resumed>) = 0 [pid 5947] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5947] chdir(".") = 0 [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5947] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] exit_group(0 [pid 5947] <... futex resumed>) = ? [pid 5941] <... exit_group resumed>) = ? [pid 5947] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=63 /* 0.63 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./1/binderfs") = 0 [ 65.402022][ T5947] BTRFS info (device loop1 state M): max_inline set to 26856 [ 65.441254][ T5949] BTRFS info (device loop0 state M): setting nodatasum [ 65.472309][ T5830] BTRFS info (device loop1): last unmount of filesystem 5adf2d01-46cc-40d0-876a-a348388c17a2 [ 65.490018][ T5949] BTRFS info (device loop0 state M): turning off barriers [ 65.520631][ T5949] BTRFS info (device loop0 state M): turning on flush-on-commit [ 65.541667][ T5949] BTRFS info (device loop0 state M): force clearing of disk cache [ 65.555424][ T5949] BTRFS info (device loop0 state M): doing ref verification [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] <... mount resumed>) = 0 [pid 5949] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5949] chdir(".") = 0 [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] exit_group(0 [pid 5949] <... futex resumed>) = ? [pid 5948] <... exit_group resumed>) = ? [pid 5949] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=60 /* 0.60 s */} --- [pid 5832] newfstatat(AT_FDCWD, "./1/file0", [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 65.576821][ T5949] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 5832] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(4, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./1/file0", [pid 5829] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./1/file0", [pid 5829] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5831] newfstatat(4, "", [pid 5829] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] getdents64(4, [pid 5829] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5829] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] unlink("./1/binderfs" [pid 5831] rmdir("./1/file0" [pid 5833] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... unlink resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(4 [pid 5831] getdents64(3, [pid 5833] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] newfstatat(4, "", [pid 5832] rmdir("./1/file0" [pid 5831] close(3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./1/file0") = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] rmdir("./1" [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] close(3 [pid 5833] getdents64(3, [pid 5831] mkdir("./2", 0777 [pid 5832] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./1" [pid 5833] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] mkdir("./2", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5833] rmdir("./1" [pid 5832] <... mkdir resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] mkdir("./2", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] close(3./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6036] chdir("./2" [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6036 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... close resumed>) = 0 [pid 5832] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6036] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 6037 attached [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6037] set_robust_list(0x55558bffa6a0, 24 [pid 6036] <... openat resumed>) = 3 [pid 6036] write(3, "1000", 4./strace-static-x86_64: Process 6038 attached [pid 6037] <... set_robust_list resumed>) = 0 [pid 6036] <... write resumed>) = 4 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6037 [pid 6037] chdir("./2" [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6038 [pid 6038] set_robust_list(0x55558bffa6a0, 24 [pid 6036] close(3 [pid 6038] <... set_robust_list resumed>) = 0 [pid 6037] <... chdir resumed>) = 0 [pid 6036] <... close resumed>) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs" [pid 6038] chdir("./2" [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6038] <... chdir resumed>) = 0 [pid 6037] <... prctl resumed>) = 0 [pid 6036] <... symlink resumed>) = 0 [ 65.686667][ T5829] BTRFS info (device loop0): last unmount of filesystem a510a99e-7a66-4216-8020-332ea989bdc2 executing program [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6037] setpgid(0, 0 [pid 6038] <... prctl resumed>) = 0 [pid 6037] <... setpgid resumed>) = 0 [pid 6038] setpgid(0, 0 [pid 6036] write(1, "executing program\n", 18) = 18 [pid 6038] <... setpgid resumed>) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6037] <... openat resumed>) = 3 [pid 6036] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6036] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6038] <... openat resumed>) = 3 [pid 6037] write(3, "1000", 4 [pid 6036] <... mprotect resumed>) = 0 [pid 6038] write(3, "1000", 4 [pid 6037] <... write resumed>) = 4 [pid 6038] <... write resumed>) = 4 [pid 6037] close(3 [pid 6038] close(3 [pid 6037] <... close resumed>) = 0 [pid 6038] <... close resumed>) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 6037] symlink("/dev/binderfs", "./binderfs" [pid 6038] <... symlink resumed>) = 0 [pid 6037] <... symlink resumed>) = 0 [pid 6036] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 6038] write(1, "executing program\n", 18 [pid 6036] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6038] <... write resumed>) = 18 [pid 6036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6039 attached [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 0 [pid 6037] write(1, "executing program\n", 18 [pid 6036] <... clone3 resumed> => {parent_tid=[6039]}, 88) = 6039 [pid 6038] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6037] <... write resumed>) = 18 [pid 6039] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6038] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... rseq resumed>) = 0 [pid 6039] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6038] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6037] <... futex resumed>) = 0 [pid 6036] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6039] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6037] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6038] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6039] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6038] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6038] <... mprotect resumed>) = 0 [pid 6037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6036] <... futex resumed>) = 1 [pid 6039] memfd_create("syzkaller", 0 [pid 6038] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6037] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] <... memfd_create resumed>) = 3 [pid 6038] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6037] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6037] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6040 attached [pid 6038] <... clone3 resumed> => {parent_tid=[6040]}, 88) = 6040 [pid 6037] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6041 attached [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6037] <... clone3 resumed> => {parent_tid=[6041]}, 88) = 6041 [pid 6041] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6040] set_robust_list(0x7fb77d6019a0, 24 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] <... rseq resumed>) = 0 [pid 6040] <... set_robust_list resumed>) = 0 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] set_robust_list(0x7fb77d6019a0, 24 [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] <... set_robust_list resumed>) = 0 [pid 6040] memfd_create("syzkaller", 0 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... memfd_create resumed>) = 3 [pid 6041] memfd_create("syzkaller", 0 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6037] <... futex resumed>) = 0 [pid 6041] <... memfd_create resumed>) = 3 [pid 6040] <... mmap resumed>) = 0x7fb775000000 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] <... mmap resumed>) = 0x7fb775000000 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./1/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./1") = 0 [pid 5830] mkdir("./2", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached , child_tidptr=0x55558bffa690) = 6042 [pid 6042] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6042] chdir("./2") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6042] write(1, "executing program\n", 18) = 18 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6042] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6043 attached => {parent_tid=[6043]}, 88) = 6043 [pid 6043] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] <... rseq resumed>) = 0 [pid 6043] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... umount2 resumed>) = 0 [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6043] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6042] <... futex resumed>) = 0 [pid 6043] memfd_create("syzkaller", 0 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6043] <... memfd_create resumed>) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./1/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./1") = 0 [pid 5829] mkdir("./2", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6044 attached , child_tidptr=0x55558bffa690) = 6044 [pid 6044] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6044] chdir("./2") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6044] setpgid(0, 0) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6044] write(3, "1000", 4) = 4 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6044] close(3) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6044] write(1, "executing program\n", 18) = 18 [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6044] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6045 attached => {parent_tid=[6045]}, 88) = 6045 [pid 6045] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6045] <... rseq resumed>) = 0 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] set_robust_list(0x7fb77d6019a0, 24 [pid 6044] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... set_robust_list resumed>) = 0 [pid 6044] <... futex resumed>) = 0 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] memfd_create("syzkaller", 0) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6041] <... write resumed>) = 16777216 [pid 6041] munmap(0x7fb775000000, 138412032) = 0 [pid 6039] <... write resumed>) = 16777216 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6039] munmap(0x7fb775000000, 138412032 [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6039] <... munmap resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3 [pid 6041] <... ioctl resumed>) = 0 [pid 6041] close(3) = 0 [pid 6041] close(4) = 0 [pid 6041] mkdir("./file0", 0777 [pid 6040] <... write resumed>) = 16777216 [pid 6041] <... mkdir resumed>) = 0 [pid 6039] <... ioctl resumed>) = 0 [pid 6041] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6040] munmap(0x7fb775000000, 138412032 [ 66.522214][ T6041] loop2: detected capacity change from 0 to 32768 [ 66.540510][ T6039] loop4: detected capacity change from 0 to 32768 [pid 6039] close(3 [pid 6040] <... munmap resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 6039] close(4) = 0 [pid 6039] mkdir("./file0", 0777) = 0 [pid 6039] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6040] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] close(4) = 0 [pid 6040] mkdir("./file0", 0777) = 0 [ 66.569239][ T6041] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6041) [ 66.587897][ T6040] loop3: detected capacity change from 0 to 32768 [ 66.626344][ T6039] BTRFS: device /dev/loop4 (7:4) using temp-fsid 343c5cb7-5af9-45e2-9dec-9b308a39a81d [ 66.645135][ T6041] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 66.651653][ T6039] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6039) [pid 6040] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6043] <... write resumed>) = 16777216 [pid 6043] munmap(0x7fb775000000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [ 66.659258][ T6041] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 66.678993][ T6041] BTRFS info (device loop2): using free-space-tree [ 66.698958][ T6043] loop1: detected capacity change from 0 to 32768 [ 66.712669][ T6040] BTRFS: device /dev/loop3 (7:3) using temp-fsid 2f57d785-b7b1-42e4-91cb-da64b6afed20 [pid 6043] close(4) = 0 [pid 6043] mkdir("./file0", 0777) = 0 [ 66.724860][ T6039] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 66.726677][ T6040] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6040) [ 66.745628][ T6039] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 66.758663][ T6039] BTRFS info (device loop4): using free-space-tree [ 66.780080][ T6043] BTRFS: device /dev/loop1 (7:1) using temp-fsid 9e3a5318-407d-4353-91d6-b33bb0d6d213 [ 66.801677][ T6043] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6043) [ 66.832205][ T6040] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6043] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6045] <... write resumed>) = 16777216 [ 66.874684][ T6040] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 66.884888][ T6040] BTRFS info (device loop3): using free-space-tree [pid 6045] munmap(0x7fb775000000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6041] <... mount resumed>) = 0 [pid 6045] <... openat resumed>) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3 [pid 6041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./file0") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_CLR_FD) = 0 [ 66.935749][ T6043] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 66.963203][ T6043] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6041] close(4) = 0 [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6041] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] memfd_create("syzkaller", 0) = 4 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 66.983858][ T6045] loop0: detected capacity change from 0 to 32768 [pid 6045] <... ioctl resumed>) = 0 [pid 6045] close(3) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./file0", 0777) = 0 [ 67.016387][ T6043] BTRFS info (device loop1): using free-space-tree [ 67.068375][ T6045] BTRFS: device /dev/loop0 (7:0) using temp-fsid 75e4e3b4-f012-4034-9b8e-7a7638f82e0a [ 67.122408][ T6045] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6045) [pid 6045] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6039] <... mount resumed>) = 0 [pid 6039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./file0") = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_CLR_FD) = 0 [pid 6039] close(4 [pid 6040] <... mount resumed>) = 0 [pid 6039] <... close resumed>) = 0 [ 67.203116][ T6045] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... openat resumed>) = 3 [pid 6039] <... futex resumed>) = 1 [pid 6040] chdir("./file0" [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... chdir resumed>) = 0 [pid 6039] memfd_create("syzkaller", 0 [pid 6040] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6039] <... memfd_create resumed>) = 4 [pid 6040] <... openat resumed>) = 4 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] ioctl(4, LOOP_CLR_FD [pid 6039] <... mmap resumed>) = 0x7fb775000000 [pid 6043] <... mount resumed>) = 0 [pid 6040] <... ioctl resumed>) = 0 [pid 6043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6040] close(4 [pid 6043] <... openat resumed>) = 3 [pid 6040] <... close resumed>) = 0 [pid 6043] chdir("./file0" [ 67.244502][ T6045] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... chdir resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6040] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6038] <... futex resumed>) = 0 [pid 6040] memfd_create("syzkaller", 0 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... memfd_create resumed>) = 4 [pid 6043] ioctl(4, LOOP_CLR_FD [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6043] <... ioctl resumed>) = 0 [pid 6043] close(4) = 0 [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6043] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6042] <... futex resumed>) = 0 [pid 6043] memfd_create("syzkaller", 0 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... mmap resumed>) = 0x7fb775000000 [pid 6043] <... memfd_create resumed>) = 4 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 67.302973][ T6045] BTRFS info (device loop0): using free-space-tree [pid 6041] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6039] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6040] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6045] <... mount resumed>) = 0 [pid 6045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] chdir("./file0") = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6045] ioctl(4, LOOP_CLR_FD) = 0 [pid 6045] close(4) = 0 [pid 6045] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6044] <... futex resumed>) = 1 [pid 6045] memfd_create("syzkaller", 0 [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6045] <... memfd_create resumed>) = 4 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6043] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6039] <... write resumed>) = 16777216 [pid 6039] munmap(0x7fb775000000, 138412032) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6039] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6039] ioctl(5, LOOP_CLR_FD) = 0 [pid 6039] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6039] close(5) = 0 [pid 6039] close(4 [pid 6045] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6041] <... write resumed>) = 16777216 [pid 6041] munmap(0x7fb775000000, 138412032) = 0 [pid 6039] <... close resumed>) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6041] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6041] ioctl(5, LOOP_CLR_FD) = 0 [pid 6041] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6041] close(5) = 0 [pid 6041] close(4 [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6039] rename("./file1", "./file0/file0" [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... rename resumed>) = 0 [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6039] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6040] <... write resumed>) = 16777216 [pid 6040] munmap(0x7fb775000000, 138412032) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6040] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6040] ioctl(5, LOOP_CLR_FD) = 0 [ 68.202117][ T6039] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 68.228484][ T6039] BTRFS info (device loop4 state M): setting nodatasum [pid 6040] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6040] close(5) = 0 [pid 6040] close(4 [pid 6043] <... write resumed>) = 16777216 [ 68.251007][ T6039] BTRFS info (device loop4 state M): setting nodatasum [ 68.258566][ T6039] BTRFS info (device loop4 state M): turning off barriers [ 68.273797][ T6039] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 6043] munmap(0x7fb775000000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6043] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6043] ioctl(5, LOOP_CLR_FD [pid 6039] <... mount resumed>) = 0 [pid 6043] <... ioctl resumed>) = 0 [pid 6039] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6039] chdir(".") = 0 [pid 6041] <... close resumed>) = 0 [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] ioctl(5, LOOP_SET_FD, 4 [pid 6039] <... futex resumed>) = 1 [pid 6043] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6039] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] <... futex resumed>) = 0 [pid 6043] close(5) = 0 [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6041] rename("./file1", "./file0/file0" [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] close(4 [pid 6036] exit_group(0 [pid 6041] <... rename resumed>) = 0 [pid 6036] <... exit_group resumed>) = ? [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [ 68.311077][ T6039] BTRFS info (device loop4 state M): force clearing of disk cache [ 68.329717][ T6039] BTRFS info (device loop4 state M): doing ref verification [ 68.341695][ T6039] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6041] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6039] <... futex resumed>) = ? [pid 6039] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=65 /* 0.65 s */} --- [pid 5833] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] <... close resumed>) = 0 [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [ 68.425975][ T6041] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5833] newfstatat(AT_FDCWD, "./2/binderfs", [pid 6040] rename("./file1", "./file0/file0" [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./2/binderfs") = 0 [ 68.482751][ T6041] BTRFS info (device loop2 state M): setting nodatasum [ 68.489715][ T6041] BTRFS info (device loop2 state M): setting nodatasum [pid 5833] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] <... rename resumed>) = 0 [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6040] mkdir(".", 0777 [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... mkdir resumed>) = -1 EEXIST (File exists) [ 68.529502][ T5833] BTRFS info (device loop4): last unmount of filesystem 343c5cb7-5af9-45e2-9dec-9b308a39a81d [ 68.549115][ T6041] BTRFS info (device loop2 state M): turning off barriers [ 68.561948][ T6041] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6040] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6045] <... write resumed>) = 16777216 [pid 6045] munmap(0x7fb775000000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6045] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6045] ioctl(5, LOOP_CLR_FD) = 0 [pid 6045] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6045] close(5) = 0 [ 68.591013][ T6041] BTRFS info (device loop2 state M): force clearing of disk cache [ 68.620255][ T6041] BTRFS info (device loop2 state M): doing ref verification [ 68.624827][ T6040] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6045] close(4 [pid 6043] <... close resumed>) = 0 [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6043] rename("./file1", "./file0/file0" [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.646383][ T6040] BTRFS info (device loop3 state M): setting nodatasum [ 68.654266][ T6040] BTRFS info (device loop3 state M): setting nodatasum [ 68.661160][ T6040] BTRFS info (device loop3 state M): turning off barriers [ 68.669899][ T6040] BTRFS info (device loop3 state M): turning on flush-on-commit [ 68.670470][ T6041] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... mount resumed>) = 0 [pid 6041] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6041] chdir(".") = 0 [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6037] exit_group(0) = ? [pid 6041] +++ exited with 0 +++ [pid 6037] +++ exited with 0 +++ [pid 6043] <... rename resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=58 /* 0.58 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] mkdir(".", 0777 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6043] <... mkdir resumed>) = -1 EEXIST (File exists) [ 68.693132][ T6040] BTRFS info (device loop3 state M): force clearing of disk cache [pid 6043] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 68.721234][ T6040] BTRFS info (device loop3 state M): doing ref verification [ 68.758956][ T6040] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5831] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6040] <... mount resumed>) = 0 [ 68.768147][ T6043] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 68.811627][ T6043] BTRFS info (device loop1 state M): setting nodatasum [pid 5831] unlink("./2/binderfs") = 0 [pid 6040] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] <... openat resumed>) = 4 [pid 6040] chdir(".") = 0 [ 68.818536][ T6043] BTRFS info (device loop1 state M): setting nodatasum [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6040] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] exit_group(0 [pid 6040] <... futex resumed>) = ? [pid 6038] <... exit_group resumed>) = ? [pid 6040] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=62 /* 0.62 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./2/binderfs") = 0 [ 68.852107][ T6043] BTRFS info (device loop1 state M): turning off barriers [ 68.859593][ T6043] BTRFS info (device loop1 state M): turning on flush-on-commit [ 68.868328][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 68.899226][ T6043] BTRFS info (device loop1 state M): force clearing of disk cache [ 68.909013][ T5832] BTRFS info (device loop3): last unmount of filesystem 2f57d785-b7b1-42e4-91cb-da64b6afed20 [ 68.938062][ T6043] BTRFS info (device loop1 state M): doing ref verification [pid 5832] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6045] <... close resumed>) = 0 [pid 6045] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] rename("./file1", "./file0/file0" [pid 6043] <... mount resumed>) = 0 [pid 6043] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6043] chdir(".") = 0 [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... futex resumed>) = 0 [pid 6042] exit_group(0) = ? [pid 6043] <... futex resumed>) = ? [ 68.961707][ T6043] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6045] <... rename resumed>) = 0 [pid 6044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6043] +++ exited with 0 +++ [pid 6042] +++ exited with 0 +++ [pid 6044] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=64 /* 0.64 s */} --- [pid 6044] <... futex resumed>) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 5830] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6045] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... mprotect resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6045] <... futex resumed>) = 0 [pid 6044] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... openat resumed>) = 3 [pid 6045] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] newfstatat(3, "", [pid 6044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6044] <... clone3 resumed> => {parent_tid=[6133]}, 88) = 6133 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6044] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(AT_FDCWD, "./2/binderfs", [pid 6044] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6044] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] unlink("./2/binderfs") = 0 [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6133 attached [pid 6133] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6133] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6133] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6133] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.062361][ T5830] BTRFS info (device loop1): last unmount of filesystem 9e3a5318-407d-4353-91d6-b33bb0d6d213 [pid 5833] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./2/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./2") = 0 [pid 5833] mkdir("./3", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6134 attached , child_tidptr=0x55558bffa690) = 6134 [pid 6134] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6134] chdir("./3") = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] setpgid(0, 0) = 0 [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6134] write(3, "1000", 4) = 4 [pid 6134] close(3) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6134] write(1, "executing program\n", 18) = 18 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6134] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6135 attached => {parent_tid=[6135]}, 88) = 6135 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6135] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6135] memfd_create("syzkaller", 0) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 69.131521][ T6133] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 69.221737][ T6133] BTRFS info (device loop0 state M): setting nodatasum [ 69.228877][ T6133] BTRFS info (device loop0 state M): setting nodatasum [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./2/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./2") = 0 [pid 5831] mkdir("./3", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6136 attached [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6136 [pid 6136] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6136] chdir("./3") = 0 [pid 6136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6136] setpgid(0, 0) = 0 [ 69.272176][ T6133] BTRFS info (device loop0 state M): turning off barriers [ 69.279563][ T6133] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6136] write(3, "1000", 4) = 4 [pid 6136] close(3) = 0 [pid 6136] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6136] write(1, "executing program\n", 18) = 18 [pid 5832] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 4 [pid 6136] <... futex resumed>) = 0 [pid 6136] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5832] newfstatat(4, "", [pid 6136] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6136] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6136] <... clone3 resumed> => {parent_tid=[6137]}, 88) = 6137 [pid 6136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6137 attached [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6137] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5832] getdents64(4, [pid 6137] <... rseq resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [ 69.316425][ T6133] BTRFS info (device loop0 state M): force clearing of disk cache [ 69.348505][ T6133] BTRFS info (device loop0 state M): doing ref verification [pid 5832] close(4 [pid 6137] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6133] <... mount resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], [pid 6133] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] rmdir("./2/file0" [pid 6137] memfd_create("syzkaller", 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6137] <... memfd_create resumed>) = 3 [pid 6133] <... openat resumed>) = 4 [pid 5832] getdents64(3, [pid 6137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6133] chdir("." [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6137] <... mmap resumed>) = 0x7fb775000000 [pid 5832] close(3 [pid 6133] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./2" [pid 6133] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6133] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] exit_group(0 [pid 5832] <... rmdir resumed>) = 0 [pid 6045] <... futex resumed>) = ? [pid 6044] <... exit_group resumed>) = ? [pid 6045] +++ exited with 0 +++ [pid 6133] <... futex resumed>) = ? [pid 5832] mkdir("./3", 0777) = 0 [pid 6133] +++ exited with 0 +++ [pid 6044] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=70 /* 0.70 s */} --- [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5829] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.367996][ T6133] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 5829] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(3) = 0 [pid 5829] getdents64(3, [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 6138 attached [pid 5829] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6138 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6138] <... set_robust_list resumed>) = 0 [pid 5829] unlink("./2/binderfs") = 0 [pid 6138] chdir("./3" [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] <... chdir resumed>) = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] write(1, "executing program\n", 18executing program ) = 18 [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6138] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] <... umount2 resumed>) = 0 [ 69.482593][ T5829] BTRFS info (device loop0): last unmount of filesystem 75e4e3b4-f012-4034-9b8e-7a7638f82e0a [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6138] <... clone3 resumed> => {parent_tid=[6139]}, 88) = 6139 [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... openat resumed>) = 4 [pid 6138] <... futex resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6139 attached [pid 5830] getdents64(4, [pid 6139] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6139] <... rseq resumed>) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./2/file0" [pid 6139] set_robust_list(0x7fb77d6019a0, 24 [pid 5830] <... rmdir resumed>) = 0 [pid 6139] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, [pid 6139] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] close(3 [pid 6139] memfd_create("syzkaller", 0 [pid 5830] <... close resumed>) = 0 [pid 6139] <... memfd_create resumed>) = 3 [pid 5830] rmdir("./2" [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./3", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6140 attached [pid 6140] set_robust_list(0x55558bffa6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6140 [pid 6140] <... set_robust_list resumed>) = 0 [pid 6140] chdir("./3") = 0 [pid 6137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6140] setpgid(0, 0) = 0 [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] write(3, "1000", 4) = 4 [pid 6140] close(3) = 0 [pid 6140] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6140] write(1, "executing program\n", 18) = 18 [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6140] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6141]}, 88) = 6141 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6140] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6141 attached [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6141] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6141] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6141] memfd_create("syzkaller", 0) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./2/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./2") = 0 [pid 5829] mkdir("./3", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6142 ./strace-static-x86_64: Process 6142 attached [pid 6142] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6142] chdir("./3") = 0 [pid 6142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6142] setpgid(0, 0) = 0 [pid 6142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6142] write(3, "1000", 4) = 4 [pid 6142] close(3) = 0 [pid 6142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6142] write(1, "executing program\n", 18executing program ) = 18 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6142] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6143 attached => {parent_tid=[6143]}, 88) = 6143 [pid 6142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6143] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6143] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6143] memfd_create("syzkaller", 0 [pid 6135] <... write resumed>) = 16777216 [pid 6143] <... memfd_create resumed>) = 3 [pid 6135] munmap(0x7fb775000000, 138412032 [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6135] <... munmap resumed>) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6135] close(3) = 0 [pid 6135] close(4) = 0 [pid 6135] mkdir("./file0", 0777) = 0 [ 69.894755][ T6135] loop4: detected capacity change from 0 to 32768 [ 69.926583][ T6135] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6135) [pid 6135] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6137] <... write resumed>) = 16777216 [ 69.992961][ T6135] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 70.021885][ T6135] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6137] munmap(0x7fb775000000, 138412032) = 0 [ 70.061650][ T6135] BTRFS info (device loop4): using free-space-tree [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6137] close(3) = 0 [pid 6137] close(4) = 0 [pid 6137] mkdir("./file0", 0777) = 0 [ 70.123348][ T6137] loop2: detected capacity change from 0 to 32768 [pid 6137] mount("/dev/loop2", "./file0", "btrfs", 0, "" [ 70.167094][ T6137] BTRFS: device /dev/loop2 (7:2) using temp-fsid e1ef9c30-3fe3-48fc-aa85-ae732bab97a5 [pid 6143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6139] <... write resumed>) = 16777216 [ 70.222721][ T6137] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6137) [ 70.250953][ T6137] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6139] munmap(0x7fb775000000, 138412032) = 0 [pid 6135] <... mount resumed>) = 0 [pid 6135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6139] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6135] <... openat resumed>) = 3 [pid 6139] <... openat resumed>) = 4 [pid 6135] chdir("./file0" [pid 6139] ioctl(4, LOOP_SET_FD, 3 [pid 6135] <... chdir resumed>) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6139] <... ioctl resumed>) = 0 [pid 6135] <... openat resumed>) = 4 [ 70.311720][ T6137] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 70.320508][ T6137] BTRFS info (device loop2): using free-space-tree [ 70.343601][ T6139] loop3: detected capacity change from 0 to 32768 [pid 6135] ioctl(4, LOOP_CLR_FD) = 0 [pid 6135] close(4) = 0 [pid 6139] close(3) = 0 [pid 6139] close(4) = 0 [pid 6139] mkdir("./file0", 0777) = 0 [pid 6139] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6135] memfd_create("syzkaller", 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] <... memfd_create resumed>) = 4 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 70.370868][ T6139] BTRFS: device /dev/loop3 (7:3) using temp-fsid d246c24b-4097-43c2-a2f8-9369b45247f6 [ 70.432607][ T6139] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6139) [pid 6141] <... write resumed>) = 16777216 [ 70.522696][ T6139] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6141] munmap(0x7fb775000000, 138412032) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6137] <... mount resumed>) = 0 [pid 6135] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6137] chdir("./file0") = 0 [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6137] ioctl(4, LOOP_CLR_FD) = 0 [pid 6137] close(4) = 0 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6137] memfd_create("syzkaller", 0 [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... memfd_create resumed>) = 4 [pid 6136] <... futex resumed>) = 0 [pid 6137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6137] <... mmap resumed>) = 0x7fb775000000 [ 70.573365][ T6141] loop1: detected capacity change from 0 to 32768 [ 70.582655][ T6139] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 70.591500][ T6139] BTRFS info (device loop3): using free-space-tree [pid 6141] close(3) = 0 [pid 6141] close(4) = 0 [pid 6141] mkdir("./file0", 0777) = 0 [ 70.686369][ T6141] BTRFS: device /dev/loop1 (7:1) using temp-fsid 2adef47a-ff37-46cc-967c-6cdf1769d017 [pid 6141] mount("/dev/loop1", "./file0", "btrfs", 0, "" [ 70.744049][ T6141] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6141) [pid 6137] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6143] <... write resumed>) = 16777216 [pid 6139] <... mount resumed>) = 0 [pid 6139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6139] chdir("./file0") = 0 [ 70.806730][ T6141] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6139] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_CLR_FD) = 0 [pid 6139] close(4) = 0 [pid 6143] munmap(0x7fb775000000, 138412032) = 0 [ 70.861818][ T6141] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6143] ioctl(4, LOOP_SET_FD, 3 [pid 6139] <... futex resumed>) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6138] <... futex resumed>) = 0 [pid 6139] memfd_create("syzkaller", 0 [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] <... memfd_create resumed>) = 4 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6143] <... ioctl resumed>) = 0 [pid 6143] close(3) = 0 [pid 6143] close(4) = 0 [pid 6143] mkdir("./file0", 0777) = 0 [ 70.910569][ T6141] BTRFS info (device loop1): using free-space-tree [ 70.919666][ T6143] loop0: detected capacity change from 0 to 32768 [ 70.965176][ T6143] BTRFS: device /dev/loop0 (7:0) using temp-fsid 7cd1524a-bfde-4f5e-bb5e-b0015f952a62 [ 71.001710][ T6143] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6143) [pid 6143] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6137] <... write resumed>) = 16777216 [pid 6137] munmap(0x7fb775000000, 138412032) = 0 [ 71.046653][ T6143] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6141] <... mount resumed>) = 0 [pid 6141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6141] <... openat resumed>) = 3 [pid 6141] chdir("./file0" [pid 6137] <... openat resumed>) = 5 [pid 6137] ioctl(5, LOOP_SET_FD, 4 [pid 6141] <... chdir resumed>) = 0 [pid 6137] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6137] ioctl(5, LOOP_CLR_FD [pid 6141] ioctl(4, LOOP_CLR_FD [pid 6137] <... ioctl resumed>) = 0 [pid 6141] <... ioctl resumed>) = 0 [pid 6137] ioctl(5, LOOP_SET_FD, 4 [pid 6141] close(4 [pid 6137] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6141] <... close resumed>) = 0 [pid 6137] close(5 [pid 6141] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6137] <... close resumed>) = 0 [pid 6141] memfd_create("syzkaller", 0 [pid 6140] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] close(4 [pid 6140] <... futex resumed>) = 0 [ 71.112040][ T6143] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 71.120758][ T6143] BTRFS info (device loop0): using free-space-tree [pid 6141] <... memfd_create resumed>) = 4 [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6139] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6135] <... write resumed>) = 16777216 [pid 6135] munmap(0x7fb775000000, 138412032) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6135] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6135] ioctl(5, LOOP_CLR_FD) = 0 [pid 6135] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6135] close(5) = 0 [pid 6135] close(4 [pid 6137] <... close resumed>) = 0 [pid 6141] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6137] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] rename("./file1", "./file0/file0" [pid 6136] <... futex resumed>) = 0 [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... rename resumed>) = 0 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6137] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6143] <... mount resumed>) = 0 [pid 6143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6135] <... close resumed>) = 0 [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] chdir("./file0" [pid 6135] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] rename("./file1", "./file0/file0" [pid 6143] <... chdir resumed>) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6143] ioctl(4, LOOP_CLR_FD) = 0 [pid 6143] close(4) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] <... futex resumed>) = 0 [pid 6142] <... futex resumed>) = 1 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6143] memfd_create("syzkaller", 0) = 4 [ 71.570624][ T6137] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 71.604986][ T6137] BTRFS info (device loop2 state M): setting nodatasum [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6135] <... rename resumed>) = 0 [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] mkdir(".", 0777) = -1 EEXIST (File exists) [ 71.631955][ T6137] BTRFS info (device loop2 state M): setting nodatasum [ 71.660609][ T6137] BTRFS info (device loop2 state M): turning off barriers [ 71.672471][ T6135] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 71.691602][ T6137] BTRFS info (device loop2 state M): turning on flush-on-commit [ 71.712386][ T6137] BTRFS info (device loop2 state M): force clearing of disk cache [ 71.720258][ T6137] BTRFS info (device loop2 state M): doing ref verification [ 71.728689][ T6135] BTRFS info (device loop4 state M): setting nodatasum [ 71.741638][ T6135] BTRFS info (device loop4 state M): setting nodatasum [ 71.761293][ T6135] BTRFS info (device loop4 state M): turning off barriers [ 71.770318][ T6137] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6135] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6137] <... mount resumed>) = 0 [pid 6137] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6137] chdir(".") = 0 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6137] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6136] exit_group(0 [pid 6137] <... futex resumed>) = ? [pid 6136] <... exit_group resumed>) = ? [pid 6137] +++ exited with 0 +++ [pid 6136] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6136, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=63 /* 0.63 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./3/binderfs") = 0 [ 71.790248][ T6135] BTRFS info (device loop4 state M): turning on flush-on-commit [ 71.808902][ T6135] BTRFS info (device loop4 state M): force clearing of disk cache [ 71.828691][ T5831] BTRFS info (device loop2): last unmount of filesystem e1ef9c30-3fe3-48fc-aa85-ae732bab97a5 [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6139] <... write resumed>) = 16777216 [pid 6139] munmap(0x7fb775000000, 138412032) = 0 [pid 6135] <... mount resumed>) = 0 [pid 6135] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6135] chdir(".") = 0 [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] exit_group(0 [pid 6135] <... futex resumed>) = ? [pid 6134] <... exit_group resumed>) = ? [pid 6135] +++ exited with 0 +++ [pid 6134] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=63 /* 0.63 s */} --- [ 71.853023][ T6135] BTRFS info (device loop4 state M): doing ref verification [ 71.860366][ T6135] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 5833] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./3/binderfs") = 0 [pid 5833] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6139] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6139] ioctl(5, LOOP_CLR_FD) = 0 [pid 6139] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6139] close(5) = 0 [ 71.941312][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6139] close(4 [pid 6143] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6141] <... write resumed>) = 16777216 [pid 6141] munmap(0x7fb775000000, 138412032) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6141] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6141] ioctl(5, LOOP_CLR_FD) = 0 [pid 6141] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6141] close(5) = 0 [pid 6141] close(4 [pid 6139] <... close resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6139] rename("./file1", "./file0/file0" [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... rename resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6139] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./3/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./3") = 0 [pid 5831] mkdir("./4", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6229 ./strace-static-x86_64: Process 6229 attached [pid 6229] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6229] chdir("./4") = 0 [pid 6229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6229] setpgid(0, 0) = 0 [pid 6229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6229] write(3, "1000", 4) = 4 [pid 6229] close(3) = 0 [pid 6229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6229] write(1, "executing program\n", 18executing program [ 72.284153][ T6139] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW ) = 18 [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6229] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6230 attached => {parent_tid=[6230]}, 88) = 6230 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], [pid 6230] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.341716][ T6139] BTRFS info (device loop3 state M): setting nodatasum [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6230] <... rseq resumed>) = 0 [pid 6230] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/file0", [pid 6230] memfd_create("syzkaller", 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6141] <... close resumed>) = 0 [pid 5833] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6230] <... memfd_create resumed>) = 3 [pid 6230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6141] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 6230] <... mmap resumed>) = 0x7fb775000000 [pid 6141] <... futex resumed>) = 1 [pid 6140] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 6140] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./3/file0") = 0 [pid 6141] rename("./file1", "./file0/file0" [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./3") = 0 [pid 5833] mkdir("./4", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [ 72.387946][ T6139] BTRFS info (device loop3 state M): setting nodatasum [ 72.412884][ T6139] BTRFS info (device loop3 state M): turning off barriers [ 72.420062][ T6139] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6231 attached [pid 6231] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6231 [pid 6231] <... set_robust_list resumed>) = 0 [pid 6231] chdir("./4") = 0 [pid 6231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6231] setpgid(0, 0) = 0 [pid 6231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6140] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6231] write(3, "1000", 4 [pid 6140] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6231] <... write resumed>) = 4 [pid 6231] close(3) = 0 [pid 6231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6231] write(1, "executing program\n", 18 [pid 6140] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 6231] <... write resumed>) = 18 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] <... mprotect resumed>) = 0 [pid 6231] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6141] <... rename resumed>) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 6232 attached [pid 6231] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6231] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6140] <... clone3 resumed> => {parent_tid=[6232]}, 88) = 6232 [pid 6232] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6232] <... rseq resumed>) = 0 [pid 6231] <... mprotect resumed>) = 0 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6232] set_robust_list(0x7fb77d5e09a0, 24 [pid 6231] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6140] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... set_robust_list resumed>) = 0 [pid 6231] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6143] <... write resumed>) = 16777216 [pid 6141] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], [pid 6231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6140] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6233 attached [pid 6232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] <... futex resumed>) = 0 [pid 6231] <... clone3 resumed> => {parent_tid=[6233]}, 88) = 6233 [pid 6232] mkdir(".", 0777 [pid 6141] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6232] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6233] <... rseq resumed>) = 0 [pid 6231] rt_sigprocmask(SIG_SETMASK, [], [pid 6143] munmap(0x7fb775000000, 138412032 [pid 6233] set_robust_list(0x7fb77d6019a0, 24 [pid 6232] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6139] <... mount resumed>) = 0 [pid 6233] <... set_robust_list resumed>) = 0 [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6233] rt_sigprocmask(SIG_SETMASK, [], [pid 6231] <... futex resumed>) = 0 [pid 6139] <... openat resumed>) = 4 [pid 6233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] memfd_create("syzkaller", 0 [pid 6139] chdir("." [pid 6233] <... memfd_create resumed>) = 3 [pid 6139] <... chdir resumed>) = 0 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 72.487022][ T6139] BTRFS info (device loop3 state M): force clearing of disk cache [ 72.517343][ T6139] BTRFS info (device loop3 state M): doing ref verification [ 72.526607][ T6139] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] exit_group(0 [pid 6139] <... futex resumed>) = ? [pid 6138] <... exit_group resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6138] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=58 /* 0.58 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./3/binderfs") = 0 [pid 5832] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6143] <... munmap resumed>) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 72.564762][ T6232] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 72.583098][ T5832] BTRFS info (device loop3): last unmount of filesystem d246c24b-4097-43c2-a2f8-9369b45247f6 [ 72.598615][ T6232] BTRFS info (device loop1 state M): setting nodatasum [pid 6143] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6143] ioctl(5, LOOP_CLR_FD) = 0 [pid 6143] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 72.617804][ T6232] BTRFS info (device loop1 state M): setting nodatasum [ 72.632000][ T6232] BTRFS info (device loop1 state M): turning off barriers [pid 6143] close(5) = 0 [ 72.662184][ T6232] BTRFS info (device loop1 state M): turning on flush-on-commit [ 72.669899][ T6232] BTRFS info (device loop1 state M): force clearing of disk cache [pid 6143] close(4 [pid 6230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6232] <... mount resumed>) = 0 [ 72.708878][ T6232] BTRFS info (device loop1 state M): doing ref verification [ 72.722234][ T6232] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6232] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6232] chdir(".") = 0 [pid 6232] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6232] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] exit_group(0 [pid 6232] <... futex resumed>) = ? [pid 6141] <... futex resumed>) = ? [pid 6140] <... exit_group resumed>) = ? [pid 6232] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=66 /* 0.66 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./3/binderfs") = 0 [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 72.866363][ T5830] BTRFS info (device loop1): last unmount of filesystem 2adef47a-ff37-46cc-967c-6cdf1769d017 [pid 6233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6143] <... close resumed>) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] <... futex resumed>) = 0 [pid 6143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] rename("./file1", "./file0/file0" [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 6143] <... rename resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(4 [pid 6143] <... futex resumed>) = 0 [pid 6142] <... futex resumed>) = 1 [pid 5832] <... close resumed>) = 0 [pid 6143] mkdir(".", 0777 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6143] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5832] rmdir("./3/file0" [pid 6143] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5832] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./3") = 0 [ 73.013627][ T6143] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 5832] mkdir("./4", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [ 73.064204][ T6143] BTRFS info (device loop0 state M): setting nodatasum [ 73.071116][ T6143] BTRFS info (device loop0 state M): setting nodatasum [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6235 attached [pid 6235] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6235 [pid 6235] <... set_robust_list resumed>) = 0 [pid 6235] chdir("./4") = 0 [pid 6235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 73.107899][ T6143] BTRFS info (device loop0 state M): turning off barriers [ 73.136479][ T6143] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6235] setpgid(0, 0) = 0 [pid 6235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6235] write(3, "1000", 4) = 4 [pid 6235] close(3) = 0 [pid 6235] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6143] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6235] write(1, "executing program\n", 18 [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6235] <... write resumed>) = 18 [pid 6143] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6235] <... futex resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./3/file0", [pid 6143] <... openat resumed>) = 4 [pid 6230] <... write resumed>) = 16777216 [pid 6235] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6143] chdir("." [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6235] <... rt_sigaction resumed>NULL, 8) = 0 [ 73.163275][ T6143] BTRFS info (device loop0 state M): force clearing of disk cache [ 73.172583][ T6143] BTRFS info (device loop0 state M): doing ref verification [ 73.202553][ T6143] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6230] munmap(0x7fb775000000, 138412032 [pid 6143] <... chdir resumed>) = 0 [pid 6235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6142] <... futex resumed>) = 0 [pid 6235] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6143] <... futex resumed>) = 1 [pid 6142] exit_group(0 [pid 6235] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6142] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6143] +++ exited with 0 +++ [pid 6142] +++ exited with 0 +++ [pid 5830] newfstatat(4, "", [pid 6235] <... mprotect resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6142, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] getdents64(4, ./strace-static-x86_64: Process 6236 attached [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6236] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6235] <... clone3 resumed> => {parent_tid=[6236]}, 88) = 6236 [pid 6236] <... rseq resumed>) = 0 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] set_robust_list(0x7fb77d6019a0, 24 [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] <... set_robust_list resumed>) = 0 [pid 6235] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] rt_sigprocmask(SIG_SETMASK, [], [pid 6235] <... futex resumed>) = 0 [pid 6236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6236] <... memfd_create resumed>) = 3 [pid 5830] getdents64(4, [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./3/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./3" [pid 6233] <... write resumed>) = 16777216 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6233] munmap(0x7fb775000000, 138412032 [pid 6230] <... munmap resumed>) = 0 [pid 5830] mkdir("./4", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5830] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6230] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6230] <... openat resumed>) = 4 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6230] ioctl(4, LOOP_SET_FD, 3 [pid 5830] close(3 [pid 5829] newfstatat(AT_FDCWD, "./3/binderfs", [pid 6233] <... munmap resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./3/binderfs" [pid 6233] <... openat resumed>) = 4 [pid 6233] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... unlink resumed>) = 0 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6237 [pid 6230] <... ioctl resumed>) = 0 [pid 6230] close(3) = 0 [pid 6230] close(4) = 0 [pid 6230] mkdir("./file0", 0777./strace-static-x86_64: Process 6237 attached [pid 6233] <... ioctl resumed>) = 0 [pid 6230] <... mkdir resumed>) = 0 [pid 6237] set_robust_list(0x55558bffa6a0, 24 [pid 6233] close(3 [ 73.275338][ T6230] loop2: detected capacity change from 0 to 32768 [ 73.293198][ T6233] loop4: detected capacity change from 0 to 32768 [ 73.301001][ T5829] BTRFS info (device loop0): last unmount of filesystem 7cd1524a-bfde-4f5e-bb5e-b0015f952a62 [pid 6230] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6237] <... set_robust_list resumed>) = 0 [pid 6233] <... close resumed>) = 0 [pid 6233] close(4 [pid 6237] chdir("./4" [pid 6233] <... close resumed>) = 0 [pid 6233] mkdir("./file0", 0777 [pid 6237] <... chdir resumed>) = 0 [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6233] <... mkdir resumed>) = 0 [pid 6233] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6237] <... prctl resumed>) = 0 [pid 6237] setpgid(0, 0) = 0 [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6237] write(3, "1000", 4) = 4 [pid 6237] close(3) = 0 [pid 6237] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6237] write(1, "executing program\n", 18) = 18 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6237] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6238 attached [ 73.321092][ T6230] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6230) => {parent_tid=[6238]}, 88) = 6238 [pid 6238] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6238] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6238] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] <... futex resumed>) = 0 [pid 6238] memfd_create("syzkaller", 0) = 3 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 73.378545][ T6230] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 73.380051][ T6233] BTRFS: device /dev/loop4 (7:4) using temp-fsid 509795a7-e90c-40f9-98e0-8d0106c4b646 [ 73.400115][ T6230] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 73.424585][ T6230] BTRFS info (device loop2): using free-space-tree [ 73.435015][ T6233] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6233) [ 73.497602][ T6233] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 73.541796][ T6233] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 73.550598][ T6233] BTRFS info (device loop4): using free-space-tree [pid 6236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6236] munmap(0x7fb775000000, 138412032) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6236] <... openat resumed>) = 4 [pid 6236] ioctl(4, LOOP_SET_FD, 3 [pid 6230] <... mount resumed>) = 0 [pid 6230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6230] chdir("./file0") = 0 [pid 6230] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6230] ioctl(4, LOOP_CLR_FD) = 0 [pid 6230] close(4) = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] <... ioctl resumed>) = 0 [pid 6236] close(3) = 0 [pid 6236] close(4) = 0 [pid 6236] mkdir("./file0", 0777) = 0 [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 73.743341][ T6236] loop3: detected capacity change from 0 to 32768 [pid 6230] memfd_create("syzkaller", 0) = 4 [pid 6236] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6233] <... mount resumed>) = 0 [pid 6233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6233] chdir("./file0") = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6233] ioctl(4, LOOP_CLR_FD) = 0 [pid 6233] close(4) = 0 [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6233] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... futex resumed>) = 0 [pid 6233] memfd_create("syzkaller", 0 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] <... memfd_create resumed>) = 4 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 73.789113][ T6236] BTRFS: device /dev/loop3 (7:3) using temp-fsid b5a471cf-7e7b-4fce-9d70-9c697094d2de [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./3/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./3") = 0 [pid 5829] mkdir("./4", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6271 ./strace-static-x86_64: Process 6271 attached [pid 6271] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6271] chdir("./4") = 0 [pid 6271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 73.849061][ T6236] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6236) [pid 6271] setpgid(0, 0) = 0 [pid 6271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6271] write(3, "1000", 4) = 4 [pid 6271] close(3) = 0 [pid 6271] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6271] write(1, "executing program\n", 18) = 18 [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6271] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6273 attached [pid 6273] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6273] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 73.965692][ T6236] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 73.992296][ T6236] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6273] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] <... clone3 resumed> => {parent_tid=[6273]}, 88) = 6273 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6273] memfd_create("syzkaller", 0) = 3 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 74.035343][ T6236] BTRFS info (device loop3): using free-space-tree [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6230] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6233] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6238] <... write resumed>) = 16777216 [pid 6236] <... mount resumed>) = 0 [pid 6236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6236] chdir("./file0") = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6236] ioctl(4, LOOP_CLR_FD) = 0 [pid 6236] close(4) = 0 [pid 6236] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6238] munmap(0x7fb775000000, 138412032 [pid 6236] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] <... munmap resumed>) = 0 [pid 6235] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6235] <... futex resumed>) = 1 [pid 6236] memfd_create("syzkaller", 0 [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] <... memfd_create resumed>) = 4 [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6238] close(3) = 0 [pid 6238] close(4) = 0 [ 74.232356][ T6238] loop1: detected capacity change from 0 to 32768 [pid 6238] mkdir("./file0", 0777) = 0 [pid 6238] mount("/dev/loop1", "./file0", "btrfs", 0, "" [ 74.301723][ T6238] BTRFS: device /dev/loop1 (7:1) using temp-fsid 343613f4-89ff-448f-b31e-0d14b75c9b12 [pid 6273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6230] <... write resumed>) = 16777216 [ 74.339334][ T6238] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6238) [pid 6230] munmap(0x7fb775000000, 138412032) = 0 [pid 6230] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6230] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6230] ioctl(5, LOOP_CLR_FD) = 0 [ 74.421649][ T6238] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 74.441872][ T6238] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6230] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6230] close(5) = 0 [ 74.472573][ T6238] BTRFS info (device loop1): using free-space-tree [pid 6230] close(4 [pid 6236] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6230] <... close resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6230] rename("./file1", "./file0/file0") = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6230] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] <... write resumed>) = 16777216 [pid 6238] <... mount resumed>) = 0 [pid 6230] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6273] munmap(0x7fb775000000, 138412032 [pid 6238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6238] chdir("./file0") = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_CLR_FD) = 0 [pid 6238] close(4) = 0 [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] memfd_create("syzkaller", 0) = 4 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6273] <... munmap resumed>) = 0 [pid 6233] <... write resumed>) = 16777216 [ 74.712011][ T6230] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 74.729687][ T6230] BTRFS info (device loop2 state M): setting nodatasum [ 74.737058][ T6230] BTRFS info (device loop2 state M): setting nodatasum [ 74.744599][ T6230] BTRFS info (device loop2 state M): turning off barriers [ 74.751795][ T6230] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6233] munmap(0x7fb775000000, 138412032 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_SET_FD, 3 [pid 6230] <... mount resumed>) = 0 [pid 6230] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6230] chdir(".") = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6229] exit_group(0) = ? [pid 6230] +++ exited with 0 +++ [pid 6229] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6229, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=59 /* 0.59 s */} --- [pid 6233] <... munmap resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./4/binderfs" [pid 6233] <... openat resumed>) = 5 [pid 6233] ioctl(5, LOOP_SET_FD, 4 [pid 5831] <... unlink resumed>) = 0 [pid 6233] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6233] ioctl(5, LOOP_CLR_FD) = 0 [ 74.759459][ T6230] BTRFS info (device loop2 state M): force clearing of disk cache [ 74.767382][ T6230] BTRFS info (device loop2 state M): doing ref verification [ 74.773228][ T6273] loop0: detected capacity change from 0 to 32768 [ 74.774953][ T6230] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6273] <... ioctl resumed>) = 0 [pid 6233] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6273] close(3 [pid 6233] close(5) = 0 [pid 6233] close(4 [pid 6273] <... close resumed>) = 0 [pid 6273] close(4) = 0 [pid 6273] mkdir("./file0", 0777) = 0 [ 74.818325][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 74.872259][ T6273] BTRFS: device /dev/loop0 (7:0) using temp-fsid e32e2381-00af-4648-a71a-0ecf7eaed21f [ 74.901662][ T6273] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6273) [pid 6273] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6238] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./4/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./4") = 0 [ 75.009229][ T6273] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 75.044923][ T6273] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6233] <... close resumed>) = 0 [pid 5831] mkdir("./5", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6308 attached [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] set_robust_list(0x55558bffa6a0, 24 [pid 6233] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6308 [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6231] <... futex resumed>) = 1 [pid 6233] rename("./file1", "./file0/file0" [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6308] <... set_robust_list resumed>) = 0 [pid 6308] chdir("./5" [pid 6236] <... write resumed>) = 16777216 [pid 6308] <... chdir resumed>) = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6236] munmap(0x7fb775000000, 138412032 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6308] write(1, "executing program\n", 18) = 18 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 75.089647][ T6273] BTRFS info (device loop0): using free-space-tree [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6233] <... rename resumed>) = 0 [pid 6308] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6316]}, 88) = 6316 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6316 attached ) = 0 [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6236] <... munmap resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6316] <... rseq resumed>) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6233] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] set_robust_list(0x7fb77d6019a0, 24 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... futex resumed>) = 0 [pid 6236] <... openat resumed>) = 5 [pid 6316] <... set_robust_list resumed>) = 0 [pid 6236] ioctl(5, LOOP_SET_FD, 4 [pid 6233] mkdir(".", 0777 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6233] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] ioctl(5, LOOP_CLR_FD [pid 6233] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6316] memfd_create("syzkaller", 0 [pid 6236] <... ioctl resumed>) = 0 [pid 6316] <... memfd_create resumed>) = 3 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6236] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6236] close(5) = 0 [ 75.285866][ T6233] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 6236] close(4) = 0 [pid 6236] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... mount resumed>) = 0 [pid 6236] <... futex resumed>) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6235] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] rename("./file1", "./file0/file0" [pid 6273] <... openat resumed>) = 3 [pid 6235] <... futex resumed>) = 0 [pid 6273] chdir("./file0" [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... chdir resumed>) = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_CLR_FD) = 0 [pid 6273] close(4) = 0 [ 75.366389][ T6233] BTRFS info (device loop4 state M): setting nodatasum [ 75.383872][ T6233] BTRFS info (device loop4 state M): setting nodatasum [ 75.391209][ T6233] BTRFS info (device loop4 state M): turning off barriers [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6273] memfd_create("syzkaller", 0 [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... memfd_create resumed>) = 4 [pid 6271] <... futex resumed>) = 0 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] <... mmap resumed>) = 0x7fb775000000 [pid 6235] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6235] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 6235] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} => {parent_tid=[6326]}, 88) = 6326 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6235] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] <... rename resumed>) = 0 ./strace-static-x86_64: Process 6326 attached [pid 6236] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6326] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 6326] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] <... futex resumed>) = 0 [pid 6326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] mkdir(".", 0777) = -1 EEXIST (File exists) [ 75.426878][ T6233] BTRFS info (device loop4 state M): turning on flush-on-commit [ 75.451610][ T6233] BTRFS info (device loop4 state M): force clearing of disk cache [ 75.459479][ T6233] BTRFS info (device loop4 state M): doing ref verification [pid 6326] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6233] <... mount resumed>) = 0 [pid 6233] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6238] <... write resumed>) = 16777216 [ 75.522030][ T6233] BTRFS info (device loop4 state M): max_inline set to 26856 [ 75.530799][ T6326] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6233] chdir(".") = 0 [pid 6238] munmap(0x7fb775000000, 138412032 [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] exit_group(0) = ? [pid 6233] +++ exited with 0 +++ [pid 6231] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6231, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=51 /* 0.51 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6238] <... munmap resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./4/binderfs", [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./4/binderfs") = 0 [pid 5833] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] <... openat resumed>) = 5 [pid 6238] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6238] ioctl(5, LOOP_CLR_FD) = 0 [pid 6238] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6238] close(5) = 0 [ 75.587414][ T6326] BTRFS info (device loop3 state M): setting nodatasum [ 75.618740][ T6326] BTRFS info (device loop3 state M): setting nodatasum [ 75.640352][ T6326] BTRFS info (device loop3 state M): turning off barriers [ 75.653103][ T5833] BTRFS info (device loop4): last unmount of filesystem 509795a7-e90c-40f9-98e0-8d0106c4b646 [ 75.659354][ T6326] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 6238] close(4 [ 75.686279][ T6326] BTRFS info (device loop3 state M): force clearing of disk cache [ 75.704932][ T6326] BTRFS info (device loop3 state M): doing ref verification [pid 6316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6326] <... mount resumed>) = 0 [pid 6326] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [ 75.747228][ T6326] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6326] chdir(".") = 0 [pid 6326] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] <... futex resumed>) = 0 [pid 6235] exit_group(0) = ? [pid 6326] <... futex resumed>) = ? [pid 6236] <... futex resumed>) = ? [pid 6326] +++ exited with 0 +++ [pid 6236] +++ exited with 0 +++ [pid 6235] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6235, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=58 /* 0.58 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6273] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./4/binderfs") = 0 [pid 5832] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 5833] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] rename("./file1", "./file0/file0" [pid 5833] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.922872][ T5832] BTRFS info (device loop3): last unmount of filesystem b5a471cf-7e7b-4fce-9d70-9c697094d2de [pid 5833] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", [pid 6238] <... rename resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6238] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] close(4) = 0 [pid 5833] rmdir("./4/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./4") = 0 [pid 5833] mkdir("./5", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6328 attached , child_tidptr=0x55558bffa690) = 6328 [pid 6328] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6328] chdir("./5") = 0 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6328] setpgid(0, 0) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6328] write(3, "1000", 4) = 4 [pid 6328] close(3) = 0 [ 76.092463][ T6238] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW executing program [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6328] write(1, "executing program\n", 18) = 18 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6328] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6329]}, 88) = 6329 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6329 attached NULL, 8) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6329] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6329] memfd_create("syzkaller", 0) = 3 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 76.145118][ T6238] BTRFS info (device loop1 state M): setting nodatasum [ 76.171633][ T6238] BTRFS info (device loop1 state M): setting nodatasum [ 76.178610][ T6238] BTRFS info (device loop1 state M): turning off barriers [ 76.215755][ T6238] BTRFS info (device loop1 state M): turning on flush-on-commit [ 76.251645][ T6238] BTRFS info (device loop1 state M): force clearing of disk cache [pid 6273] <... write resumed>) = 16777216 [pid 6273] munmap(0x7fb775000000, 138412032) = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6273] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6273] ioctl(5, LOOP_CLR_FD) = 0 [pid 6316] <... write resumed>) = 16777216 [pid 6273] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6273] close(5) = 0 [pid 6273] close(4 [pid 6316] munmap(0x7fb775000000, 138412032 [pid 6238] <... mount resumed>) = 0 [pid 6316] <... munmap resumed>) = 0 [pid 6238] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6238] chdir("." [pid 5832] <... umount2 resumed>) = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6238] <... chdir resumed>) = 0 [pid 5832] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6238] <... futex resumed>) = 1 [pid 6237] <... futex resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./4/file0", [pid 6238] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] exit_group(0 [pid 6316] <... openat resumed>) = 4 [pid 6238] <... futex resumed>) = ? [pid 6237] <... exit_group resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6238] +++ exited with 0 +++ [ 76.259996][ T6238] BTRFS info (device loop1 state M): doing ref verification [ 76.278241][ T6238] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6237] +++ exited with 0 +++ [pid 5832] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6316] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=16 /* 0.16 s */, si_stime=63 /* 0.63 s */} --- [pid 5830] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6316] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 6316] close(3) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6316] close(4 [pid 5832] newfstatat(4, "", [pid 6316] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6316] mkdir("./file0", 0777 [pid 5832] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./4/binderfs", [pid 6316] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6316] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5832] getdents64(4, [pid 5830] unlink("./4/binderfs" [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] rmdir("./4/file0" [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [ 76.332544][ T6316] loop2: detected capacity change from 0 to 32768 [pid 5832] rmdir("./4" [pid 6329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./5", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6331 attached [pid 6331] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6331 [pid 6331] <... set_robust_list resumed>) = 0 [pid 6331] chdir("./5") = 0 [ 76.373623][ T5830] BTRFS info (device loop1): last unmount of filesystem 343613f4-89ff-448f-b31e-0d14b75c9b12 [ 76.392217][ T6316] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6316) [pid 6331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6331] setpgid(0, 0) = 0 [pid 6331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6331] write(3, "1000", 4) = 4 [pid 6331] close(3) = 0 [pid 6331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6331] write(1, "executing program\n", 18executing program ) = 18 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6331] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6334 attached => {parent_tid=[6334]}, 88) = 6334 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6334] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... rseq resumed>) = 0 [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 76.454548][ T6316] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 76.471676][ T6316] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 76.480705][ T6316] BTRFS info (device loop2): using free-space-tree [pid 6334] memfd_create("syzkaller", 0) = 3 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6273] <... close resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6273] rename("./file1", "./file0/file0" [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... rename resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] <... futex resumed>) = 0 [pid 6273] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6273] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6316] <... mount resumed>) = 0 [pid 6316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6316] chdir("./file0") = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6316] ioctl(4, LOOP_CLR_FD) = 0 [pid 6316] close(4) = 0 [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6316] memfd_create("syzkaller", 0 [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... memfd_create resumed>) = 4 [pid 6308] <... futex resumed>) = 0 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] <... mmap resumed>) = 0x7fb775000000 [pid 6329] <... write resumed>) = 16777216 [pid 6329] munmap(0x7fb775000000, 138412032) = 0 [ 76.684642][ T6273] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 6329] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6329] close(3) = 0 [pid 6329] close(4) = 0 [pid 6329] mkdir("./file0", 0777) = 0 [ 76.759028][ T25] cfg80211: failed to load regulatory.db [ 76.765709][ T6329] loop4: detected capacity change from 0 to 32768 [ 76.771929][ T6273] BTRFS info (device loop0 state M): setting nodatasum [ 76.779013][ T6273] BTRFS info (device loop0 state M): setting nodatasum [ 76.835547][ T6329] BTRFS: device /dev/loop4 (7:4) using temp-fsid de63c674-ca28-4248-aa55-11c2c73a0d8c [ 76.851626][ T6273] BTRFS info (device loop0 state M): turning off barriers [ 76.872365][ T6329] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6329) [ 76.891654][ T6273] BTRFS info (device loop0 state M): turning on flush-on-commit [ 76.931892][ T6273] BTRFS info (device loop0 state M): force clearing of disk cache [pid 6329] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = 0 [pid 6334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.939987][ T6273] BTRFS info (device loop0 state M): doing ref verification [ 76.947357][ T6329] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 76.947428][ T6329] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 5830] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", [pid 6316] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 6273] <... mount resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6273] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5830] close(4 [pid 6273] <... openat resumed>) = 4 [pid 6273] chdir(".") = 0 [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6271] exit_group(0) = ? [pid 6273] +++ exited with 0 +++ [pid 6271] +++ exited with 0 +++ [pid 5830] <... close resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6271, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=64 /* 0.64 s */} --- [pid 5830] rmdir("./4/file0" [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5829] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./4" [pid 5829] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] mkdir("./5", 0777 [pid 5829] getdents64(3, [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5829] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./4/binderfs") = 0 [ 77.022384][ T6273] BTRFS info (device loop0 state M): max_inline set to 26856 [ 77.048271][ T6329] BTRFS info (device loop4): using free-space-tree [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6357 attached , child_tidptr=0x55558bffa690) = 6357 [pid 6357] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6357] chdir("./5") = 0 [pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6357] setpgid(0, 0) = 0 [pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6357] write(3, "1000", 4) = 4 [pid 6357] close(3) = 0 [pid 6357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6357] write(1, "executing program\n", 18executing program ) = 18 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [ 77.102587][ T5829] BTRFS info (device loop0): last unmount of filesystem e32e2381-00af-4648-a71a-0ecf7eaed21f [pid 6357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6357] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6366 attached => {parent_tid=[6366]}, 88) = 6366 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] <... rseq resumed>) = 0 [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... mount resumed>) = 0 [pid 6366] set_robust_list(0x7fb77d6019a0, 24 [pid 6357] <... futex resumed>) = 0 [pid 6329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6366] <... set_robust_list resumed>) = 0 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] <... openat resumed>) = 3 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6329] chdir("./file0" [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] <... chdir resumed>) = 0 [pid 6366] memfd_create("syzkaller", 0 [pid 6329] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6366] <... memfd_create resumed>) = 3 [pid 6329] <... openat resumed>) = 4 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6329] ioctl(4, LOOP_CLR_FD [pid 6366] <... mmap resumed>) = 0x7fb775000000 [pid 6329] <... ioctl resumed>) = 0 [pid 6329] close(4) = 0 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] <... futex resumed>) = 0 [pid 6329] memfd_create("syzkaller", 0) = 4 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6316] <... write resumed>) = 16777216 [pid 6316] munmap(0x7fb775000000, 138412032) = 0 [pid 6334] <... write resumed>) = 16777216 [pid 6316] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6316] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6316] ioctl(5, LOOP_CLR_FD) = 0 [pid 6316] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6316] close(5) = 0 [pid 6316] close(4 [pid 6334] munmap(0x7fb775000000, 138412032 [pid 5829] <... umount2 resumed>) = 0 [pid 6334] <... munmap resumed>) = 0 [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] newfstatat(AT_FDCWD, "./4/file0", [pid 6334] <... openat resumed>) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6334] <... ioctl resumed>) = 0 [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6334] <... close resumed>) = 0 [pid 6334] close(4) = 0 [pid 6334] mkdir("./file0", 0777) = 0 [pid 5829] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6334] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 77.574135][ T6334] loop3: detected capacity change from 0 to 32768 [pid 5829] getdents64(4, [pid 6329] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./4/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./4") = 0 [pid 5829] mkdir("./5", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [ 77.616038][ T6334] BTRFS: device /dev/loop3 (7:3) using temp-fsid 05f3542e-7de1-4cfa-b17e-33a59f446996 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 6368 attached [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 6368 [pid 6368] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6368] chdir("./5") = 0 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6368] setpgid(0, 0) = 0 [ 77.670930][ T6334] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6334) [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6368] write(3, "1000", 4) = 4 [pid 6368] close(3) = 0 [pid 6368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6368] write(1, "executing program\n", 18executing program ) = 18 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6368] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6369 attached [pid 6369] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6369] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6369] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] <... clone3 resumed> => {parent_tid=[6369]}, 88) = 6369 [ 77.762598][ T6334] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 77.795267][ T6334] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6316] <... close resumed>) = 0 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6316] <... futex resumed>) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6316] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 6316] rename("./file1", "./file0/file0" [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... futex resumed>) = 0 [pid 6368] <... futex resumed>) = 1 [pid 6369] memfd_create("syzkaller", 0) = 3 [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] <... rename resumed>) = 0 [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6316] mkdir(".", 0777 [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 77.822050][ T6334] BTRFS info (device loop3): using free-space-tree [ 77.932797][ T6316] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 6316] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6334] <... mount resumed>) = 0 [pid 6334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6334] chdir("./file0") = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_CLR_FD) = 0 [pid 6334] close(4) = 0 [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 77.980024][ T6316] BTRFS info (device loop2 state M): setting nodatasum [pid 6334] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 6334] memfd_create("syzkaller", 0 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] <... memfd_create resumed>) = 4 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 78.031706][ T6316] BTRFS info (device loop2 state M): setting nodatasum [ 78.051680][ T6316] BTRFS info (device loop2 state M): turning off barriers [pid 6366] <... write resumed>) = 16777216 [pid 6366] munmap(0x7fb775000000, 138412032 [pid 6369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6366] <... munmap resumed>) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 78.091677][ T6316] BTRFS info (device loop2 state M): turning on flush-on-commit [ 78.099376][ T6316] BTRFS info (device loop2 state M): force clearing of disk cache [ 78.143396][ T6366] loop1: detected capacity change from 0 to 32768 [ 78.171621][ T6316] BTRFS info (device loop2 state M): doing ref verification [ 78.179055][ T6316] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6366] close(3) = 0 [pid 6366] close(4) = 0 [pid 6366] mkdir("./file0", 0777) = 0 [ 78.184816][ T6366] BTRFS: device /dev/loop1 (7:1) using temp-fsid d8f31db2-638e-4c70-a207-95007c67bb21 [pid 6366] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6316] <... mount resumed>) = 0 [pid 6316] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6329] <... write resumed>) = 16777216 [pid 6316] <... openat resumed>) = 4 [pid 6316] chdir(".") = 0 [ 78.221664][ T6366] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6366) [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] munmap(0x7fb775000000, 138412032 [pid 6316] <... futex resumed>) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6308] exit_group(0 [pid 6329] <... munmap resumed>) = 0 [pid 6308] <... exit_group resumed>) = ? [pid 6316] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=68 /* 0.68 s */} --- [pid 6329] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 5831] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6329] ioctl(5, LOOP_SET_FD, 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6329] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6329] ioctl(5, LOOP_CLR_FD [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6329] <... ioctl resumed>) = 0 [pid 5831] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./5/binderfs" [pid 6329] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5831] <... unlink resumed>) = 0 [pid 6329] close(5 [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6329] <... close resumed>) = 0 [ 78.312258][ T6366] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 78.347370][ T6366] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 78.357248][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6329] close(4 [ 78.390249][ T6366] BTRFS info (device loop1): using free-space-tree [pid 6334] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6366] <... mount resumed>) = 0 [pid 6366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6366] chdir("./file0") = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6366] ioctl(4, LOOP_CLR_FD) = 0 [pid 6366] close(4) = 0 [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6366] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] <... futex resumed>) = 0 [pid 6366] memfd_create("syzkaller", 0 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6366] <... memfd_create resumed>) = 4 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6329] <... close resumed>) = 0 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] rename("./file1", "./file0/file0" [pid 6369] <... write resumed>) = 16777216 [pid 6329] <... rename resumed>) = 0 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] munmap(0x7fb775000000, 138412032 [pid 6334] <... write resumed>) = 16777216 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] mkdir(".", 0777 [pid 6334] munmap(0x7fb775000000, 138412032 [pid 6329] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6329] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6369] <... munmap resumed>) = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6369] close(3) = 0 [pid 6334] <... munmap resumed>) = 0 [pid 6369] close(4 [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6369] <... close resumed>) = 0 [pid 6369] mkdir("./file0", 0777 [pid 6334] <... openat resumed>) = 5 [pid 6369] <... mkdir resumed>) = 0 [pid 6369] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6334] ioctl(5, LOOP_SET_FD, 4 [pid 5831] <... umount2 resumed>) = 0 [ 78.787700][ T6369] loop0: detected capacity change from 0 to 32768 [ 78.822563][ T6329] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6334] ioctl(5, LOOP_CLR_FD [pid 5831] newfstatat(AT_FDCWD, "./5/file0", [pid 6334] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6334] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6334] close(5 [pid 5831] newfstatat(4, "", [pid 6334] <... close resumed>) = 0 [pid 6334] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [ 78.846847][ T6369] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6369) [ 78.851592][ T6329] BTRFS info (device loop4 state M): setting nodatasum [ 78.885135][ T6369] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] rmdir("./5/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./5") = 0 [pid 5831] mkdir("./6", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [ 78.909049][ T6329] BTRFS info (device loop4 state M): setting nodatasum [ 78.924777][ T6369] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 78.946316][ T6329] BTRFS info (device loop4 state M): turning off barriers [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6409 attached [pid 6409] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6409] chdir("./6") = 0 [pid 6409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6409] setpgid(0, 0) = 0 [pid 6409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6409] write(3, "1000", 4) = 4 [pid 6409] close(3) = 0 [pid 6409] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6409] write(1, "executing program\n", 18) = 18 [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6409 [pid 6409] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6409] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6419]}, 88) = 6419 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.962811][ T6369] BTRFS info (device loop0): using free-space-tree [ 78.976555][ T6329] BTRFS info (device loop4 state M): turning on flush-on-commit [ 78.987435][ T6329] BTRFS info (device loop4 state M): force clearing of disk cache [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6419 attached [pid 6366] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6419] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6329] <... mount resumed>) = 0 [pid 6419] <... rseq resumed>) = 0 [pid 6419] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6329] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6419] memfd_create("syzkaller", 0 [pid 6329] <... openat resumed>) = 4 [pid 6329] chdir("." [pid 6419] <... memfd_create resumed>) = 3 [pid 6329] <... chdir resumed>) = 0 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... mmap resumed>) = 0x7fb775000000 [pid 6369] <... mount resumed>) = 0 [pid 6329] <... futex resumed>) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6328] exit_group(0 [pid 6369] <... openat resumed>) = 3 [pid 6329] <... futex resumed>) = ? [pid 6328] <... exit_group resumed>) = ? [pid 6329] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6328, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=64 /* 0.64 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 6369] chdir("./file0") = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... restart_syscall resumed>) = 0 [pid 6369] <... openat resumed>) = 4 [pid 5833] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6369] ioctl(4, LOOP_CLR_FD [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6369] close(4 [pid 5833] <... openat resumed>) = 3 [pid 6369] <... close resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6369] <... futex resumed>) = 1 [pid 6368] <... futex resumed>) = 0 [pid 5833] getdents64(3, [ 79.030929][ T6329] BTRFS info (device loop4 state M): doing ref verification [ 79.042427][ T6329] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] memfd_create("syzkaller", 0 [pid 6368] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./5/binderfs", [pid 6369] <... memfd_create resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./5/binderfs" [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5833] <... unlink resumed>) = 0 [pid 5833] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] <... close resumed>) = 0 [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6334] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 6334] rename("./file1", "./file0/file0") = 0 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] mkdir(".", 0777 [pid 6331] <... futex resumed>) = 0 [pid 6334] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 79.193639][ T5833] BTRFS info (device loop4): last unmount of filesystem de63c674-ca28-4248-aa55-11c2c73a0d8c [pid 6334] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6366] <... write resumed>) = 16777216 [ 79.279470][ T6334] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 79.308340][ T6334] BTRFS info (device loop3 state M): setting nodatasum [pid 6366] munmap(0x7fb775000000, 138412032) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6366] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6366] ioctl(5, LOOP_CLR_FD) = 0 [ 79.344379][ T6334] BTRFS info (device loop3 state M): setting nodatasum [ 79.351293][ T6334] BTRFS info (device loop3 state M): turning off barriers [ 79.370216][ T6334] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 6366] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6366] close(5) = 0 [pid 6366] close(4 [pid 6419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6369] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6334] <... mount resumed>) = 0 [pid 6334] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6334] chdir(".") = 0 [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 79.423559][ T6334] BTRFS info (device loop3 state M): force clearing of disk cache [ 79.452815][ T6334] BTRFS info (device loop3 state M): doing ref verification [ 79.462921][ T6334] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6331] <... futex resumed>) = 0 [pid 6334] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] exit_group(0 [pid 6334] <... futex resumed>) = ? [pid 6331] <... exit_group resumed>) = ? [pid 6334] +++ exited with 0 +++ [pid 6331] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6331, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=57 /* 0.57 s */} --- [pid 5832] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./5/binderfs") = 0 [ 79.593125][ T5832] BTRFS info (device loop3): last unmount of filesystem 05f3542e-7de1-4cfa-b17e-33a59f446996 [pid 5832] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = 0 [pid 6366] <... close resumed>) = 0 [pid 5833] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6366] <... futex resumed>) = 1 [pid 6366] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./5/file0", [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6366] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 5833] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6366] rename("./file1", "./file0/file0" [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", [pid 6366] <... rename resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 6366] <... futex resumed>) = 1 [pid 6357] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6366] mkdir(".", 0777 [pid 5833] rmdir("./5/file0" [pid 6366] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] <... rmdir resumed>) = 0 [pid 6366] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./5") = 0 [pid 5833] mkdir("./6", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 79.750915][ T6366] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 79.786042][ T6366] BTRFS info (device loop1 state M): setting nodatasum [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6423 attached , child_tidptr=0x55558bffa690) = 6423 [pid 6423] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6423] chdir("./6") = 0 [pid 6423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6423] setpgid(0, 0) = 0 [ 79.816047][ T6366] BTRFS info (device loop1 state M): setting nodatasum [ 79.838526][ T6366] BTRFS info (device loop1 state M): turning off barriers [pid 6423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6423] write(3, "1000", 4) = 4 [pid 6423] close(3) = 0 [pid 6419] <... write resumed>) = 16777216 [pid 6423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6423] write(1, "executing program\n", 18executing program ) = 18 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6423] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6419] munmap(0x7fb775000000, 138412032 [pid 6423] <... mprotect resumed>) = 0 [pid 6423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 79.871048][ T6366] BTRFS info (device loop1 state M): turning on flush-on-commit [ 79.897647][ T6366] BTRFS info (device loop1 state M): force clearing of disk cache [pid 6419] <... munmap resumed>) = 0 [pid 6423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6424 attached [pid 6424] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6419] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6419] ioctl(4, LOOP_SET_FD, 3 [pid 6424] <... rseq resumed>) = 0 [pid 6423] <... clone3 resumed> => {parent_tid=[6424]}, 88) = 6424 [pid 6369] <... write resumed>) = 16777216 [pid 6366] <... mount resumed>) = 0 [pid 6424] set_robust_list(0x7fb77d6019a0, 24 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6419] <... ioctl resumed>) = 0 [pid 6424] <... set_robust_list resumed>) = 0 [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] munmap(0x7fb775000000, 138412032 [pid 6366] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = 0 [pid 6424] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] close(3 [pid 5832] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6424] memfd_create("syzkaller", 0 [pid 6423] <... futex resumed>) = 0 [pid 6419] <... close resumed>) = 0 [pid 6366] <... openat resumed>) = 4 [pid 5832] newfstatat(AT_FDCWD, "./5/file0", [pid 6424] <... memfd_create resumed>) = 3 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] close(4 [pid 6366] chdir("." [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6419] <... close resumed>) = 0 [pid 6369] <... munmap resumed>) = 0 [ 79.919899][ T6366] BTRFS info (device loop1 state M): doing ref verification [ 79.937863][ T6366] BTRFS info (device loop1 state M): max_inline set to 26856 [ 79.948529][ T6419] loop2: detected capacity change from 0 to 32768 [pid 6366] <... chdir resumed>) = 0 [pid 6424] <... mmap resumed>) = 0x7fb775000000 [pid 6419] mkdir("./file0", 0777 [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6419] <... mkdir resumed>) = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6366] <... futex resumed>) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6419] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6369] <... openat resumed>) = 5 [pid 6366] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] exit_group(0 [pid 6366] <... futex resumed>) = ? [pid 6357] <... exit_group resumed>) = ? [pid 6369] ioctl(5, LOOP_SET_FD, 4 [pid 6366] +++ exited with 0 +++ [pid 6357] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6369] ioctl(5, LOOP_CLR_FD [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6357, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=67 /* 0.67 s */} --- [pid 6369] <... ioctl resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6369] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6369] close(5) = 0 [pid 6369] close(4 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 5830] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(3, "", [pid 5832] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 5832] close(4) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] rmdir("./5/file0" [pid 5830] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5830] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] close(3 [ 79.988150][ T6419] BTRFS: device /dev/loop2 (7:2) using temp-fsid 653cc6b2-a333-4f26-b102-7874d1192181 [ 80.013310][ T6419] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6419) [pid 5830] unlink("./5/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] rmdir("./5" [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./6", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 80.048137][ T5830] BTRFS info (device loop1): last unmount of filesystem d8f31db2-638e-4c70-a207-95007c67bb21 [ 80.066197][ T6419] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6426 attached , child_tidptr=0x55558bffa690) = 6426 [pid 6426] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6426] chdir("./6") = 0 [pid 6426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6426] setpgid(0, 0) = 0 [pid 6426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6426] write(3, "1000", 4) = 4 [ 80.096688][ T6419] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 80.131623][ T6419] BTRFS info (device loop2): using free-space-tree [pid 6426] close(3) = 0 [pid 6426] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6426] write(1, "executing program\n", 18) = 18 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6426] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6439]}, 88) = 6439 [pid 6426] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6439 attached NULL, 8) = 0 [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] <... rseq resumed>) = 0 [pid 6439] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6439] memfd_create("syzkaller", 0) = 3 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6369] <... close resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] rename("./file1", "./file0/file0" [pid 6419] <... mount resumed>) = 0 [pid 6419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6419] chdir("./file0") = 0 [pid 6419] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6419] ioctl(4, LOOP_CLR_FD [pid 6369] <... rename resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... ioctl resumed>) = 0 [pid 6369] <... futex resumed>) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6419] close(4) = 0 [pid 6369] mkdir(".", 0777 [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6368] <... futex resumed>) = 0 [pid 6419] <... futex resumed>) = 1 [pid 6369] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 1 [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] memfd_create("syzkaller", 0) = 4 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 80.373765][ T6369] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 80.423278][ T6369] BTRFS info (device loop0 state M): setting nodatasum [ 80.430181][ T6369] BTRFS info (device loop0 state M): setting nodatasum [ 80.473675][ T6369] BTRFS info (device loop0 state M): turning off barriers [ 80.480842][ T6369] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./5/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./5") = 0 [pid 5830] mkdir("./6", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6444 attached [pid 6444] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6444 [pid 6444] chdir("./6") = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6444] setpgid(0, 0) = 0 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6444] write(3, "1000", 4) = 4 [pid 6444] close(3) = 0 executing program [pid 6444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6444] write(1, "executing program\n", 18) = 18 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6444] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6445]}, 88) = 6445 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6445 attached [ 80.514565][ T6369] BTRFS info (device loop0 state M): force clearing of disk cache [ 80.548293][ T6369] BTRFS info (device loop0 state M): doing ref verification [pid 6369] <... mount resumed>) = 0 [pid 6445] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6445] <... rseq resumed>) = 0 [pid 6369] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6445] set_robust_list(0x7fb77d6019a0, 24 [pid 6419] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6369] <... openat resumed>) = 4 [pid 6445] <... set_robust_list resumed>) = 0 [pid 6445] rt_sigprocmask(SIG_SETMASK, [], [pid 6369] chdir("." [pid 6445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] <... chdir resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6445] memfd_create("syzkaller", 0 [pid 6368] exit_group(0 [pid 6369] <... futex resumed>) = ? [pid 6368] <... exit_group resumed>) = ? [pid 6369] +++ exited with 0 +++ [pid 6368] +++ exited with 0 +++ [pid 6445] <... memfd_create resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6368, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=60 /* 0.60 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/binderfs", [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6445] <... mmap resumed>) = 0x7fb775000000 [pid 5829] unlink("./5/binderfs") = 0 [ 80.588846][ T6369] BTRFS info (device loop0 state M): max_inline set to 26856 [ 80.634514][ T5829] BTRFS info (device loop0): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6424] <... write resumed>) = 16777216 [pid 6424] munmap(0x7fb775000000, 138412032) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... umount2 resumed>) = 0 [pid 6424] <... openat resumed>) = 4 [pid 6419] <... write resumed>) = 16777216 [pid 6424] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6419] munmap(0x7fb775000000, 138412032 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/file0", [pid 6424] <... ioctl resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6424] close(3) = 0 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6424] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 6424] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6424] mkdir("./file0", 0777 [pid 5829] close(4) = 0 [pid 5829] rmdir("./5/file0" [pid 6424] <... mkdir resumed>) = 0 [pid 6419] <... munmap resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6424] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6419] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] getdents64(3, [pid 6419] <... openat resumed>) = 5 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6419] ioctl(5, LOOP_SET_FD, 4 [pid 5829] close(3 [pid 6419] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... close resumed>) = 0 [pid 6419] ioctl(5, LOOP_CLR_FD [pid 5829] rmdir("./5" [pid 6419] <... ioctl resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./6", 0777) = 0 [ 80.907567][ T6424] loop4: detected capacity change from 0 to 32768 [pid 6419] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6419] close(5 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6419] <... close resumed>) = 0 [pid 6419] close(4 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6446 attached , child_tidptr=0x55558bffa690) = 6446 [pid 6446] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6446] chdir("./6") = 0 [pid 6446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6446] setpgid(0, 0) = 0 executing program [pid 6446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6446] write(3, "1000", 4) = 4 [pid 6446] close(3) = 0 [pid 6446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6446] write(1, "executing program\n", 18) = 18 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6446] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6447 attached => {parent_tid=[6447]}, 88) = 6447 [pid 6446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6447] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6447] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6447] memfd_create("syzkaller", 0) = 3 [pid 6447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 80.954078][ T6424] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6424) [ 81.030951][ T6424] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 81.062971][ T6424] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6439] <... write resumed>) = 16777216 [pid 6439] munmap(0x7fb775000000, 138412032) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 81.111955][ T6424] BTRFS info (device loop4): using free-space-tree [pid 6439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6439] close(3) = 0 [pid 6439] close(4) = 0 [pid 6439] mkdir("./file0", 0777) = 0 [ 81.164164][ T6439] loop3: detected capacity change from 0 to 32768 [ 81.215553][ T6439] BTRFS: device /dev/loop3 (7:3) using temp-fsid fac6dbd3-43d0-414d-a936-641c86a7f406 [pid 6439] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6419] <... close resumed>) = 0 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6419] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 1 [pid 6419] rename("./file1", "./file0/file0" [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... write resumed>) = 16777216 [pid 6419] <... rename resumed>) = 0 [pid 6445] munmap(0x7fb775000000, 138412032 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] mkdir(".", 0777) = -1 EEXIST (File exists) [ 81.273683][ T6439] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6439) [pid 6419] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6445] <... munmap resumed>) = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 81.351398][ T6439] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 81.352700][ T6419] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 81.361994][ T6439] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 81.375489][ T6445] loop1: detected capacity change from 0 to 32768 [ 81.381467][ T6439] BTRFS info (device loop3): using free-space-tree [pid 6445] ioctl(4, LOOP_SET_FD, 3 [pid 6419] <... mount resumed>) = 0 [pid 6445] <... ioctl resumed>) = 0 [pid 6447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6445] close(3 [pid 6424] <... mount resumed>) = 0 [pid 6419] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6445] <... close resumed>) = 0 [pid 6424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6419] <... openat resumed>) = 4 [pid 6445] close(4 [pid 6424] <... openat resumed>) = 3 [pid 6419] chdir("." [pid 6424] chdir("./file0") = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6445] <... close resumed>) = 0 [pid 6419] <... chdir resumed>) = 0 [pid 6445] mkdir("./file0", 0777 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... openat resumed>) = 4 [pid 6445] <... mkdir resumed>) = 0 [pid 6424] ioctl(4, LOOP_CLR_FD [pid 6419] <... futex resumed>) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6424] <... ioctl resumed>) = 0 [pid 6409] exit_group(0 [pid 6424] close(4 [pid 6409] <... exit_group resumed>) = ? [pid 6424] <... close resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6445] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [ 81.395784][ T6419] BTRFS info (device loop2 state M): setting nodatasum [ 81.402944][ T6419] BTRFS info (device loop2 state M): setting nodatasum [ 81.409822][ T6419] BTRFS info (device loop2 state M): turning off barriers [ 81.417360][ T6419] BTRFS info (device loop2 state M): turning on flush-on-commit [ 81.425452][ T6419] BTRFS info (device loop2 state M): force clearing of disk cache [ 81.433951][ T6419] BTRFS info (device loop2 state M): doing ref verification [ 81.441937][ T6419] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [pid 6424] memfd_create("syzkaller", 0 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6424] <... memfd_create resumed>) = 4 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6419] +++ exited with 0 +++ [pid 6409] +++ exited with 0 +++ [pid 6424] <... mmap resumed>) = 0x7fb775000000 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6409, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=60 /* 0.60 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./6/binderfs") = 0 [ 81.486486][ T6445] BTRFS: device /dev/loop1 (7:1) using temp-fsid 5a10da71-4767-4993-8a7d-2fc289cae8a7 [ 81.515148][ T6445] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6445) [ 81.529714][ T5831] BTRFS info (device loop2): last unmount of filesystem 653cc6b2-a333-4f26-b102-7874d1192181 [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6439] <... mount resumed>) = 0 [pid 6439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 81.612699][ T6445] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6439] chdir("./file0") = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6439] ioctl(4, LOOP_CLR_FD) = 0 [pid 6439] close(4) = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] memfd_create("syzkaller", 0 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] <... memfd_create resumed>) = 4 [ 81.691759][ T6445] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 81.732322][ T6445] BTRFS info (device loop1): using free-space-tree [pid 6447] <... write resumed>) = 16777216 [pid 6447] munmap(0x7fb775000000, 138412032) = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6447] ioctl(4, LOOP_SET_FD, 3 [pid 6439] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6447] <... ioctl resumed>) = 0 [pid 6447] close(3) = 0 [pid 6447] close(4 [pid 6424] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6447] <... close resumed>) = 0 [pid 6447] mkdir("./file0", 0777) = 0 [ 81.887401][ T6447] loop0: detected capacity change from 0 to 32768 [pid 6447] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6445] <... mount resumed>) = 0 [pid 6445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] chdir("./file0") = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6445] ioctl(4, LOOP_CLR_FD) = 0 [pid 6445] close(4) = 0 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6444] <... futex resumed>) = 0 [ 81.947683][ T6447] BTRFS: device /dev/loop0 (7:0) using temp-fsid 8f998d4c-990f-4b3c-a995-273645222cad [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6445] memfd_create("syzkaller", 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6445] <... memfd_create resumed>) = 4 [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 82.004965][ T6447] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6447) [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./6/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./6") = 0 [pid 5831] mkdir("./7", 0777) = 0 [ 82.064610][ T6447] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 82.102404][ T6447] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6499 ./strace-static-x86_64: Process 6499 attached [pid 6499] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6499] chdir("./7") = 0 [pid 6499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6499] setpgid(0, 0) = 0 [pid 6499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6499] write(3, "1000", 4) = 4 [ 82.129343][ T6447] BTRFS info (device loop0): using free-space-tree [pid 6499] close(3) = 0 [pid 6499] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6499] write(1, "executing program\n", 18) = 18 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6499] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6506]}, 88) = 6506 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6506 attached [pid 6506] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6506] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6506] memfd_create("syzkaller", 0) = 3 [pid 6506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6439] <... write resumed>) = 16777216 [pid 6439] munmap(0x7fb775000000, 138412032) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6439] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6439] ioctl(5, LOOP_CLR_FD) = 0 [pid 6439] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6439] close(5 [pid 6445] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6439] <... close resumed>) = 0 [pid 6439] close(4 [pid 6424] <... write resumed>) = 16777216 [pid 6424] munmap(0x7fb775000000, 138412032 [pid 6447] <... mount resumed>) = 0 [pid 6447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6447] chdir("./file0") = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6447] ioctl(4, LOOP_CLR_FD) = 0 [pid 6447] close(4) = 0 [pid 6447] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6447] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6446] <... futex resumed>) = 0 [pid 6447] memfd_create("syzkaller", 0 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6447] <... memfd_create resumed>) = 4 [pid 6447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6424] <... munmap resumed>) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6424] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6424] ioctl(5, LOOP_CLR_FD) = 0 [pid 6424] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6424] close(5) = 0 [pid 6424] close(4 [pid 6439] <... close resumed>) = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6439] rename("./file1", "./file0/file0" [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... rename resumed>) = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] mkdir(".", 0777) = -1 EEXIST (File exists) [ 82.552066][ T6439] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6439] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 82.592337][ T6439] BTRFS info (device loop3 state M): setting nodatasum [ 82.622842][ T6439] BTRFS info (device loop3 state M): setting nodatasum [ 82.629743][ T6439] BTRFS info (device loop3 state M): turning off barriers [ 82.671611][ T6439] BTRFS info (device loop3 state M): turning on flush-on-commit [ 82.701170][ T6439] BTRFS info (device loop3 state M): force clearing of disk cache [pid 6506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6447] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6424] <... close resumed>) = 0 [pid 6439] <... mount resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [pid 6424] rename("./file1", "./file0/file0" [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6439] chdir(".") = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6424] <... rename resumed>) = 0 [pid 6439] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] exit_group(0 [pid 6439] <... futex resumed>) = ? [pid 6426] <... exit_group resumed>) = ? [pid 6439] +++ exited with 0 +++ [pid 6426] +++ exited with 0 +++ [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6426, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=59 /* 0.59 s */} --- [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6445] <... write resumed>) = 16777216 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [ 82.720960][ T6439] BTRFS info (device loop3 state M): doing ref verification [ 82.741988][ T6439] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 6424] mkdir(".", 0777 [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6424] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5832] newfstatat(AT_FDCWD, "./6/binderfs", [pid 6424] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./6/binderfs") = 0 [pid 5832] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6445] munmap(0x7fb775000000, 138412032) = 0 [ 82.822239][ T5832] BTRFS info (device loop3): last unmount of filesystem fac6dbd3-43d0-414d-a936-641c86a7f406 [ 82.852143][ T6424] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 6445] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6445] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] ioctl(5, LOOP_CLR_FD) = 0 [ 82.876723][ T6424] BTRFS info (device loop4 state M): setting nodatasum [ 82.891732][ T6424] BTRFS info (device loop4 state M): setting nodatasum [ 82.899165][ T6424] BTRFS info (device loop4 state M): turning off barriers [ 82.916281][ T6424] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 6445] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] close(5) = 0 [pid 6445] close(4 [pid 6424] <... mount resumed>) = 0 [pid 6424] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6424] chdir(".") = 0 [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] exit_group(0 [pid 6424] <... futex resumed>) = ? [pid 6423] <... exit_group resumed>) = ? [pid 6424] +++ exited with 0 +++ [pid 6423] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6423, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=66 /* 0.66 s */} --- [ 82.938389][ T6424] BTRFS info (device loop4 state M): force clearing of disk cache [ 82.951312][ T6424] BTRFS info (device loop4 state M): doing ref verification [ 82.960505][ T6424] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./6/binderfs") = 0 [ 83.088332][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6506] <... write resumed>) = 16777216 [pid 6447] <... write resumed>) = 16777216 [pid 6506] munmap(0x7fb775000000, 138412032 [pid 6447] munmap(0x7fb775000000, 138412032 [pid 6506] <... munmap resumed>) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6506] ioctl(4, LOOP_SET_FD, 3 [pid 6447] <... munmap resumed>) = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6445] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6506] <... ioctl resumed>) = 0 [pid 6447] <... openat resumed>) = 5 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] close(3) = 0 [pid 6506] close(4) = 0 [pid 6506] mkdir("./file0", 0777 [pid 6447] ioctl(5, LOOP_SET_FD, 4 [pid 6445] <... futex resumed>) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6506] <... mkdir resumed>) = 0 [pid 6506] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 83.232809][ T6506] loop2: detected capacity change from 0 to 32768 [pid 6445] rename("./file1", "./file0/file0" [pid 6447] ioctl(5, LOOP_CLR_FD [pid 5832] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6447] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6447] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6447] close(5 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6447] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6447] close(4 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 6445] <... rename resumed>) = 0 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 6445] <... futex resumed>) = 1 [pid 6445] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 6445] <... futex resumed>) = 0 [pid 6444] <... futex resumed>) = 1 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6445] mkdir(".", 0777 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] close(4 [pid 6445] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5832] <... close resumed>) = 0 [pid 6445] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 83.291069][ T6506] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6506) [pid 5832] rmdir("./6/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./6") = 0 [pid 5832] mkdir("./7", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6518 ./strace-static-x86_64: Process 6518 attached [pid 6518] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6518] chdir("./7") = 0 [pid 6518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6518] setpgid(0, 0) = 0 [pid 6518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6518] write(3, "1000", 4) = 4 [pid 6518] close(3) = 0 [pid 6518] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6518] write(1, "executing program\n", 18) = 18 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6518] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6518] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [ 83.365442][ T6506] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 83.380475][ T6445] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 83.400847][ T6506] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 6518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6519]}, 88) = 6519 [pid 6518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6519 attached ) = 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6519] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6519] memfd_create("syzkaller", 0) = 3 [pid 6519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 83.438682][ T6506] BTRFS info (device loop2): using free-space-tree [ 83.472367][ T6445] BTRFS info (device loop1 state M): setting nodatasum [ 83.480953][ T6445] BTRFS info (device loop1 state M): setting nodatasum [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 83.489429][ T6445] BTRFS info (device loop1 state M): turning off barriers [ 83.498629][ T6445] BTRFS info (device loop1 state M): turning on flush-on-commit [ 83.519468][ T6445] BTRFS info (device loop1 state M): force clearing of disk cache [pid 5833] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./6/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 6506] <... mount resumed>) = 0 [pid 5833] <... close resumed>) = 0 [ 83.537697][ T6445] BTRFS info (device loop1 state M): doing ref verification [pid 5833] rmdir("./6" [pid 6506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] <... mount resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 6445] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5833] mkdir("./7", 0777 [pid 6506] chdir("./file0" [pid 6445] <... openat resumed>) = 4 [pid 5833] <... mkdir resumed>) = 0 [pid 6506] <... chdir resumed>) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6506] ioctl(4, LOOP_CLR_FD) = 0 [pid 6506] close(4) = 0 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] memfd_create("syzkaller", 0 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6506] <... memfd_create resumed>) = 4 [pid 6506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6445] chdir("." [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6445] <... chdir resumed>) = 0 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6444] exit_group(0 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6537 [pid 6444] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6537 attached [pid 6447] <... close resumed>) = 0 [ 83.572086][ T6445] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6537] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6537] chdir("./7" [pid 6447] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... chdir resumed>) = 0 [pid 6446] <... futex resumed>) = 0 [pid 6445] +++ exited with 0 +++ [pid 6444] +++ exited with 0 +++ [pid 6537] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6447] <... futex resumed>) = 1 [pid 6446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6444, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=61 /* 0.61 s */} --- [pid 6537] <... prctl resumed>) = 0 [pid 6447] rename("./file1", "./file0/file0" [pid 6446] <... futex resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6537] setpgid(0, 0) = 0 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... restart_syscall resumed>) = 0 [pid 6537] <... openat resumed>) = 3 [pid 5830] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6537] write(3, "1000", 4 [pid 5830] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6537] <... write resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 6537] close(3 [pid 5830] newfstatat(3, "", [pid 6537] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6537] symlink("/dev/binderfs", "./binderfs" [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./6/binderfs") = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6537] <... symlink resumed>) = 0 [pid 6537] write(1, "executing program\n", 18) = 18 [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6537] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6447] <... rename resumed>) = 0 [pid 6446] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [pid 6447] <... futex resumed>) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6447] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6446] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6446] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 6538 attached [pid 6537] <... clone3 resumed> => {parent_tid=[6538]}, 88) = 6538 [pid 6446] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6538] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6446] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6538] <... rseq resumed>) = 0 [pid 6446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 6538] set_robust_list(0x7fb77d6019a0, 24./strace-static-x86_64: Process 6539 attached ) = 0 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6539] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 6538] rt_sigprocmask(SIG_SETMASK, [], [pid 6446] <... clone3 resumed> => {parent_tid=[6539]}, 88) = 6539 [pid 6539] <... rseq resumed>) = 0 [pid 6538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] rt_sigprocmask(SIG_SETMASK, [], [pid 6539] set_robust_list(0x7fb77d5e09a0, 24 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6539] <... set_robust_list resumed>) = 0 [pid 6446] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6539] rt_sigprocmask(SIG_SETMASK, [], [pid 6446] <... futex resumed>) = 0 [pid 6539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6539] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6539] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6538] memfd_create("syzkaller", 0) = 3 [ 83.697679][ T5830] BTRFS info (device loop1): last unmount of filesystem 5a10da71-4767-4993-8a7d-2fc289cae8a7 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 83.749324][ T6539] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 83.784006][ T6539] BTRFS info (device loop0 state M): setting nodatasum [ 83.805501][ T6539] BTRFS info (device loop0 state M): setting nodatasum [ 83.851674][ T6539] BTRFS info (device loop0 state M): turning off barriers [ 83.858837][ T6539] BTRFS info (device loop0 state M): turning on flush-on-commit [ 83.921926][ T6539] BTRFS info (device loop0 state M): force clearing of disk cache [ 83.958435][ T6539] BTRFS info (device loop0 state M): doing ref verification [pid 6519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6539] <... mount resumed>) = 0 [pid 6539] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6539] chdir(".") = 0 [pid 6539] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6539] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] exit_group(0 [pid 6539] <... futex resumed>) = ? [pid 6447] <... futex resumed>) = ? [pid 6446] <... exit_group resumed>) = ? [pid 6539] +++ exited with 0 +++ [pid 6447] +++ exited with 0 +++ [pid 6446] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6446, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 5829] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6506] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.985637][ T6539] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 5829] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./6/binderfs") = 0 [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 84.043246][ T5829] BTRFS info (device loop0): last unmount of filesystem 8f998d4c-990f-4b3c-a995-273645222cad [pid 6538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./6/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./6") = 0 [pid 5830] mkdir("./7", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6519] <... write resumed>) = 16777216 [pid 6519] munmap(0x7fb775000000, 138412032 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6540 attached , child_tidptr=0x55558bffa690) = 6540 [pid 6540] set_robust_list(0x55558bffa6a0, 24 [pid 6519] <... munmap resumed>) = 0 [pid 6540] <... set_robust_list resumed>) = 0 [pid 6540] chdir("./7") = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6519] <... openat resumed>) = 4 [pid 6540] setpgid(0, 0 [pid 6519] ioctl(4, LOOP_SET_FD, 3 [pid 6540] <... setpgid resumed>) = 0 [pid 6540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6519] <... ioctl resumed>) = 0 [pid 6540] write(3, "1000", 4 [pid 6519] close(3 [pid 6540] <... write resumed>) = 4 [pid 6519] <... close resumed>) = 0 [pid 6540] close(3 [pid 6519] close(4 [pid 6540] <... close resumed>) = 0 [pid 6519] <... close resumed>) = 0 [pid 6540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6519] mkdir("./file0", 0777 [pid 6540] write(1, "executing program\n", 18executing program [pid 6519] <... mkdir resumed>) = 0 [pid 6540] <... write resumed>) = 18 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6540] <... futex resumed>) = 0 [pid 6540] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6540] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 84.250175][ T6519] loop3: detected capacity change from 0 to 32768 [ 84.281738][ T6519] BTRFS: device /dev/loop3 (7:3) using temp-fsid f9b3b2d1-15d7-434b-aa0b-6866d873c4ba [pid 6540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6541 attached [pid 6541] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6540] <... clone3 resumed> => {parent_tid=[6541]}, 88) = 6541 [pid 6541] <... rseq resumed>) = 0 [pid 6540] rt_sigprocmask(SIG_SETMASK, [], [pid 6541] set_robust_list(0x7fb77d6019a0, 24 [pid 6540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6541] <... set_robust_list resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] memfd_create("syzkaller", 0) = 3 [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 84.303887][ T6519] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6519) [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./6/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./6") = 0 [pid 5829] mkdir("./7", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6543 ./strace-static-x86_64: Process 6543 attached [pid 6543] set_robust_list(0x55558bffa6a0, 24) = 0 [ 84.375335][ T6519] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 84.411865][ T6519] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6543] chdir("./7") = 0 [pid 6543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6543] setpgid(0, 0) = 0 [pid 6543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6543] write(3, "1000", 4) = 4 [pid 6543] close(3) = 0 [pid 6543] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6543] write(1, "executing program\n", 18) = 18 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6543] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6544 attached [pid 6544] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6543] <... clone3 resumed> => {parent_tid=[6544]}, 88) = 6544 [pid 6544] <... rseq resumed>) = 0 [pid 6543] rt_sigprocmask(SIG_SETMASK, [], [pid 6544] set_robust_list(0x7fb77d6019a0, 24 [pid 6543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6506] <... write resumed>) = 16777216 [pid 6544] <... set_robust_list resumed>) = 0 [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] rt_sigprocmask(SIG_SETMASK, [], [pid 6543] <... futex resumed>) = 0 [pid 6544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] memfd_create("syzkaller", 0 [pid 6506] munmap(0x7fb775000000, 138412032 [pid 6544] <... memfd_create resumed>) = 3 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 84.421086][ T6519] BTRFS info (device loop3): using free-space-tree [pid 6506] <... munmap resumed>) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6506] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6506] ioctl(5, LOOP_CLR_FD) = 0 [pid 6506] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6506] close(5) = 0 [pid 6506] close(4 [pid 6538] <... write resumed>) = 16777216 [pid 6538] munmap(0x7fb775000000, 138412032) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6538] close(3) = 0 [pid 6538] close(4) = 0 [pid 6538] mkdir("./file0", 0777) = 0 [ 84.583624][ T6538] loop4: detected capacity change from 0 to 32768 [ 84.632382][ T6538] BTRFS: device /dev/loop4 (7:4) using temp-fsid 1034d870-7657-47b0-80a7-f39252052cc5 [ 84.644064][ T6538] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6538) [pid 6538] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6519] <... mount resumed>) = 0 [pid 6519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6519] chdir("./file0") = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6519] ioctl(4, LOOP_CLR_FD) = 0 [ 84.676797][ T6538] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 84.691717][ T6538] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 84.700519][ T6538] BTRFS info (device loop4): using free-space-tree [pid 6519] close(4) = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6519] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6506] <... close resumed>) = 0 [pid 6519] <... futex resumed>) = 0 [pid 6519] memfd_create("syzkaller", 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] <... memfd_create resumed>) = 4 [pid 6519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6506] rename("./file1", "./file0/file0" [pid 6541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6506] <... rename resumed>) = 0 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] mkdir(".", 0777 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6506] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6506] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 84.848443][ T6506] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 84.862084][ T6506] BTRFS info (device loop2 state M): setting nodatasum [ 84.869351][ T6506] BTRFS info (device loop2 state M): setting nodatasum [ 84.877605][ T6506] BTRFS info (device loop2 state M): turning off barriers [ 84.885111][ T6506] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6538] <... mount resumed>) = 0 [pid 6538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6506] <... mount resumed>) = 0 [pid 6538] <... openat resumed>) = 3 [pid 6506] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6538] chdir("./file0" [pid 6506] <... openat resumed>) = 4 [pid 6538] <... chdir resumed>) = 0 [pid 6506] chdir("." [pid 6538] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6506] <... chdir resumed>) = 0 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... openat resumed>) = 4 [pid 6506] <... futex resumed>) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6538] ioctl(4, LOOP_CLR_FD) = 0 [pid 6538] close(4 [pid 6506] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6499] exit_group(0) = ? [pid 6506] <... futex resumed>) = ? [pid 6538] <... close resumed>) = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6506] +++ exited with 0 +++ [pid 6499] +++ exited with 0 +++ [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6499, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=56 /* 0.56 s */} --- [pid 6538] memfd_create("syzkaller", 0 [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6538] <... memfd_create resumed>) = 4 [pid 5831] <... restart_syscall resumed>) = 0 [ 84.893178][ T6506] BTRFS info (device loop2 state M): force clearing of disk cache [ 84.901008][ T6506] BTRFS info (device loop2 state M): doing ref verification [ 84.908864][ T6506] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./7/binderfs") = 0 [ 85.033396][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6519] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6538] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6541] <... write resumed>) = 16777216 [pid 6541] munmap(0x7fb775000000, 138412032) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6544] <... write resumed>) = 16777216 [pid 6541] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./7/file0", [pid 6544] munmap(0x7fb775000000, 138412032 [pid 6541] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6541] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 6541] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./7/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./7") = 0 [pid 5831] mkdir("./8", 0777 [pid 6544] <... munmap resumed>) = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6541] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 6544] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6544] ioctl(4, LOOP_SET_FD, 3 [pid 6541] <... close resumed>) = 0 [pid 6541] close(4 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6578 attached , child_tidptr=0x55558bffa690) = 6578 [pid 6578] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6578] chdir("./8" [pid 6541] <... close resumed>) = 0 [pid 6578] <... chdir resumed>) = 0 [pid 6578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] setpgid(0, 0) = 0 [pid 6578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6578] write(3, "1000", 4) = 4 [pid 6541] mkdir("./file0", 0777 [pid 6578] close(3) = 0 [pid 6578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6541] <... mkdir resumed>) = 0 [ 85.434832][ T6541] loop1: detected capacity change from 0 to 32768 [ 85.459781][ T6544] loop0: detected capacity change from 0 to 32768 [pid 6541] mount("/dev/loop1", "./file0", "btrfs", 0, ""executing program [pid 6578] write(1, "executing program\n", 18) = 18 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6578] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6579 attached => {parent_tid=[6579]}, 88) = 6579 [pid 6578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6579] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6579] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6579] memfd_create("syzkaller", 0) = 3 [pid 6579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6544] <... ioctl resumed>) = 0 [pid 6544] close(3) = 0 [pid 6544] close(4) = 0 [ 85.476423][ T6541] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6541) [pid 6544] mkdir("./file0", 0777) = 0 [ 85.523490][ T6544] BTRFS: device /dev/loop0 (7:0) using temp-fsid 75e8d51c-39f9-4f9b-bf54-f5dc5fab07cc [ 85.540839][ T6541] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 85.561670][ T6544] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6544) [ 85.582049][ T6541] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 85.590821][ T6541] BTRFS info (device loop1): using free-space-tree [pid 6544] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6519] <... write resumed>) = 16777216 [pid 6519] munmap(0x7fb775000000, 138412032) = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6519] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6519] ioctl(5, LOOP_CLR_FD) = 0 [pid 6538] <... write resumed>) = 16777216 [ 85.621627][ T6544] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 85.643674][ T6544] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 85.661880][ T6544] BTRFS info (device loop0): using free-space-tree [pid 6519] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6519] close(5 [pid 6538] munmap(0x7fb775000000, 138412032 [pid 6519] <... close resumed>) = 0 [pid 6538] <... munmap resumed>) = 0 [pid 6519] close(4 [pid 6538] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6538] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6538] ioctl(5, LOOP_CLR_FD) = 0 [pid 6538] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6538] close(5) = 0 [pid 6538] close(4 [pid 6541] <... mount resumed>) = 0 [pid 6541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6541] chdir("./file0") = 0 [pid 6541] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6541] ioctl(4, LOOP_CLR_FD) = 0 [pid 6541] close(4) = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6541] <... futex resumed>) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] memfd_create("syzkaller", 0) = 4 [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6544] <... mount resumed>) = 0 [pid 6544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6544] chdir("./file0") = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6544] ioctl(4, LOOP_CLR_FD) = 0 [pid 6544] close(4) = 0 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6544] memfd_create("syzkaller", 0 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] <... memfd_create resumed>) = 4 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6519] <... close resumed>) = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] rename("./file1", "./file0/file0" [pid 6538] <... close resumed>) = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6519] <... rename resumed>) = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] mkdir(".", 0777 [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] rename("./file1", "./file0/file0" [pid 6519] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... rename resumed>) = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6538] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 86.262826][ T6519] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 86.286919][ T6538] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 86.298399][ T6519] BTRFS info (device loop3 state M): setting nodatasum [ 86.298424][ T6519] BTRFS info (device loop3 state M): setting nodatasum [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6579] <... write resumed>) = 16777216 [pid 6544] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6541] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6519] <... mount resumed>) = 0 [pid 6579] munmap(0x7fb775000000, 138412032 [pid 6519] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6519] chdir(".") = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6518] exit_group(0) = ? [ 86.298440][ T6519] BTRFS info (device loop3 state M): turning off barriers [ 86.298456][ T6519] BTRFS info (device loop3 state M): turning on flush-on-commit [ 86.298472][ T6519] BTRFS info (device loop3 state M): force clearing of disk cache [ 86.298488][ T6519] BTRFS info (device loop3 state M): doing ref verification [ 86.298510][ T6519] BTRFS info (device loop3 state M): max_inline set to 26856 [ 86.351208][ T6538] BTRFS info (device loop4 state M): setting nodatasum [pid 6519] +++ exited with 0 +++ [pid 6518] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6518, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=48 /* 0.48 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6579] <... munmap resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./7/binderfs", [pid 6579] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6579] <... openat resumed>) = 4 [pid 5832] unlink("./7/binderfs" [pid 6579] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... unlink resumed>) = 0 [ 86.360106][ T6538] BTRFS info (device loop4 state M): setting nodatasum [ 86.367847][ T6538] BTRFS info (device loop4 state M): turning off barriers [ 86.376220][ T6538] BTRFS info (device loop4 state M): turning on flush-on-commit [ 86.387814][ T6579] loop2: detected capacity change from 0 to 32768 [ 86.388023][ T5832] BTRFS info (device loop3): last unmount of filesystem f9b3b2d1-15d7-434b-aa0b-6866d873c4ba [pid 5832] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] <... ioctl resumed>) = 0 [pid 6579] close(3) = 0 [pid 6579] close(4) = 0 [pid 6579] mkdir("./file0", 0777) = 0 [pid 6579] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6538] <... mount resumed>) = 0 [pid 6538] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6538] chdir(".") = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] exit_group(0) = ? [ 86.411732][ T6538] BTRFS info (device loop4 state M): force clearing of disk cache [ 86.420381][ T6538] BTRFS info (device loop4 state M): doing ref verification [ 86.431711][ T6579] BTRFS: device /dev/loop2 (7:2) using temp-fsid f252c591-7221-4e6d-bae9-d28e10e45246 [ 86.441731][ T6538] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6538] +++ exited with 0 +++ [pid 6537] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6537, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=68 /* 0.68 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./7/binderfs") = 0 [ 86.460186][ T6579] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6579) [ 86.511625][ T5833] BTRFS info (device loop4): last unmount of filesystem 1034d870-7657-47b0-80a7-f39252052cc5 [ 86.538685][ T6579] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 86.603719][ T6579] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 86.637741][ T6579] BTRFS info (device loop2): using free-space-tree [pid 5833] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6544] <... write resumed>) = 16777216 [pid 6544] munmap(0x7fb775000000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6544] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] getdents64(4, [pid 6544] <... openat resumed>) = 5 [pid 6544] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6544] ioctl(5, LOOP_CLR_FD) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./7/file0" [pid 6544] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6544] close(5) = 0 [pid 6544] close(4 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./7") = 0 [pid 5832] mkdir("./8", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6630 ./strace-static-x86_64: Process 6630 attached [pid 6579] <... mount resumed>) = 0 [pid 6579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6630] set_robust_list(0x55558bffa6a0, 24 [pid 6579] <... openat resumed>) = 3 [pid 6630] <... set_robust_list resumed>) = 0 [pid 6579] chdir("./file0" [pid 6630] chdir("./8" [pid 6579] <... chdir resumed>) = 0 [pid 6630] <... chdir resumed>) = 0 [pid 6579] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6630] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6579] <... openat resumed>) = 4 [pid 6630] <... prctl resumed>) = 0 [pid 6579] ioctl(4, LOOP_CLR_FD [pid 6630] setpgid(0, 0 [pid 6579] <... ioctl resumed>) = 0 [pid 6630] <... setpgid resumed>) = 0 [pid 6579] close(4) = 0 [pid 6630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... openat resumed>) = 3 [pid 6579] memfd_create("syzkaller", 0 [pid 6578] <... futex resumed>) = 0 [pid 6630] write(3, "1000", 4 [pid 6579] <... memfd_create resumed>) = 4 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6630] <... write resumed>) = 4 [pid 6541] <... write resumed>) = 16777216 executing program [pid 6541] munmap(0x7fb775000000, 138412032 [pid 6630] close(3) = 0 [pid 6630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6630] write(1, "executing program\n", 18) = 18 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6630] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6630] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6632]}, 88) = 6632 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], [pid 6541] <... munmap resumed>) = 0 [pid 6630] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6632 attached [pid 6630] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6541] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6541] ioctl(5, LOOP_CLR_FD) = 0 [pid 6632] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6541] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6541] close(5) = 0 [pid 6541] close(4 [pid 6632] <... rseq resumed>) = 0 [pid 6632] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 6632] memfd_create("syzkaller", 0 [pid 5833] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6632] <... memfd_create resumed>) = 3 [pid 5833] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6632] <... mmap resumed>) = 0x7fb775000000 [pid 5833] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./7/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./7") = 0 [pid 5833] mkdir("./8", 0777) = 0 [pid 6544] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6544] <... futex resumed>) = 1 [pid 6543] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6634 attached [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] rename("./file1", "./file0/file0" [pid 6634] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6634 [pid 6544] <... rename resumed>) = 0 [pid 6634] <... set_robust_list resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] chdir("./8" [pid 6544] <... futex resumed>) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6634] <... chdir resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6544] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6634] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6541] <... close resumed>) = 0 [pid 6634] <... prctl resumed>) = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] rename("./file1", "./file0/file0" [pid 6634] setpgid(0, 0 [pid 6579] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6634] <... setpgid resumed>) = 0 [pid 6541] <... rename resumed>) = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] <... futex resumed>) = 1 [pid 6541] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6541] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6634] write(3, "1000", 4) = 4 [pid 6634] close(3) = 0 [ 87.210475][ T6544] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 87.239594][ T6544] BTRFS info (device loop0 state M): setting nodatasum [pid 6634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6634] write(1, "executing program\n", 18executing program ) = 18 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6634] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6635]}, 88) = 6635 [pid 6634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6635 attached [pid 6635] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6635] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6635] memfd_create("syzkaller", 0) = 3 [pid 6635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 87.259195][ T6544] BTRFS info (device loop0 state M): setting nodatasum [ 87.268934][ T6541] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 87.277587][ T6544] BTRFS info (device loop0 state M): turning off barriers [ 87.311764][ T6541] BTRFS info (device loop1 state M): setting nodatasum [ 87.318941][ T6541] BTRFS info (device loop1 state M): setting nodatasum [ 87.331601][ T6544] BTRFS info (device loop0 state M): turning on flush-on-commit [ 87.351602][ T6541] BTRFS info (device loop1 state M): turning off barriers [ 87.365303][ T6544] BTRFS info (device loop0 state M): force clearing of disk cache [ 87.369858][ T6541] BTRFS info (device loop1 state M): turning on flush-on-commit [ 87.384798][ T6544] BTRFS info (device loop0 state M): doing ref verification [ 87.401894][ T6544] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6544] <... mount resumed>) = 0 [pid 6544] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6544] chdir(".") = 0 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] exit_group(0) = ? [pid 6544] <... futex resumed>) = ? [pid 6544] +++ exited with 0 +++ [pid 6543] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6543, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=71 /* 0.71 s */} --- [pid 5829] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./7/binderfs") = 0 [ 87.403584][ T6541] BTRFS info (device loop1 state M): force clearing of disk cache [ 87.449385][ T5829] BTRFS info (device loop0): last unmount of filesystem 75e8d51c-39f9-4f9b-bf54-f5dc5fab07cc [ 87.451707][ T6541] BTRFS info (device loop1 state M): doing ref verification [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6541] <... mount resumed>) = 0 [pid 6541] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6541] chdir(".") = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6540] exit_group(0) = ? [pid 6541] +++ exited with 0 +++ [pid 6540] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6540, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=59 /* 0.59 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 87.531930][ T6541] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./7/binderfs") = 0 [ 87.596537][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] <... write resumed>) = 16777216 [pid 6579] munmap(0x7fb775000000, 138412032 [pid 6632] <... write resumed>) = 16777216 [pid 6632] munmap(0x7fb775000000, 138412032) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6579] <... munmap resumed>) = 0 [pid 6579] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6579] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6579] ioctl(5, LOOP_CLR_FD) = 0 [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./7/file0", [pid 6579] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6579] close(5) = 0 [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6632] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6632] <... openat resumed>) = 4 [pid 6632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6632] close(3 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6632] <... close resumed>) = 0 [pid 5829] getdents64(4, [pid 6632] close(4 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6632] <... close resumed>) = 0 [pid 5829] close(4 [pid 6632] mkdir("./file0", 0777) = 0 [pid 6632] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./7/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./7") = 0 [pid 5829] mkdir("./8", 0777) = 0 [ 87.773243][ T6632] loop3: detected capacity change from 0 to 32768 [ 87.806330][ T6632] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6632) [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6637 attached , child_tidptr=0x55558bffa690) = 6637 [pid 6637] set_robust_list(0x55558bffa6a0, 24) = 0 [ 87.858478][ T6632] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 87.892560][ T6632] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6637] chdir("./8") = 0 [pid 6637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6637] setpgid(0, 0) = 0 [pid 6637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 87.915524][ T6632] BTRFS info (device loop3): using free-space-tree [pid 6637] write(3, "1000", 4 [pid 5830] <... umount2 resumed>) = 0 [pid 6637] <... write resumed>) = 4 [pid 6637] close(3) = 0 [pid 6637] symlink("/dev/binderfs", "./binderfs" [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6637] <... symlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6637] write(1, "executing program\n", 18) = 18 [pid 5830] newfstatat(AT_FDCWD, "./7/file0", [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6637] <... futex resumed>) = 0 [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6637] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6637] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] <... openat resumed>) = 4 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6637] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] newfstatat(4, "", [pid 6637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] getdents64(4, ./strace-static-x86_64: Process 6646 attached 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6637] <... clone3 resumed> => {parent_tid=[6646]}, 88) = 6646 [pid 6637] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] rmdir("./7/file0" [pid 6646] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rmdir resumed>) = 0 [pid 6646] <... rseq resumed>) = 0 [pid 6637] <... futex resumed>) = 0 [pid 6646] set_robust_list(0x7fb77d6019a0, 24 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 6646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] rmdir("./7" [pid 6646] memfd_create("syzkaller", 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6646] <... memfd_create resumed>) = 3 [pid 5830] mkdir("./8", 0777 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6579] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6652 attached [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6652 [pid 6652] set_robust_list(0x55558bffa6a0, 24 [pid 6579] <... futex resumed>) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6652] <... set_robust_list resumed>) = 0 [pid 6652] chdir("./8") = 0 [pid 6652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] setpgid(0, 0) = 0 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6579] rename("./file1", "./file0/file0" [pid 6652] <... openat resumed>) = 3 [pid 6652] write(3, "1000", 4) = 4 [pid 6652] close(3) = 0 [pid 6652] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6652] write(1, "executing program\n", 18) = 18 [pid 6579] <... rename resumed>) = 0 [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 0 [pid 6632] <... mount resumed>) = 0 [pid 6652] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6632] <... openat resumed>) = 3 [pid 6652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6632] chdir("./file0" [pid 6652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6632] <... chdir resumed>) = 0 [pid 6632] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6652] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6652] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6632] <... openat resumed>) = 4 [pid 6652] <... mprotect resumed>) = 0 [pid 6635] <... write resumed>) = 16777216 [pid 6632] ioctl(4, LOOP_CLR_FD [pid 6579] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6652] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6579] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6652] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6656 attached [pid 6656] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6632] <... ioctl resumed>) = 0 [pid 6632] close(4 [pid 6656] <... rseq resumed>) = 0 [pid 6652] <... clone3 resumed> => {parent_tid=[6656]}, 88) = 6656 [pid 6635] munmap(0x7fb775000000, 138412032 [pid 6656] set_robust_list(0x7fb77d6019a0, 24 [pid 6652] rt_sigprocmask(SIG_SETMASK, [], [pid 6656] <... set_robust_list resumed>) = 0 [pid 6652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6656] rt_sigprocmask(SIG_SETMASK, [], [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6652] <... futex resumed>) = 0 [pid 6656] memfd_create("syzkaller", 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6632] <... close resumed>) = 0 [pid 6635] <... munmap resumed>) = 0 [pid 6656] <... memfd_create resumed>) = 3 [pid 6635] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6635] <... openat resumed>) = 4 [pid 6632] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6635] ioctl(4, LOOP_SET_FD, 3 [pid 6632] memfd_create("syzkaller", 0 [pid 6630] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... memfd_create resumed>) = 4 [pid 6632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6656] <... mmap resumed>) = 0x7fb775000000 [ 88.175285][ T6579] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 88.188780][ T6579] BTRFS info (device loop2 state M): setting nodatasum [ 88.196852][ T6635] loop4: detected capacity change from 0 to 32768 [ 88.212915][ T6579] BTRFS info (device loop2 state M): setting nodatasum [pid 6635] <... ioctl resumed>) = 0 [pid 6635] close(3) = 0 [pid 6635] close(4) = 0 [pid 6635] mkdir("./file0", 0777) = 0 [ 88.219895][ T6579] BTRFS info (device loop2 state M): turning off barriers [ 88.241901][ T6579] BTRFS info (device loop2 state M): turning on flush-on-commit [ 88.275158][ T6635] BTRFS: device /dev/loop4 (7:4) using temp-fsid d283dade-a00b-4d9c-9a9e-6d65c4c693bd [ 88.275478][ T6579] BTRFS info (device loop2 state M): force clearing of disk cache [ 88.304413][ T6635] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6635) [ 88.336479][ T6579] BTRFS info (device loop2 state M): doing ref verification [ 88.359154][ T6635] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 88.369427][ T6579] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6635] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6579] <... mount resumed>) = 0 [pid 6579] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6579] chdir(".") = 0 [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6579] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] exit_group(0 [pid 6579] <... futex resumed>) = ? [pid 6578] <... exit_group resumed>) = ? [pid 6579] +++ exited with 0 +++ [pid 6578] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6578, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=69 /* 0.69 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 88.391794][ T6635] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 88.422539][ T6635] BTRFS info (device loop4): using free-space-tree [pid 5831] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./8/binderfs") = 0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 88.497902][ T5831] BTRFS info (device loop2): last unmount of filesystem f252c591-7221-4e6d-bae9-d28e10e45246 [pid 6632] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6635] <... mount resumed>) = 0 [pid 6635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6635] chdir("./file0") = 0 [pid 6635] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6635] ioctl(4, LOOP_CLR_FD) = 0 [pid 6635] close(4) = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6646] <... write resumed>) = 16777216 [pid 6635] memfd_create("syzkaller", 0 [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... memfd_create resumed>) = 4 [pid 6634] <... futex resumed>) = 0 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] munmap(0x7fb775000000, 138412032 [pid 6635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6646] <... munmap resumed>) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6646] close(3) = 0 [ 88.697317][ T6646] loop0: detected capacity change from 0 to 32768 [pid 6646] close(4) = 0 [pid 6646] mkdir("./file0", 0777) = 0 [pid 6646] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [ 88.790382][ T6646] BTRFS: device /dev/loop0 (7:0) using temp-fsid bd58b99e-68a2-4a27-a65f-0abfe21a7da0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [ 88.829436][ T6646] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6646) [pid 5831] rmdir("./8/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./8") = 0 [ 88.874326][ T6646] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 88.891702][ T6646] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6632] <... write resumed>) = 16777216 [pid 5831] mkdir("./9", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 6632] munmap(0x7fb775000000, 138412032 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6635] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6674 ./strace-static-x86_64: Process 6674 attached [pid 6656] <... write resumed>) = 16777216 [pid 6674] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6674] chdir("./9") = 0 [pid 6674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6674] setpgid(0, 0) = 0 [pid 6674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6674] write(3, "1000", 4) = 4 [pid 6674] close(3) = 0 [pid 6674] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6674] write(1, "executing program\n", 18) = 18 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.921186][ T6646] BTRFS info (device loop0): using free-space-tree [pid 6674] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6632] <... munmap resumed>) = 0 [pid 6674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6656] munmap(0x7fb775000000, 138412032 [pid 6632] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6632] <... openat resumed>) = 5 [pid 6674] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6632] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6674] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6632] ioctl(5, LOOP_CLR_FD [pid 6674] <... mprotect resumed>) = 0 [pid 6632] <... ioctl resumed>) = 0 [pid 6674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6632] ioctl(5, LOOP_SET_FD, 4 [pid 6674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6632] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6685 attached [pid 6632] close(5 [pid 6674] <... clone3 resumed> => {parent_tid=[6685]}, 88) = 6685 [pid 6632] <... close resumed>) = 0 [pid 6674] rt_sigprocmask(SIG_SETMASK, [], [pid 6632] close(4 [pid 6685] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6656] <... munmap resumed>) = 0 [pid 6685] <... rseq resumed>) = 0 [pid 6685] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6685] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = 0 [pid 6674] <... futex resumed>) = 1 [pid 6685] memfd_create("syzkaller", 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] <... memfd_create resumed>) = 3 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6656] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6656] close(3 [pid 6646] <... mount resumed>) = 0 [pid 6656] <... close resumed>) = 0 [pid 6656] close(4 [pid 6646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6656] <... close resumed>) = 0 [pid 6646] <... openat resumed>) = 3 [pid 6646] chdir("./file0" [pid 6656] mkdir("./file0", 0777 [pid 6646] <... chdir resumed>) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6656] <... mkdir resumed>) = 0 [pid 6646] <... openat resumed>) = 4 [pid 6656] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6646] ioctl(4, LOOP_CLR_FD) = 0 [pid 6646] close(4) = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6637] <... futex resumed>) = 0 [ 89.044420][ T6656] loop1: detected capacity change from 0 to 32768 [ 89.084306][ T6656] BTRFS: device /dev/loop1 (7:1) using temp-fsid 9ce82430-3ce2-48f2-bce3-1609cf35cdba [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... futex resumed>) = 0 [pid 6637] <... futex resumed>) = 1 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] memfd_create("syzkaller", 0 [pid 6632] <... close resumed>) = 0 [pid 6646] <... memfd_create resumed>) = 4 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6632] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... mmap resumed>) = 0x7fb775000000 [pid 6632] <... futex resumed>) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6632] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 89.134136][ T6656] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6656) [pid 6632] rename("./file1", "./file0/file0" [pid 6630] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6632] <... rename resumed>) = 0 [pid 6630] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6632] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6630] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 6632] <... futex resumed>) = 0 [pid 6630] <... clone3 resumed> => {parent_tid=[6693]}, 88) = 6693 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6630] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6693 attached [pid 6630] <... futex resumed>) = 0 [ 89.174427][ T6656] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6630] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6693] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6693] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 6693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6693] mkdir(".", 0777) = -1 EEXIST (File exists) [ 89.252470][ T6656] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 89.261422][ T6656] BTRFS info (device loop1): using free-space-tree [ 89.291347][ T6693] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6693] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 89.352280][ T6693] BTRFS info (device loop3 state M): setting nodatasum [ 89.359200][ T6693] BTRFS info (device loop3 state M): setting nodatasum [pid 6646] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6635] <... write resumed>) = 16777216 [ 89.421229][ T6693] BTRFS info (device loop3 state M): turning off barriers [ 89.439539][ T6693] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 6635] munmap(0x7fb775000000, 138412032) = 0 [pid 6635] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6635] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6635] ioctl(5, LOOP_CLR_FD) = 0 [pid 6656] <... mount resumed>) = 0 [pid 6656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6635] ioctl(5, LOOP_SET_FD, 4 [pid 6656] chdir("./file0") = 0 [pid 6635] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6635] close(5 [pid 6656] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6635] <... close resumed>) = 0 [pid 6656] <... openat resumed>) = 4 [pid 6635] close(4 [pid 6656] ioctl(4, LOOP_CLR_FD) = 0 [pid 6656] close(4) = 0 [ 89.493202][ T6693] BTRFS info (device loop3 state M): force clearing of disk cache [ 89.534037][ T6693] BTRFS info (device loop3 state M): doing ref verification [ 89.541380][ T6693] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6656] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6652] <... futex resumed>) = 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6656] memfd_create("syzkaller", 0) = 4 [pid 6656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6693] <... mount resumed>) = 0 [pid 6693] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6693] chdir(".") = 0 [pid 6693] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6630] exit_group(0) = ? [pid 6632] <... futex resumed>) = ? [pid 6632] +++ exited with 0 +++ [pid 6693] +++ exited with 0 +++ [pid 6630] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6630, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=66 /* 0.66 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./8/binderfs") = 0 [pid 5832] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6646] <... write resumed>) = 16777216 [pid 6646] munmap(0x7fb775000000, 138412032) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6646] ioctl(5, LOOP_CLR_FD) = 0 [pid 6646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6646] close(5) = 0 [ 89.734004][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6646] close(4 [pid 6635] <... close resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6634] <... futex resumed>) = 0 [pid 6635] rename("./file1", "./file0/file0" [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... rename resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6635] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] <... futex resumed>) = 0 [pid 6635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] mkdir(".", 0777 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6635] <... mkdir resumed>) = -1 EEXIST (File exists) [ 89.942076][ T6635] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 6635] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6656] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] <... write resumed>) = 16777216 [ 90.021649][ T6635] BTRFS info (device loop4 state M): setting nodatasum [ 90.028562][ T6635] BTRFS info (device loop4 state M): setting nodatasum [pid 6685] munmap(0x7fb775000000, 138412032) = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6685] ioctl(4, LOOP_SET_FD, 3 [pid 6646] <... close resumed>) = 0 [ 90.081657][ T6635] BTRFS info (device loop4 state M): turning off barriers [ 90.088817][ T6635] BTRFS info (device loop4 state M): turning on flush-on-commit [ 90.105531][ T6635] BTRFS info (device loop4 state M): force clearing of disk cache [ 90.114208][ T6635] BTRFS info (device loop4 state M): doing ref verification [pid 6685] <... ioctl resumed>) = 0 [pid 6685] close(3) = 0 [pid 6685] close(4) = 0 [pid 6685] mkdir("./file0", 0777) = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6646] <... futex resumed>) = 1 [pid 6637] <... futex resumed>) = 0 [pid 6646] rename("./file1", "./file0/file0" [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.131936][ T6685] loop2: detected capacity change from 0 to 32768 [ 90.166341][ T6635] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... mount resumed>) = 0 [pid 6635] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6635] chdir(".") = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] exit_group(0 [pid 6635] <... futex resumed>) = ? [pid 6634] <... exit_group resumed>) = ? [pid 6635] +++ exited with 0 +++ [pid 6634] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6634, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=61 /* 0.61 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 6646] <... rename resumed>) = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6646] <... futex resumed>) = 1 [pid 6637] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [ 90.175081][ T6685] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6685) [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=46000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6646] mkdir(".", 0777 [pid 5833] getdents64(3, [pid 6646] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6646] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./8/binderfs") = 0 [pid 5833] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.262723][ T6646] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 90.277229][ T6685] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 90.295066][ T5833] BTRFS info (device loop4): last unmount of filesystem d283dade-a00b-4d9c-9a9e-6d65c4c693bd [pid 5832] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./8/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./8") = 0 [pid 5832] mkdir("./9", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6712 ./strace-static-x86_64: Process 6712 attached [pid 6712] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6712] chdir("./9") = 0 [pid 6712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6712] setpgid(0, 0) = 0 [pid 6712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6712] write(3, "1000", 4) = 4 [pid 6712] close(3) = 0 [pid 6712] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6712] write(1, "executing program\n", 18) = 18 [ 90.306777][ T6646] BTRFS info (device loop0 state M): setting nodatasum [ 90.321985][ T6685] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 90.330674][ T6685] BTRFS info (device loop2): using free-space-tree [ 90.338136][ T6646] BTRFS info (device loop0 state M): setting nodatasum [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6712] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6714 attached => {parent_tid=[6714]}, 88) = 6714 [pid 6712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6714] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6714] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6714] memfd_create("syzkaller", 0) = 3 [pid 6714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 90.366275][ T6646] BTRFS info (device loop0 state M): turning off barriers [ 90.396655][ T6646] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6646] <... mount resumed>) = 0 [pid 6646] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6646] chdir(".") = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6637] <... futex resumed>) = 0 [pid 6637] exit_group(0 [pid 6646] <... futex resumed>) = ? [pid 6637] <... exit_group resumed>) = ? [ 90.432632][ T6646] BTRFS info (device loop0 state M): force clearing of disk cache [ 90.463778][ T6646] BTRFS info (device loop0 state M): doing ref verification [ 90.471119][ T6646] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6646] +++ exited with 0 +++ [pid 6637] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6637, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=62 /* 0.62 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./8/binderfs", [pid 6685] <... mount resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./8/binderfs" [pid 6685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] <... unlink resumed>) = 0 [pid 6685] chdir("./file0") = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6685] <... openat resumed>) = 4 [pid 6685] ioctl(4, LOOP_CLR_FD) = 0 [pid 6685] close(4) = 0 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] memfd_create("syzkaller", 0 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] <... memfd_create resumed>) = 4 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] <... mmap resumed>) = 0x7fb775000000 [ 90.565611][ T5829] BTRFS info (device loop0): last unmount of filesystem bd58b99e-68a2-4a27-a65f-0abfe21a7da0 [pid 6656] <... write resumed>) = 16777216 [pid 6656] munmap(0x7fb775000000, 138412032) = 0 [pid 6656] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6656] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6656] ioctl(5, LOOP_CLR_FD) = 0 [pid 6656] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6656] close(5) = 0 [pid 6656] close(4 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./8/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./8") = 0 [pid 5833] mkdir("./9", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6732 attached , child_tidptr=0x55558bffa690) = 6732 [pid 6732] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6732] chdir("./9") = 0 [pid 6732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6732] setpgid(0, 0) = 0 [pid 6732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6732] write(3, "1000", 4) = 4 [pid 6732] close(3) = 0 [pid 6732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6732] write(1, "executing program\n", 18) = 18 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6732] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6733 attached => {parent_tid=[6733]}, 88) = 6733 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6656] <... close resumed>) = 0 [pid 6733] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6733] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6656] <... futex resumed>) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6733] memfd_create("syzkaller", 0 [pid 6656] rename("./file1", "./file0/file0" [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... memfd_create resumed>) = 3 [pid 6652] <... futex resumed>) = 0 [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6656] <... rename resumed>) = 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... mmap resumed>) = 0x7fb775000000 [pid 5829] <... umount2 resumed>) = 0 [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6656] mkdir(".", 0777 [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6652] <... futex resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6656] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] newfstatat(AT_FDCWD, "./8/file0", [pid 6685] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./8/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./8") = 0 [pid 5829] mkdir("./9", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6734 attached , child_tidptr=0x55558bffa690) = 6734 [pid 6734] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6734] chdir("./9") = 0 [pid 6734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6734] setpgid(0, 0) = 0 [pid 6734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6734] write(3, "1000", 4) = 4 [pid 6734] close(3) = 0 [pid 6734] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6734] write(1, "executing program\n", 18) = 18 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 91.082374][ T6656] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [pid 6734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6734] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6735 attached => {parent_tid=[6735]}, 88) = 6735 [pid 6734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6735] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6735] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6735] memfd_create("syzkaller", 0) = 3 [pid 6735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 91.123788][ T6656] BTRFS info (device loop1 state M): setting nodatasum [ 91.130743][ T6656] BTRFS info (device loop1 state M): setting nodatasum [pid 6714] <... write resumed>) = 16777216 [pid 6714] munmap(0x7fb775000000, 138412032) = 0 [pid 6714] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 91.181588][ T6656] BTRFS info (device loop1 state M): turning off barriers [ 91.188754][ T6656] BTRFS info (device loop1 state M): turning on flush-on-commit [ 91.202471][ T6714] loop3: detected capacity change from 0 to 32768 [pid 6714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6714] close(3) = 0 [pid 6714] close(4) = 0 [pid 6714] mkdir("./file0", 0777) = 0 [ 91.237316][ T6656] BTRFS info (device loop1 state M): force clearing of disk cache [ 91.241736][ T6714] BTRFS: device /dev/loop3 (7:3) using temp-fsid 0c4041f2-c097-476d-b4c5-ad88b5056669 [ 91.266049][ T6656] BTRFS info (device loop1 state M): doing ref verification [pid 6714] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6656] <... mount resumed>) = 0 [pid 6656] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6656] chdir(".") = 0 [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6656] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6652] exit_group(0 [pid 6656] <... futex resumed>) = ? [pid 6652] <... exit_group resumed>) = ? [pid 6656] +++ exited with 0 +++ [pid 6652] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6652, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=62 /* 0.62 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.276873][ T6714] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6714) [ 91.301491][ T6656] BTRFS info (device loop1 state M): max_inline set to 26856 [ 91.318115][ T6714] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./8/binderfs") = 0 [ 91.364542][ T6714] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 91.391698][ T6714] BTRFS info (device loop3): using free-space-tree [ 91.400834][ T5830] BTRFS info (device loop1): last unmount of filesystem 9ce82430-3ce2-48f2-bce3-1609cf35cdba [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6685] <... write resumed>) = 16777216 [pid 6685] munmap(0x7fb775000000, 138412032 [pid 6735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] <... munmap resumed>) = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6685] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6685] ioctl(5, LOOP_CLR_FD) = 0 [pid 6685] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6685] close(5) = 0 [pid 6685] close(4 [pid 6733] <... write resumed>) = 16777216 [pid 6733] munmap(0x7fb775000000, 138412032) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6714] <... mount resumed>) = 0 [pid 6733] close(3 [pid 6714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6733] <... close resumed>) = 0 [pid 6714] <... openat resumed>) = 3 [pid 6733] close(4 [pid 6714] chdir("./file0" [pid 6733] <... close resumed>) = 0 [pid 6733] mkdir("./file0", 0777 [pid 6714] <... chdir resumed>) = 0 [pid 6733] <... mkdir resumed>) = 0 [pid 6714] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6733] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6714] <... openat resumed>) = 4 [pid 6714] ioctl(4, LOOP_CLR_FD) = 0 [pid 6714] close(4) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6712] <... futex resumed>) = 0 [pid 6714] memfd_create("syzkaller", 0 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6714] <... memfd_create resumed>) = 4 [pid 6714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 91.652421][ T6733] loop4: detected capacity change from 0 to 32768 [ 91.690088][ T6733] BTRFS: device /dev/loop4 (7:4) using temp-fsid d045321e-783a-4c1a-a85d-5b893220f93d [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./8/file0") = 0 [ 91.731707][ T6733] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6733) [pid 5830] getdents64(3, [pid 6685] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 6685] <... futex resumed>) = 1 [pid 6674] <... futex resumed>) = 0 [pid 5830] rmdir("./8" [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] rename("./file1", "./file0/file0" [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./9", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6685] <... rename resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [ 91.813128][ T6733] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6685] <... futex resumed>) = 1 [pid 6674] <... futex resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3 [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] mkdir(".", 0777 [pid 5830] <... close resumed>) = 0 [pid 6685] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6754 attached [pid 6685] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6754] set_robust_list(0x55558bffa6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6754 [pid 6754] <... set_robust_list resumed>) = 0 [pid 6754] chdir("./9") = 0 [pid 6754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6754] setpgid(0, 0) = 0 [pid 6754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6754] write(3, "1000", 4) = 4 [ 91.862404][ T6733] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 91.878706][ T6733] BTRFS info (device loop4): using free-space-tree [ 91.894350][ T6685] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 6754] close(3) = 0 [pid 6754] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6754] write(1, "executing program\n", 18) = 18 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6754] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6760]}, 88) = 6760 [pid 6754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6760 attached [pid 6760] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6760] set_robust_list(0x7fb77d6019a0, 24) = 0 [ 91.933695][ T6685] BTRFS info (device loop2 state M): setting nodatasum [ 91.940603][ T6685] BTRFS info (device loop2 state M): setting nodatasum [pid 6760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6760] memfd_create("syzkaller", 0) = 3 [pid 6760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 92.002788][ T6685] BTRFS info (device loop2 state M): turning off barriers [ 92.053331][ T6685] BTRFS info (device loop2 state M): turning on flush-on-commit [ 92.061374][ T6685] BTRFS info (device loop2 state M): force clearing of disk cache [pid 6735] <... write resumed>) = 16777216 [ 92.107591][ T6685] BTRFS info (device loop2 state M): doing ref verification [pid 6714] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6735] munmap(0x7fb775000000, 138412032 [pid 6733] <... mount resumed>) = 0 [pid 6733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6733] chdir("./file0") = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_CLR_FD) = 0 [pid 6733] close(4) = 0 [pid 6760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... mount resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] memfd_create("syzkaller", 0 [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... memfd_create resumed>) = 4 [pid 6732] <... futex resumed>) = 0 [pid 6685] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] <... openat resumed>) = 4 [pid 6733] <... mmap resumed>) = 0x7fb775000000 [pid 6685] chdir("." [pid 6735] <... munmap resumed>) = 0 [pid 6685] <... chdir resumed>) = 0 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6685] <... futex resumed>) = 1 [pid 6674] <... futex resumed>) = 0 [pid 6735] <... openat resumed>) = 4 [pid 6685] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6674] exit_group(0 [pid 6685] <... futex resumed>) = ? [pid 6674] <... exit_group resumed>) = ? [pid 6735] ioctl(4, LOOP_SET_FD, 3 [pid 6685] +++ exited with 0 +++ [pid 6674] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6674, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=63 /* 0.63 s */} --- [pid 5831] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./9/binderfs") = 0 [ 92.152661][ T6685] BTRFS info (device loop2 state M): max_inline set to 26856 [ 92.189465][ T6735] loop0: detected capacity change from 0 to 32768 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6735] <... ioctl resumed>) = 0 [pid 6735] close(3) = 0 [pid 6735] close(4) = 0 [pid 6735] mkdir("./file0", 0777) = 0 [ 92.212167][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 92.241959][ T6735] BTRFS: device /dev/loop0 (7:0) using temp-fsid c4b88fff-61ac-4e32-8ff1-193284a224f7 [ 92.292627][ T6735] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6735) [ 92.346457][ T6735] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 92.406787][ T6735] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 92.461889][ T6735] BTRFS info (device loop0): using free-space-tree [pid 6735] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./9/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./9") = 0 [pid 5831] mkdir("./10", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6786 [pid 6714] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 6786 attached [pid 6786] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6786] chdir("./10") = 0 [pid 6786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6714] munmap(0x7fb775000000, 138412032 [pid 6786] setpgid(0, 0) = 0 [pid 6786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6786] write(3, "1000", 4) = 4 [pid 6786] close(3) = 0 [pid 6786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6786] write(1, "executing program\n", 18executing program ) = 18 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6714] <... munmap resumed>) = 0 [pid 6786] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6733] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6714] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6786] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6714] <... openat resumed>) = 5 [pid 6786] <... mprotect resumed>) = 0 [pid 6714] ioctl(5, LOOP_SET_FD, 4 [pid 6786] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6714] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6786] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6714] ioctl(5, LOOP_CLR_FD [pid 6786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6789 attached [pid 6714] <... ioctl resumed>) = 0 [pid 6786] <... clone3 resumed> => {parent_tid=[6789]}, 88) = 6789 [pid 6786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6789] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... mount resumed>) = 0 [pid 6714] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6714] close(5) = 0 [pid 6714] close(4 [pid 6789] <... rseq resumed>) = 0 [pid 6786] <... futex resumed>) = 0 [pid 6735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6789] set_robust_list(0x7fb77d6019a0, 24 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6735] <... openat resumed>) = 3 [pid 6789] <... set_robust_list resumed>) = 0 [pid 6735] chdir("./file0" [pid 6789] rt_sigprocmask(SIG_SETMASK, [], [pid 6735] <... chdir resumed>) = 0 [pid 6789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6789] memfd_create("syzkaller", 0 [pid 6735] <... openat resumed>) = 4 [pid 6735] ioctl(4, LOOP_CLR_FD) = 0 [pid 6789] <... memfd_create resumed>) = 3 [pid 6735] close(4) = 0 [pid 6789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... mmap resumed>) = 0x7fb775000000 [pid 6735] <... futex resumed>) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6735] memfd_create("syzkaller", 0 [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... memfd_create resumed>) = 4 [pid 6734] <... futex resumed>) = 0 [pid 6735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6735] <... mmap resumed>) = 0x7fb775000000 [pid 6733] <... write resumed>) = 16777216 [pid 6733] munmap(0x7fb775000000, 138412032) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6733] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6733] ioctl(5, LOOP_CLR_FD) = 0 [pid 6733] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6733] close(5) = 0 [pid 6733] close(4 [pid 6760] <... write resumed>) = 16777216 [pid 6760] munmap(0x7fb775000000, 138412032) = 0 [pid 6760] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6760] close(3) = 0 [pid 6760] close(4) = 0 [pid 6760] mkdir("./file0", 0777) = 0 [pid 6760] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6735] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6714] <... close resumed>) = 0 [ 92.976373][ T6760] loop1: detected capacity change from 0 to 32768 [ 93.012168][ T6760] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6760) [pid 6733] <... close resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] rename("./file1", "./file0/file0" [pid 6789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... rename resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6712] <... futex resumed>) = 0 [pid 6714] mkdir(".", 0777 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6714] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6733] <... futex resumed>) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6714] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6733] rename("./file1", "./file0/file0" [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... rename resumed>) = 0 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] mkdir(".", 0777 [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6732] <... futex resumed>) = 0 [pid 6733] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 93.095308][ T6714] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 93.121637][ T6760] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 93.132948][ T6733] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 93.141643][ T6714] BTRFS info (device loop3 state M): setting nodatasum [ 93.151200][ T6760] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 93.163684][ T6733] BTRFS info (device loop4 state M): setting nodatasum [ 93.182264][ T6733] BTRFS info (device loop4 state M): setting nodatasum [ 93.183259][ T6714] BTRFS info (device loop3 state M): setting nodatasum [ 93.196146][ T6760] BTRFS info (device loop1): using free-space-tree [ 93.213351][ T6733] BTRFS info (device loop4 state M): turning off barriers [ 93.220514][ T6733] BTRFS info (device loop4 state M): turning on flush-on-commit [ 93.221626][ T6714] BTRFS info (device loop3 state M): turning off barriers [ 93.261639][ T6733] BTRFS info (device loop4 state M): force clearing of disk cache [ 93.269621][ T6714] BTRFS info (device loop3 state M): turning on flush-on-commit [ 93.294666][ T6714] BTRFS info (device loop3 state M): force clearing of disk cache [ 93.295203][ T6733] BTRFS info (device loop4 state M): doing ref verification [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6733] <... mount resumed>) = 0 [pid 6733] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6733] chdir(".") = 0 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6732] exit_group(0) = ? [pid 6733] +++ exited with 0 +++ [pid 6732] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6732, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=59 /* 0.59 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.303558][ T6714] BTRFS info (device loop3 state M): doing ref verification [ 93.322528][ T6733] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./9/binderfs") = 0 [pid 5833] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6760] <... mount resumed>) = 0 [pid 6760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6760] chdir("./file0") = 0 [pid 6760] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6760] ioctl(4, LOOP_CLR_FD [pid 6714] <... mount resumed>) = 0 [pid 6760] <... ioctl resumed>) = 0 [pid 6714] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6760] close(4 [pid 6714] <... openat resumed>) = 4 [pid 6760] <... close resumed>) = 0 [pid 6714] chdir("." [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... chdir resumed>) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6760] memfd_create("syzkaller", 0 [pid 6714] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... memfd_create resumed>) = 4 [pid 6754] <... futex resumed>) = 0 [pid 6712] exit_group(0 [pid 6760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] <... mmap resumed>) = 0x7fb775000000 [pid 6714] <... futex resumed>) = ? [pid 6712] <... exit_group resumed>) = ? [pid 6714] +++ exited with 0 +++ [pid 6712] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6712, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=57 /* 0.57 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6789] <... write resumed>) = 16777216 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 93.381785][ T5833] BTRFS info (device loop4): last unmount of filesystem d045321e-783a-4c1a-a85d-5b893220f93d [ 93.402197][ T6714] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] unlink("./9/binderfs") = 0 [pid 5832] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6789] munmap(0x7fb775000000, 138412032) = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6789] close(3) = 0 [pid 6789] close(4) = 0 [pid 6789] mkdir("./file0", 0777) = 0 [ 93.473849][ T5832] BTRFS info (device loop3): last unmount of filesystem 0c4041f2-c097-476d-b4c5-ad88b5056669 [ 93.502838][ T6789] loop2: detected capacity change from 0 to 32768 [pid 6789] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6735] <... write resumed>) = 16777216 [ 93.527871][ T6789] BTRFS: device /dev/loop2 (7:2) using temp-fsid 9ceaa309-1664-4a38-938c-8fbf6ab8610c [ 93.564163][ T6789] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6789) [pid 6735] munmap(0x7fb775000000, 138412032) = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6735] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6735] ioctl(5, LOOP_CLR_FD) = 0 [pid 6735] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6735] close(5) = 0 [pid 6735] close(4 [ 93.648985][ T6789] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 93.684791][ T6789] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 6760] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... umount2 resumed>) = 0 [ 93.721941][ T6789] BTRFS info (device loop2): using free-space-tree [pid 5833] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./9/file0" [pid 6735] <... close resumed>) = 0 [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 6735] <... futex resumed>) = 1 [pid 6734] <... futex resumed>) = 0 [pid 5833] getdents64(3, [pid 6735] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 6735] <... futex resumed>) = 0 [pid 6734] <... futex resumed>) = 1 [pid 5833] <... close resumed>) = 0 [pid 6735] rename("./file1", "./file0/file0" [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] rmdir("./9") = 0 [pid 5833] mkdir("./10", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6823 [pid 6735] <... rename resumed>) = 0 ./strace-static-x86_64: Process 6823 attached [pid 6823] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6823] chdir("./10" [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] <... chdir resumed>) = 0 [pid 6735] <... futex resumed>) = 0 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6735] mkdir(".", 0777 [pid 6823] <... prctl resumed>) = 0 [pid 6735] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6735] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6823] setpgid(0, 0) = 0 [pid 6823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6823] write(3, "1000", 4) = 4 [pid 6823] close(3) = 0 [pid 6823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6789] <... mount resumed>) = 0 [pid 6789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6789] chdir("./file0") = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6789] ioctl(4, LOOP_CLR_FD) = 0 [pid 6789] close(4) = 0 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] <... futex resumed>) = 0 executing program [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] write(1, "executing program\n", 18 [pid 6786] <... futex resumed>) = 1 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] <... write resumed>) = 18 [pid 6789] <... futex resumed>) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] memfd_create("syzkaller", 0) = 4 [pid 6789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6823] <... futex resumed>) = 0 [pid 6823] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6823] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6823] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... umount2 resumed>) = 0 [pid 6823] <... mprotect resumed>) = 0 [pid 5832] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 93.985579][ T6735] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 6823] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] newfstatat(AT_FDCWD, "./9/file0", [pid 6823] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6825 attached [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6823] <... clone3 resumed> => {parent_tid=[6825]}, 88) = 6825 [pid 5832] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] <... openat resumed>) = 4 [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] newfstatat(4, "", [pid 6825] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6760] <... write resumed>) = 16777216 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6825] <... rseq resumed>) = 0 [pid 6760] munmap(0x7fb775000000, 138412032 [pid 5832] getdents64(4, [pid 6825] set_robust_list(0x7fb77d6019a0, 24 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6825] <... set_robust_list resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6825] rt_sigprocmask(SIG_SETMASK, [], [ 94.028608][ T6735] BTRFS info (device loop0 state M): setting nodatasum [ 94.053056][ T6735] BTRFS info (device loop0 state M): setting nodatasum [ 94.071206][ T6735] BTRFS info (device loop0 state M): turning off barriers [pid 5832] rmdir("./9/file0" [pid 6825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6760] <... munmap resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6825] memfd_create("syzkaller", 0 [pid 5832] getdents64(3, [pid 6825] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./9" [pid 6760] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 6760] <... openat resumed>) = 5 [pid 5832] mkdir("./10", 0777 [pid 6760] ioctl(5, LOOP_SET_FD, 4 [pid 5832] <... mkdir resumed>) = 0 [pid 6760] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6760] ioctl(5, LOOP_CLR_FD [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6760] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6760] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6760] close(5) = 0 [pid 6760] close(4 [pid 5832] close(3) = 0 [ 94.089031][ T6735] BTRFS info (device loop0 state M): turning on flush-on-commit [ 94.119628][ T6735] BTRFS info (device loop0 state M): force clearing of disk cache [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6826 attached , child_tidptr=0x55558bffa690) = 6826 [pid 6826] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6826] chdir("./10") = 0 [pid 6826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 94.162628][ T6735] BTRFS info (device loop0 state M): doing ref verification [pid 6826] setpgid(0, 0) = 0 [pid 6826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6826] write(3, "1000", 4) = 4 [pid 6826] close(3) = 0 executing program [pid 6826] symlink("/dev/binderfs", "./binderfs" [pid 6789] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6826] <... symlink resumed>) = 0 [pid 6826] write(1, "executing program\n", 18) = 18 [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6735] <... mount resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6735] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6735] <... openat resumed>) = 4 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6735] chdir("." [pid 6826] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6735] <... chdir resumed>) = 0 [pid 6826] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... mprotect resumed>) = 0 [pid 6735] <... futex resumed>) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6735] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] exit_group(0 [pid 6826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6735] <... futex resumed>) = ? [pid 6734] <... exit_group resumed>) = ? [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6735] +++ exited with 0 +++ [pid 6734] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6734, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=63 /* 0.63 s */} --- [pid 6826] <... clone3 resumed> => {parent_tid=[6827]}, 88) = 6827 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6826] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6827 attached NULL, 8) = 0 [pid 6826] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 94.202965][ T6735] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6827] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6827] <... rseq resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6827] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6827] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] newfstatat(3, "", [pid 6827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] memfd_create("syzkaller", 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6827] <... memfd_create resumed>) = 3 [pid 5829] getdents64(3, [pid 6827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6827] <... mmap resumed>) = 0x7fb775000000 [pid 5829] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./9/binderfs") = 0 [ 94.307071][ T5829] BTRFS info (device loop0): last unmount of filesystem c4b88fff-61ac-4e32-8ff1-193284a224f7 [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6760] <... close resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6760] rename("./file1", "./file0/file0" [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... rename resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... futex resumed>) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] mkdir(".", 0777 [pid 6754] <... futex resumed>) = 0 [pid 6760] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 94.490222][ T6760] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 94.522257][ T6760] BTRFS info (device loop1 state M): setting nodatasum [ 94.529278][ T6760] BTRFS info (device loop1 state M): setting nodatasum [ 94.544022][ T6760] BTRFS info (device loop1 state M): turning off barriers [ 94.575969][ T6760] BTRFS info (device loop1 state M): turning on flush-on-commit [pid 6825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 94.601647][ T6760] BTRFS info (device loop1 state M): force clearing of disk cache [ 94.627430][ T6760] BTRFS info (device loop1 state M): doing ref verification [ 94.643679][ T6760] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6760] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6760] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6760] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6760] chdir("." [pid 5829] newfstatat(AT_FDCWD, "./9/file0", [pid 6760] <... chdir resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6754] exit_group(0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6760] <... futex resumed>) = ? [pid 6754] <... exit_group resumed>) = ? [pid 5829] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6760] +++ exited with 0 +++ [pid 5829] <... openat resumed>) = 4 [pid 6754] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6754, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=61 /* 0.61 s */} --- [pid 5829] newfstatat(4, "", [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./9/file0" [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5829] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5830] getdents64(3, [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] close(3) = 0 [pid 5830] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./9" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5829] mkdir("./10", 0777) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] unlink("./9/binderfs" [pid 5829] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6789] <... write resumed>) = 16777216 [pid 6789] munmap(0x7fb775000000, 138412032./strace-static-x86_64: Process 6829 attached [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 6829 [pid 6829] set_robust_list(0x55558bffa6a0, 24 [pid 6789] <... munmap resumed>) = 0 [pid 6829] <... set_robust_list resumed>) = 0 [pid 6829] chdir("./10") = 0 [pid 6829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6829] setpgid(0, 0) = 0 [pid 6789] <... openat resumed>) = 5 [pid 6829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6829] write(3, "1000", 4 [pid 6789] ioctl(5, LOOP_SET_FD, 4 [pid 6829] <... write resumed>) = 4 [pid 6789] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6829] close(3 [pid 6789] ioctl(5, LOOP_CLR_FD [pid 6829] <... close resumed>) = 0 [pid 6829] symlink("/dev/binderfs", "./binderfs" [pid 6789] <... ioctl resumed>) = 0 [pid 6829] <... symlink resumed>) = 0 executing program [pid 6829] write(1, "executing program\n", 18) = 18 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6789] ioctl(5, LOOP_SET_FD, 4 [pid 6829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6789] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6789] close(5 [pid 6829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6789] <... close resumed>) = 0 [ 94.732297][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6829] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6789] close(4 [pid 6829] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6825] <... write resumed>) = 16777216 [pid 6829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6825] munmap(0x7fb775000000, 138412032 [pid 6829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6830 attached [pid 6830] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6830] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6829] <... clone3 resumed> => {parent_tid=[6830]}, 88) = 6830 [pid 6830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] <... munmap resumed>) = 0 [pid 6829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6830] <... futex resumed>) = 0 [pid 6830] memfd_create("syzkaller", 0) = 3 [pid 6830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6825] close(3) = 0 [pid 6825] close(4) = 0 [ 94.882855][ T6825] loop4: detected capacity change from 0 to 32768 [pid 6825] mkdir("./file0", 0777) = 0 [ 94.939230][ T6825] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6825) [ 94.996069][ T6825] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 95.021682][ T6825] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6825] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 6789] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./9/file0") = 0 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(3, [pid 6789] <... futex resumed>) = 1 [pid 6786] <... futex resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] rename("./file1", "./file0/file0" [pid 6786] <... futex resumed>) = 0 [ 95.053960][ T6825] BTRFS info (device loop4): using free-space-tree [pid 5830] close(3 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./9") = 0 [pid 5830] mkdir("./10", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6846 ./strace-static-x86_64: Process 6846 attached [pid 6846] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6846] chdir("./10" [pid 6789] <... rename resumed>) = 0 [pid 6846] <... chdir resumed>) = 0 [pid 6846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6846] setpgid(0, 0) = 0 [pid 6846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6846] write(3, "1000", 4 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... write resumed>) = 4 [pid 6786] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6789] <... futex resumed>) = 0 [pid 6846] close(3 [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... close resumed>) = 0 [pid 6789] mkdir(".", 0777 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6846] symlink("/dev/binderfs", "./binderfs" [pid 6789] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6789] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6846] <... symlink resumed>) = 0 executing program [pid 6846] write(1, "executing program\n", 18) = 18 [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6846] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6848]}, 88) = 6848 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6848 attached [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6848] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6848] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6848] memfd_create("syzkaller", 0) = 3 [pid 6848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6827] <... write resumed>) = 16777216 [pid 6848] <... mmap resumed>) = 0x7fb775000000 [pid 6830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 95.188769][ T6789] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 95.213386][ T6789] BTRFS info (device loop2 state M): setting nodatasum [pid 6827] munmap(0x7fb775000000, 138412032 [pid 6825] <... mount resumed>) = 0 [pid 6827] <... munmap resumed>) = 0 [pid 6825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6827] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6825] <... openat resumed>) = 3 [pid 6827] ioctl(4, LOOP_SET_FD, 3 [pid 6825] chdir("./file0") = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6827] <... ioctl resumed>) = 0 [pid 6827] close(3 [pid 6825] ioctl(4, LOOP_CLR_FD [pid 6827] <... close resumed>) = 0 [pid 6827] close(4 [pid 6825] <... ioctl resumed>) = 0 [pid 6827] <... close resumed>) = 0 [pid 6825] close(4 [pid 6827] mkdir("./file0", 0777) = 0 [pid 6825] <... close resumed>) = 0 [ 95.241797][ T6789] BTRFS info (device loop2 state M): setting nodatasum [ 95.254752][ T6827] loop3: detected capacity change from 0 to 32768 [ 95.262030][ T6789] BTRFS info (device loop2 state M): turning off barriers [ 95.279757][ T6789] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6827] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] <... futex resumed>) = 0 [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6825] memfd_create("syzkaller", 0) = 4 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 95.307964][ T6789] BTRFS info (device loop2 state M): force clearing of disk cache [ 95.316400][ T6827] BTRFS: device /dev/loop3 (7:3) using temp-fsid 259a730f-4383-4c39-8f57-c1589f89d5aa [ 95.331658][ T6827] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6827) [ 95.357093][ T6789] BTRFS info (device loop2 state M): doing ref verification [ 95.381651][ T6789] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6789] <... mount resumed>) = 0 [pid 6789] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6789] chdir(".") = 0 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6786] <... futex resumed>) = 0 [pid 6789] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] exit_group(0 [pid 6789] <... futex resumed>) = ? [pid 6786] <... exit_group resumed>) = ? [pid 6789] +++ exited with 0 +++ [pid 6786] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6786, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=66 /* 0.66 s */} --- [pid 5831] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./10/binderfs") = 0 [ 95.413911][ T6827] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 95.445411][ T6827] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 95.457716][ T5831] BTRFS info (device loop2): last unmount of filesystem 9ceaa309-1664-4a38-938c-8fbf6ab8610c [ 95.481832][ T6827] BTRFS info (device loop3): using free-space-tree [pid 6848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6830] <... write resumed>) = 16777216 [pid 6830] munmap(0x7fb775000000, 138412032) = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6830] close(3) = 0 [pid 6830] close(4) = 0 [pid 6830] mkdir("./file0", 0777) = 0 [ 95.652371][ T6830] loop0: detected capacity change from 0 to 32768 [ 95.681781][ T6830] BTRFS: device /dev/loop0 (7:0) using temp-fsid 184816e6-a5fc-45de-a3b6-919fd3585675 [pid 6830] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6827] <... mount resumed>) = 0 [pid 6827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6827] chdir("./file0") = 0 [pid 6827] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6827] ioctl(4, LOOP_CLR_FD) = 0 [pid 6827] close(4) = 0 [pid 6827] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] <... futex resumed>) = 0 [pid 6826] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6827] <... futex resumed>) = 0 [pid 6827] memfd_create("syzkaller", 0) = 4 [pid 6827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 95.701769][ T6830] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6830) [pid 6825] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6848] <... write resumed>) = 16777216 [pid 6848] munmap(0x7fb775000000, 138412032) = 0 [ 95.761641][ T6830] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 95.787384][ T6830] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6848] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6848] close(3) = 0 [pid 6848] close(4) = 0 [pid 6848] mkdir("./file0", 0777) = 0 [ 95.827025][ T6830] BTRFS info (device loop0): using free-space-tree [ 95.835651][ T6848] loop1: detected capacity change from 0 to 32768 [pid 6848] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 95.893194][ T6848] BTRFS: device /dev/loop1 (7:1) using temp-fsid 054c0680-a6fd-40b6-b7f7-b12e1c5c5a58 [ 95.910195][ T6848] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6848) [pid 5831] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./10/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./10") = 0 [pid 5831] mkdir("./11", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6827] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 6830] <... mount resumed>) = 0 [pid 6830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6830] chdir("./file0") = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6830] ioctl(4, LOOP_CLR_FD) = 0 [pid 6830] close(4) = 0 [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6830] memfd_create("syzkaller", 0) = 4 [pid 6830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 95.985344][ T6848] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 96.005829][ T6848] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 96.017920][ T6848] BTRFS info (device loop1): using free-space-tree ./strace-static-x86_64: Process 6886 attached [pid 6886] set_robust_list(0x55558bffa6a0, 24) = 0 executing program [pid 6886] chdir("./11") = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6886 [pid 6886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6886] setpgid(0, 0) = 0 [pid 6886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6886] write(3, "1000", 4) = 4 [pid 6886] close(3) = 0 [pid 6886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6886] write(1, "executing program\n", 18) = 18 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6886] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6888]}, 88) = 6888 [pid 6886] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6888 attached NULL, 8) = 0 [pid 6888] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... rseq resumed>) = 0 [pid 6886] <... futex resumed>) = 0 [pid 6888] set_robust_list(0x7fb77d6019a0, 24 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6888] <... set_robust_list resumed>) = 0 [pid 6888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6888] memfd_create("syzkaller", 0) = 3 [pid 6888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6825] <... write resumed>) = 16777216 [pid 6848] <... mount resumed>) = 0 [pid 6825] munmap(0x7fb775000000, 138412032 [pid 6848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6848] chdir("./file0") = 0 [pid 6848] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6848] ioctl(4, LOOP_CLR_FD) = 0 [pid 6848] close(4) = 0 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6848] memfd_create("syzkaller", 0 [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6848] <... memfd_create resumed>) = 4 [pid 6848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6825] <... munmap resumed>) = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6825] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6825] ioctl(5, LOOP_CLR_FD) = 0 [pid 6825] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6825] close(5) = 0 [pid 6825] close(4 [pid 6848] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6830] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6825] <... close resumed>) = 0 [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6825] rename("./file1", "./file0/file0" [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... rename resumed>) = 0 [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6825] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6825] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6827] <... write resumed>) = 16777216 [ 96.652650][ T6825] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 96.692052][ T6825] BTRFS info (device loop4 state M): setting nodatasum [pid 6827] munmap(0x7fb775000000, 138412032) = 0 [pid 6827] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6827] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6827] ioctl(5, LOOP_CLR_FD) = 0 [pid 6827] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6827] close(5) = 0 [pid 6827] close(4 [pid 6888] <... write resumed>) = 16777216 [ 96.717056][ T6825] BTRFS info (device loop4 state M): setting nodatasum [ 96.735987][ T6825] BTRFS info (device loop4 state M): turning off barriers [pid 6888] munmap(0x7fb775000000, 138412032) = 0 [pid 6888] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6888] ioctl(4, LOOP_SET_FD, 3) = 0 [ 96.775758][ T6825] BTRFS info (device loop4 state M): turning on flush-on-commit [ 96.796820][ T6888] loop2: detected capacity change from 0 to 32768 [ 96.816361][ T6825] BTRFS info (device loop4 state M): force clearing of disk cache [pid 6888] close(3) = 0 [pid 6888] close(4) = 0 [pid 6888] mkdir("./file0", 0777) = 0 [pid 6888] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6825] <... mount resumed>) = 0 [pid 6825] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6825] chdir(".") = 0 [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] <... futex resumed>) = 0 [ 96.831928][ T6825] BTRFS info (device loop4 state M): doing ref verification [ 96.849996][ T6825] BTRFS info (device loop4 state M): max_inline set to 26856 [ 96.872082][ T6888] BTRFS: device /dev/loop2 (7:2) using temp-fsid 6c7fbc1c-4e4b-439d-9288-48fdb843ab92 [pid 6823] exit_group(0) = ? [pid 6825] +++ exited with 0 +++ [pid 6823] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6823, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=61 /* 0.61 s */} --- [pid 6848] <... write resumed>) = 16777216 [pid 5833] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./10/binderfs") = 0 [ 96.904876][ T6888] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6888) [pid 5833] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 96.947388][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 96.973975][ T6888] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6848] munmap(0x7fb775000000, 138412032) = 0 [pid 6848] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6848] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6848] ioctl(5, LOOP_CLR_FD) = 0 [pid 6848] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6848] close(5 [pid 6827] <... close resumed>) = 0 [pid 6848] <... close resumed>) = 0 [pid 6848] close(4 [pid 6827] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6827] rename("./file1", "./file0/file0" [pid 6826] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.007084][ T6888] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 97.047138][ T6888] BTRFS info (device loop2): using free-space-tree [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6830] <... write resumed>) = 16777216 [pid 6827] <... rename resumed>) = 0 [pid 6826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6826] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 6826] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE [pid 6830] munmap(0x7fb775000000, 138412032 [pid 6827] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... mprotect resumed>) = 0 [pid 6827] <... futex resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6827] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} => {parent_tid=[6907]}, 88) = 6907 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6826] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6907 attached [pid 6907] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6907] set_robust_list(0x7fb77d5e09a0, 24 [pid 6830] <... munmap resumed>) = 0 [pid 6907] <... set_robust_list resumed>) = 0 [pid 6907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6907] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6907] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6830] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6830] ioctl(5, LOOP_CLR_FD) = 0 [pid 6830] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6830] close(5) = 0 [ 97.175370][ T6907] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6830] close(4 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./10/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./10") = 0 [pid 5833] mkdir("./11", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [ 97.241151][ T6907] BTRFS info (device loop3 state M): setting nodatasum [ 97.261661][ T6907] BTRFS info (device loop3 state M): setting nodatasum [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6923 attached [pid 6888] <... mount resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6923 [pid 6888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6888] chdir("./file0") = 0 [pid 6888] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6923] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6923] chdir("./11" [pid 6888] ioctl(4, LOOP_CLR_FD) = 0 [pid 6923] <... chdir resumed>) = 0 [pid 6923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6888] close(4 [pid 6923] <... prctl resumed>) = 0 [pid 6888] <... close resumed>) = 0 [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 97.317849][ T6907] BTRFS info (device loop3 state M): turning off barriers [pid 6888] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] setpgid(0, 0 [pid 6886] <... futex resumed>) = 0 [pid 6923] <... setpgid resumed>) = 0 [pid 6923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6886] <... futex resumed>) = 1 [pid 6888] memfd_create("syzkaller", 0) = 4 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6923] <... openat resumed>) = 3 [pid 6923] write(3, "1000", 4) = 4 [pid 6923] close(3) = 0 [pid 6923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6923] write(1, "executing program\n", 18executing program ) = 18 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [ 97.364441][ T6907] BTRFS info (device loop3 state M): turning on flush-on-commit [ 97.403853][ T6907] BTRFS info (device loop3 state M): force clearing of disk cache [pid 6923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6848] <... close resumed>) = 0 [pid 6923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6923] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6923] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6848] rename("./file1", "./file0/file0" [pid 6846] <... futex resumed>) = 0 [pid 6923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6924 attached [pid 6924] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6923] <... clone3 resumed> => {parent_tid=[6924]}, 88) = 6924 [pid 6923] rt_sigprocmask(SIG_SETMASK, [], [pid 6924] <... rseq resumed>) = 0 [pid 6923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6924] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] rt_sigprocmask(SIG_SETMASK, [], [pid 6923] <... futex resumed>) = 0 [pid 6924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] memfd_create("syzkaller", 0) = 3 [pid 6924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6848] <... rename resumed>) = 0 [ 97.473128][ T6907] BTRFS info (device loop3 state M): doing ref verification [ 97.480669][ T6907] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6924] <... mmap resumed>) = 0x7fb775000000 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... mount resumed>) = 0 [pid 6848] <... futex resumed>) = 0 [pid 6846] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6907] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... openat resumed>) = 4 [pid 6848] mkdir(".", 0777 [pid 6846] <... futex resumed>) = 0 [pid 6907] chdir("." [pid 6848] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6907] <... chdir resumed>) = 0 [pid 6848] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6907] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6907] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] exit_group(0 [pid 6907] <... futex resumed>) = ? [pid 6826] <... exit_group resumed>) = ? [pid 6907] +++ exited with 0 +++ [pid 6830] <... close resumed>) = 0 [pid 6827] <... futex resumed>) = ? [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6829] <... futex resumed>) = 0 [pid 6827] +++ exited with 0 +++ [pid 6826] +++ exited with 0 +++ [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6826, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=60 /* 0.60 s */} --- [pid 6830] rename("./file1", "./file0/file0" [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./10/binderfs") = 0 [pid 5832] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6830] <... rename resumed>) = 0 [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6829] <... futex resumed>) = 0 [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6830] mkdir(".", 0777 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6830] <... mkdir resumed>) = -1 EEXIST (File exists) [ 97.575037][ T5832] BTRFS info (device loop3): last unmount of filesystem 259a730f-4383-4c39-8f57-c1589f89d5aa [ 97.588507][ T6848] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 97.630648][ T6848] BTRFS info (device loop1 state M): setting nodatasum [ 97.647275][ T6848] BTRFS info (device loop1 state M): setting nodatasum [ 97.649906][ T6830] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 97.661572][ T6848] BTRFS info (device loop1 state M): turning off barriers [ 97.685024][ T6848] BTRFS info (device loop1 state M): turning on flush-on-commit [ 97.717874][ T6848] BTRFS info (device loop1 state M): force clearing of disk cache [ 97.725968][ T6830] BTRFS info (device loop0 state M): setting nodatasum [pid 6830] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 97.725991][ T6830] BTRFS info (device loop0 state M): setting nodatasum [ 97.726007][ T6830] BTRFS info (device loop0 state M): turning off barriers [ 97.726023][ T6830] BTRFS info (device loop0 state M): turning on flush-on-commit [ 97.726038][ T6830] BTRFS info (device loop0 state M): force clearing of disk cache [ 97.726053][ T6830] BTRFS info (device loop0 state M): doing ref verification [ 97.738420][ T6848] BTRFS info (device loop1 state M): doing ref verification [ 97.771917][ T6830] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6888] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6830] <... mount resumed>) = 0 [pid 6830] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6830] chdir(".") = 0 [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6829] exit_group(0 [pid 6830] <... futex resumed>) = ? [pid 6829] <... exit_group resumed>) = ? [pid 6830] +++ exited with 0 +++ [pid 6829] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6829, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=67 /* 0.67 s */} --- [pid 5829] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6848] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5829] newfstatat(AT_FDCWD, "./10/binderfs", [pid 6848] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./10/binderfs") = 0 [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] chdir(".") = 0 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6848] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] exit_group(0 [pid 6848] <... futex resumed>) = ? [pid 6846] <... exit_group resumed>) = ? [pid 6848] +++ exited with 0 +++ [pid 6846] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6846, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=73 /* 0.73 s */} --- [ 97.842066][ T6848] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 97.883015][ T5829] BTRFS info (device loop0): last unmount of filesystem 184816e6-a5fc-45de-a3b6-919fd3585675 [pid 5830] unlink("./10/binderfs" [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./10/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./10") = 0 [pid 5832] mkdir("./11", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6926 attached [pid 6926] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6926 [pid 6926] <... set_robust_list resumed>) = 0 [pid 6926] chdir("./11") = 0 [pid 6926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6926] setpgid(0, 0) = 0 [pid 6926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6926] write(3, "1000", 4) = 4 [pid 6926] close(3) = 0 [pid 6926] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6926] write(1, "executing program\n", 18) = 18 [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [ 97.952331][ T5830] BTRFS info (device loop1): last unmount of filesystem 054c0680-a6fd-40b6-b7f7-b12e1c5c5a58 [pid 6926] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6927 attached => {parent_tid=[6927]}, 88) = 6927 [pid 6927] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6926] rt_sigprocmask(SIG_SETMASK, [], [pid 6927] <... rseq resumed>) = 0 [pid 6926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6927] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6927] memfd_create("syzkaller", 0) = 3 [pid 6927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6888] <... write resumed>) = 16777216 [pid 6888] munmap(0x7fb775000000, 138412032) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6888] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6888] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6888] ioctl(5, LOOP_CLR_FD [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6888] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./10/file0", [pid 6888] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6924] <... write resumed>) = 16777216 [pid 6927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6888] close(5 [pid 6924] munmap(0x7fb775000000, 138412032 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6888] <... close resumed>) = 0 [pid 6888] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6924] <... munmap resumed>) = 0 [pid 5830] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./10/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./10") = 0 [pid 5829] mkdir("./11", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6929 attached [pid 6929] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6929] chdir("./11" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 6929 [pid 6924] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./10/file0", [pid 6929] <... chdir resumed>) = 0 [pid 6924] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6924] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6929] setpgid(0, 0) = 0 [pid 6929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6929] write(3, "1000", 4) = 4 [pid 6929] close(3) = 0 [pid 6929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5830] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6929] write(1, "executing program\n", 18) = 18 [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6929] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] <... openat resumed>) = 4 [pid 6929] <... clone3 resumed> => {parent_tid=[6932]}, 88) = 6932 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] newfstatat(4, "", ./strace-static-x86_64: Process 6932 attached [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6932] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6924] <... ioctl resumed>) = 0 [pid 6924] close(3 [pid 6932] <... rseq resumed>) = 0 [pid 5830] getdents64(4, [pid 6932] set_robust_list(0x7fb77d6019a0, 24 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6932] <... set_robust_list resumed>) = 0 [pid 6924] <... close resumed>) = 0 [pid 6924] close(4 [pid 6932] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] getdents64(4, [pid 6924] <... close resumed>) = 0 [pid 6932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6932] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6924] mkdir("./file0", 0777) = 0 [pid 6932] <... memfd_create resumed>) = 3 [pid 6924] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] close(4 [pid 6932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./10/file0") = 0 [ 98.360595][ T6924] loop4: detected capacity change from 0 to 32768 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [ 98.403569][ T6924] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6924) [pid 5830] rmdir("./10") = 0 [pid 5830] mkdir("./11", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 6888] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] rename("./file1", "./file0/file0"./strace-static-x86_64: Process 6934 attached ) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6934 [ 98.493997][ T6924] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 98.531673][ T6924] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6934] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6934] chdir("./11" [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... chdir resumed>) = 0 [pid 6888] <... futex resumed>) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6934] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6888] mkdir(".", 0777 [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... prctl resumed>) = 0 [pid 6888] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6886] <... futex resumed>) = 0 [pid 6934] setpgid(0, 0 [pid 6888] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6934] <... setpgid resumed>) = 0 [pid 6934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6934] write(3, "1000", 4) = 4 [pid 6934] close(3) = 0 executing program [pid 6934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6934] write(1, "executing program\n", 18) = 18 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6934] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6937]}, 88) = 6937 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6937 attached [pid 6937] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6937] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6937] memfd_create("syzkaller", 0) = 3 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 98.572187][ T6924] BTRFS info (device loop4): using free-space-tree [ 98.596355][ T6888] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 98.651590][ T6888] BTRFS info (device loop2 state M): setting nodatasum [ 98.681822][ T6888] BTRFS info (device loop2 state M): setting nodatasum [ 98.711698][ T6888] BTRFS info (device loop2 state M): turning off barriers [ 98.718866][ T6888] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6927] <... write resumed>) = 16777216 [pid 6888] <... mount resumed>) = 0 [pid 6927] munmap(0x7fb775000000, 138412032 [pid 6888] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6888] chdir(".") = 0 [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6886] exit_group(0 [pid 6924] <... mount resumed>) = 0 [pid 6886] <... exit_group resumed>) = ? [pid 6924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6924] chdir("./file0") = 0 [pid 6888] +++ exited with 0 +++ [pid 6886] +++ exited with 0 +++ [pid 6924] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6886, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=68 /* 0.68 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6927] <... munmap resumed>) = 0 [pid 6924] <... openat resumed>) = 4 [ 98.771675][ T6888] BTRFS info (device loop2 state M): force clearing of disk cache [ 98.780402][ T6888] BTRFS info (device loop2 state M): doing ref verification [ 98.789822][ T6888] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6924] ioctl(4, LOOP_CLR_FD [pid 6927] <... openat resumed>) = 4 [pid 6924] <... ioctl resumed>) = 0 [pid 5831] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] ioctl(4, LOOP_SET_FD, 3 [pid 6924] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6924] <... close resumed>) = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6924] memfd_create("syzkaller", 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 6924] <... memfd_create resumed>) = 4 [pid 6923] <... futex resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] <... mmap resumed>) = 0x7fb775000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./11/binderfs" [pid 6927] <... ioctl resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 6927] close(3) = 0 [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] close(4) = 0 [ 98.847552][ T6927] loop3: detected capacity change from 0 to 32768 [pid 6927] mkdir("./file0", 0777) = 0 [ 98.893593][ T5831] BTRFS info (device loop2): last unmount of filesystem 6c7fbc1c-4e4b-439d-9288-48fdb843ab92 [ 98.937126][ T6927] BTRFS: device /dev/loop3 (7:3) using temp-fsid b1c0d177-2309-44c0-a47b-ef58c7e09a12 [pid 6927] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6932] <... write resumed>) = 16777216 [ 98.991196][ T6927] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6927) [pid 6932] munmap(0x7fb775000000, 138412032) = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 99.075885][ T6927] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 99.112735][ T6932] loop0: detected capacity change from 0 to 32768 [pid 6932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6932] close(3) = 0 [pid 6932] close(4) = 0 [pid 6932] mkdir("./file0", 0777) = 0 [ 99.119358][ T6927] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 99.141710][ T6927] BTRFS info (device loop3): using free-space-tree [pid 6932] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6937] <... write resumed>) = 16777216 [ 99.201782][ T6932] BTRFS: device /dev/loop0 (7:0) using temp-fsid d2b1352c-95ff-4963-98d4-9dcd0653b021 [pid 6937] munmap(0x7fb775000000, 138412032) = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6937] ioctl(4, LOOP_SET_FD, 3 [pid 6924] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6937] <... ioctl resumed>) = 0 [pid 6937] close(3) = 0 [pid 6937] close(4) = 0 [pid 6937] mkdir("./file0", 0777 [pid 5831] <... umount2 resumed>) = 0 [pid 6937] <... mkdir resumed>) = 0 [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 99.272560][ T6932] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6932) [ 99.307877][ T6937] loop1: detected capacity change from 0 to 32768 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./11/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./11") = 0 [pid 5831] mkdir("./12", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [ 99.396342][ T6937] BTRFS: device /dev/loop1 (7:1) using temp-fsid 45f4fed5-50ad-47cc-868c-5ce72691c311 [ 99.406198][ T6932] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6970 attached [pid 6970] set_robust_list(0x55558bffa6a0, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6970 [pid 6970] <... set_robust_list resumed>) = 0 [pid 6970] chdir("./12") = 0 [pid 6970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6970] setpgid(0, 0 [pid 6927] <... mount resumed>) = 0 [pid 6927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6927] chdir("./file0" [pid 6970] <... setpgid resumed>) = 0 [pid 6927] <... chdir resumed>) = 0 [pid 6927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6927] <... openat resumed>) = 4 [pid 6927] ioctl(4, LOOP_CLR_FD) = 0 [pid 6927] close(4) = 0 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [ 99.445377][ T6937] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6937) [ 99.447410][ T6932] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6927] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] <... openat resumed>) = 3 [pid 6970] write(3, "1000", 4) = 4 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] close(3 [pid 6927] <... futex resumed>) = 0 [pid 6926] <... futex resumed>) = 1 [pid 6927] memfd_create("syzkaller", 0) = 4 [pid 6927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6970] <... close resumed>) = 0 [pid 6970] symlink("/dev/binderfs", "./binderfs" [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6970] <... symlink resumed>) = 0 executing program [pid 6970] write(1, "executing program\n", 18) = 18 [ 99.531421][ T6937] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 99.539230][ T6932] BTRFS info (device loop0): using free-space-tree [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6970] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6975 attached [pid 6975] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6970] <... clone3 resumed> => {parent_tid=[6975]}, 88) = 6975 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] <... rseq resumed>) = 0 [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6975] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] memfd_create("syzkaller", 0) = 3 [pid 6975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 99.572769][ T6937] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 99.606942][ T6937] BTRFS info (device loop1): using free-space-tree [pid 6924] <... write resumed>) = 16777216 [pid 6924] munmap(0x7fb775000000, 138412032) = 0 [pid 6924] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6924] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6932] <... mount resumed>) = 0 [pid 6927] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6924] ioctl(5, LOOP_CLR_FD [pid 6932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6924] <... ioctl resumed>) = 0 [pid 6932] <... openat resumed>) = 3 [pid 6932] chdir("./file0") = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6924] ioctl(5, LOOP_SET_FD, 4 [pid 6932] ioctl(4, LOOP_CLR_FD [pid 6924] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6932] <... ioctl resumed>) = 0 [pid 6924] close(5 [pid 6932] close(4 [pid 6924] <... close resumed>) = 0 [pid 6932] <... close resumed>) = 0 [pid 6924] close(4 [pid 6932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6929] <... futex resumed>) = 0 [pid 6932] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6929] <... futex resumed>) = 0 [pid 6932] memfd_create("syzkaller", 0 [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6932] <... memfd_create resumed>) = 4 [pid 6932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6937] <... mount resumed>) = 0 [pid 6937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6937] chdir("./file0") = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6937] ioctl(4, LOOP_CLR_FD) = 0 [pid 6937] close(4) = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = 0 [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6937] <... futex resumed>) = 1 [pid 6937] memfd_create("syzkaller", 0) = 4 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6924] <... close resumed>) = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] rename("./file1", "./file0/file0") = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6924] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6924] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6924] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6927] <... write resumed>) = 16777216 [pid 6927] munmap(0x7fb775000000, 138412032) = 0 [pid 6927] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6927] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6927] ioctl(5, LOOP_CLR_FD) = 0 [pid 6927] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6927] close(5) = 0 [pid 6927] close(4 [ 100.136716][ T6924] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 100.176981][ T6924] BTRFS info (device loop4 state M): setting nodatasum [ 100.194761][ T6924] BTRFS info (device loop4 state M): setting nodatasum [ 100.216429][ T6924] BTRFS info (device loop4 state M): turning off barriers [pid 6932] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 100.241615][ T6924] BTRFS info (device loop4 state M): turning on flush-on-commit [ 100.253588][ T6924] BTRFS info (device loop4 state M): force clearing of disk cache [ 100.261444][ T6924] BTRFS info (device loop4 state M): doing ref verification [pid 6937] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6924] <... mount resumed>) = 0 [pid 6924] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6924] chdir(".") = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6924] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] exit_group(0) = ? [pid 6924] <... futex resumed>) = ? [pid 6924] +++ exited with 0 +++ [pid 6923] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6923, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=57 /* 0.57 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 100.307855][ T6924] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./11/binderfs") = 0 [pid 5833] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] <... close resumed>) = 0 [ 100.383441][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] <... write resumed>) = 16777216 [pid 6926] <... futex resumed>) = 0 [pid 6927] <... futex resumed>) = 1 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6927] rename("./file1", "./file0/file0" [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] munmap(0x7fb775000000, 138412032 [pid 6927] <... rename resumed>) = 0 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [pid 6927] mkdir(".", 0777 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6926] <... futex resumed>) = 0 [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6975] <... munmap resumed>) = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6927] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6975] <... openat resumed>) = 4 [pid 6975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6975] close(3) = 0 [pid 6975] close(4) = 0 [pid 6975] mkdir("./file0", 0777) = 0 [ 100.523594][ T6975] loop2: detected capacity change from 0 to 32768 [ 100.550280][ T6975] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6975) [ 100.571510][ T6927] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 100.627173][ T6927] BTRFS info (device loop3 state M): setting nodatasum [ 100.627872][ T6975] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 100.644365][ T6927] BTRFS info (device loop3 state M): setting nodatasum [ 100.651246][ T6927] BTRFS info (device loop3 state M): turning off barriers [pid 6975] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6932] <... write resumed>) = 16777216 [pid 6932] munmap(0x7fb775000000, 138412032) = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6932] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6932] ioctl(5, LOOP_CLR_FD) = 0 [pid 6932] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6932] close(5) = 0 [ 100.685273][ T6975] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 100.705262][ T6927] BTRFS info (device loop3 state M): turning on flush-on-commit [ 100.715511][ T6975] BTRFS info (device loop2): using free-space-tree [pid 6932] close(4 [pid 6937] <... write resumed>) = 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 6937] munmap(0x7fb775000000, 138412032 [pid 5833] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] <... munmap resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6927] <... mount resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 6927] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5833] newfstatat(4, "", [pid 6927] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 6927] chdir(".") = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 6927] <... futex resumed>) = 1 [pid 6926] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6927] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] exit_group(0 [pid 6937] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6927] <... futex resumed>) = ? [pid 6926] <... exit_group resumed>) = ? [pid 5833] close(4 [pid 6937] <... openat resumed>) = 5 [pid 6927] +++ exited with 0 +++ [pid 6926] +++ exited with 0 +++ [pid 6937] ioctl(5, LOOP_SET_FD, 4 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./11/file0" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6926, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=69 /* 0.69 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 100.743551][ T6927] BTRFS info (device loop3 state M): force clearing of disk cache [ 100.751412][ T6927] BTRFS info (device loop3 state M): doing ref verification [ 100.778730][ T6927] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6937] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... rmdir resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] rmdir("./11" [pid 6937] ioctl(5, LOOP_CLR_FD [pid 5832] <... openat resumed>) = 3 [pid 6937] <... ioctl resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] mkdir("./12", 0777 [pid 5832] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] unlink("./11/binderfs" [pid 6937] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] <... unlink resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 6937] close(5 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] <... close resumed>) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6937] close(4 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7021 ./strace-static-x86_64: Process 7021 attached [ 100.840314][ T5832] BTRFS info (device loop3): last unmount of filesystem b1c0d177-2309-44c0-a47b-ef58c7e09a12 [pid 7021] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7021] chdir("./12") = 0 [pid 7021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7021] setpgid(0, 0) = 0 [pid 7021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7021] write(3, "1000", 4) = 4 [pid 7021] close(3) = 0 [pid 7021] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6975] <... mount resumed>) = 0 [pid 7021] write(1, "executing program\n", 18 [pid 6975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7021] <... write resumed>) = 18 [pid 6975] <... openat resumed>) = 3 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] chdir("./file0" [pid 7021] <... futex resumed>) = 0 [pid 6975] <... chdir resumed>) = 0 [pid 7021] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6975] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7021] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6975] <... openat resumed>) = 4 [pid 7021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6975] ioctl(4, LOOP_CLR_FD [pid 7021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6975] <... ioctl resumed>) = 0 [pid 7021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6975] close(4) = 0 [pid 7021] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6975] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7021] <... mprotect resumed>) = 0 [pid 6975] memfd_create("syzkaller", 0) = 4 [pid 6975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7023 attached => {parent_tid=[7023]}, 88) = 7023 [pid 7021] rt_sigprocmask(SIG_SETMASK, [], [pid 6932] <... close resumed>) = 0 [pid 7021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7023] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7023] <... rseq resumed>) = 0 [pid 7023] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] memfd_create("syzkaller", 0 [pid 6932] <... futex resumed>) = 1 [pid 6929] <... futex resumed>) = 0 [pid 6932] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6932] rename("./file1", "./file0/file0" [pid 7023] <... memfd_create resumed>) = 3 [pid 7023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6932] <... rename resumed>) = 0 [pid 6929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6929] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6932] <... futex resumed>) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6932] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6929] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 7025 attached => {parent_tid=[7025]}, 88) = 7025 [pid 7025] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], [pid 7025] <... rseq resumed>) = 0 [pid 6929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6929] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7025] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 7025] rt_sigprocmask(SIG_SETMASK, [], [pid 6929] <... futex resumed>) = 0 [pid 7025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6929] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7025] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7025] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6937] <... close resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6937] rename("./file1", "./file0/file0" [ 101.184882][ T7025] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 101.219197][ T7025] BTRFS info (device loop0 state M): setting nodatasum [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... rename resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6937] <... futex resumed>) = 0 [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] mkdir(".", 0777) = -1 EEXIST (File exists) [ 101.244467][ T7025] BTRFS info (device loop0 state M): setting nodatasum [ 101.274930][ T7025] BTRFS info (device loop0 state M): turning off barriers [pid 6937] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6934] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6975] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [ 101.297162][ T7025] BTRFS info (device loop0 state M): turning on flush-on-commit [ 101.321408][ T7025] BTRFS info (device loop0 state M): force clearing of disk cache [ 101.338987][ T7025] BTRFS info (device loop0 state M): doing ref verification [pid 5832] rmdir("./11/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./11") = 0 [pid 7025] <... mount resumed>) = 0 [pid 5832] mkdir("./12", 0777 [pid 7025] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5832] <... mkdir resumed>) = 0 [pid 7025] chdir(".") = 0 [pid 7025] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 101.364134][ T6937] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 101.382124][ T7025] BTRFS info (device loop0 state M): max_inline set to 26856 [ 101.390877][ T6937] BTRFS info (device loop1 state M): setting nodatasum [pid 7025] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6929] exit_group(0) = ? [pid 7025] <... futex resumed>) = ? [pid 7025] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 6932] <... futex resumed>) = ? [pid 6932] +++ exited with 0 +++ [pid 6929] +++ exited with 0 +++ [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6929, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=63 /* 0.63 s */} --- [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] close(3 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] <... close resumed>) = 0 [ 101.411759][ T6937] BTRFS info (device loop1 state M): setting nodatasum [ 101.418712][ T6937] BTRFS info (device loop1 state M): turning off barriers [pid 5829] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7026 ./strace-static-x86_64: Process 7026 attached [pid 5829] newfstatat(3, "", [pid 7026] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7026] <... set_robust_list resumed>) = 0 [pid 5829] getdents64(3, [pid 7026] chdir("./12" [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7026] <... chdir resumed>) = 0 [pid 5829] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7026] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7026] <... prctl resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./11/binderfs", [pid 7026] setpgid(0, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7026] <... setpgid resumed>) = 0 [pid 5829] unlink("./11/binderfs" [pid 7026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... unlink resumed>) = 0 [pid 7026] <... openat resumed>) = 3 [ 101.462634][ T6937] BTRFS info (device loop1 state M): turning on flush-on-commit [ 101.470773][ T6937] BTRFS info (device loop1 state M): force clearing of disk cache [ 101.496136][ T6937] BTRFS info (device loop1 state M): doing ref verification [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7026] write(3, "1000", 4) = 4 [pid 7026] close(3) = 0 [pid 7026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7026] write(1, "executing program\n", 18) = 18 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7026] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7027]}, 88) = 7027 [pid 7026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7027 attached [pid 7027] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7027] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7027] memfd_create("syzkaller", 0) = 3 [pid 7027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6975] <... write resumed>) = 16777216 [pid 6975] munmap(0x7fb775000000, 138412032 [pid 6937] <... mount resumed>) = 0 [pid 6937] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6937] chdir(".") = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6934] exit_group(0 [pid 6937] <... futex resumed>) = ? [pid 6934] <... exit_group resumed>) = ? [pid 6937] +++ exited with 0 +++ [pid 6934] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6934, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=62 /* 0.62 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 101.504305][ T5829] BTRFS info (device loop0): last unmount of filesystem d2b1352c-95ff-4963-98d4-9dcd0653b021 [ 101.511598][ T6937] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6975] <... munmap resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./11/binderfs") = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6975] <... openat resumed>) = 5 [pid 6975] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6975] ioctl(5, LOOP_CLR_FD) = 0 [pid 6975] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6975] close(5) = 0 [ 101.589229][ T5830] BTRFS info (device loop1): last unmount of filesystem 45f4fed5-50ad-47cc-868c-5ce72691c311 [pid 6975] close(4 [pid 7023] <... write resumed>) = 16777216 [pid 7023] munmap(0x7fb775000000, 138412032) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7023] close(3) = 0 [pid 7023] close(4) = 0 [pid 7023] mkdir("./file0", 0777) = 0 [pid 7023] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 101.794245][ T7023] loop4: detected capacity change from 0 to 32768 [ 101.834172][ T7023] BTRFS: device /dev/loop4 (7:4) using temp-fsid 2a99d89a-7394-4c50-b4b8-1b78e5f643a0 [pid 5829] getdents64(4, [pid 6975] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./11/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./11") = 0 [pid 7027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] mkdir("./12", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7029 ./strace-static-x86_64: Process 7029 attached [pid 7029] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7029] chdir("./12") = 0 [pid 7029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7029] setpgid(0, 0) = 0 [pid 7029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7029] write(3, "1000", 4) = 4 [pid 7029] close(3) = 0 [pid 7029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6975] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 101.867904][ T7023] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7023) [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6970] <... futex resumed>) = 0 [pid 6975] rename("./file1", "./file0/file0" [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] write(1, "executing program\n", 18) = 18 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7029] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7030]}, 88) = 7030 ./strace-static-x86_64: Process 7030 attached [pid 7029] rt_sigprocmask(SIG_SETMASK, [], [pid 6975] <... rename resumed>) = 0 [pid 7029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7030] set_robust_list(0x7fb77d6019a0, 24 [pid 6975] <... futex resumed>) = 0 [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] <... set_robust_list resumed>) = 0 [pid 6975] mkdir(".", 0777 [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6975] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7030] memfd_create("syzkaller", 0) = 3 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... umount2 resumed>) = 0 [ 101.954440][ T7023] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 101.979063][ T7023] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 5830] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./11/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./11") = 0 [pid 5830] mkdir("./12", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7037 [ 102.022041][ T7023] BTRFS info (device loop4): using free-space-tree [ 102.034764][ T6975] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW ./strace-static-x86_64: Process 7037 attached [pid 7037] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7037] chdir("./12") = 0 [pid 7037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7037] setpgid(0, 0) = 0 [pid 7037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7037] write(3, "1000", 4) = 4 [pid 7037] close(3) = 0 [pid 7037] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7037] write(1, "executing program\n", 18) = 18 [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [ 102.090075][ T6975] BTRFS info (device loop2 state M): setting nodatasum [pid 7037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7037] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7023] <... mount resumed>) = 0 [pid 7023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 102.144407][ T6975] BTRFS info (device loop2 state M): setting nodatasum [ 102.172855][ T6975] BTRFS info (device loop2 state M): turning off barriers [pid 7023] chdir("./file0"./strace-static-x86_64: Process 7048 attached [pid 7048] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7048] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7048] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7023] <... chdir resumed>) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7023] ioctl(4, LOOP_CLR_FD) = 0 [pid 7023] close(4) = 0 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7023] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7037] <... clone3 resumed> => {parent_tid=[7048]}, 88) = 7048 [pid 7021] <... futex resumed>) = 0 [pid 7037] rt_sigprocmask(SIG_SETMASK, [], [pid 6975] <... mount resumed>) = 0 [pid 7037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = 0 [pid 7037] <... futex resumed>) = 1 [pid 7023] <... futex resumed>) = 0 [pid 7021] <... futex resumed>) = 1 [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7048] memfd_create("syzkaller", 0 [pid 7023] memfd_create("syzkaller", 0 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7023] <... memfd_create resumed>) = 4 [pid 7023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6975] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7023] <... mmap resumed>) = 0x7fb775000000 [pid 6975] <... openat resumed>) = 4 [pid 7048] <... memfd_create resumed>) = 3 [pid 6975] chdir("." [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6975] <... chdir resumed>) = 0 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6975] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] <... futex resumed>) = 0 [pid 6970] exit_group(0 [pid 6975] <... futex resumed>) = ? [pid 6970] <... exit_group resumed>) = ? [pid 6975] +++ exited with 0 +++ [pid 6970] +++ exited with 0 +++ [ 102.187394][ T6975] BTRFS info (device loop2 state M): turning on flush-on-commit [ 102.195582][ T6975] BTRFS info (device loop2 state M): force clearing of disk cache [ 102.210788][ T6975] BTRFS info (device loop2 state M): doing ref verification [ 102.220811][ T6975] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6970, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=60 /* 0.60 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 7030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./12/binderfs") = 0 [ 102.356748][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7027] <... write resumed>) = 16777216 [pid 7027] munmap(0x7fb775000000, 138412032 [pid 7048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7027] <... munmap resumed>) = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7027] close(3) = 0 [pid 7027] close(4) = 0 [pid 7027] mkdir("./file0", 0777) = 0 [ 102.520000][ T7027] loop3: detected capacity change from 0 to 32768 [ 102.546573][ T7027] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7027) [pid 7027] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7023] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7030] <... write resumed>) = 16777216 [pid 7030] munmap(0x7fb775000000, 138412032) = 0 [ 102.617464][ T7027] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7030] close(3) = 0 [pid 7030] close(4) = 0 [ 102.661654][ T7027] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 102.670355][ T7027] BTRFS info (device loop3): using free-space-tree [ 102.678158][ T7030] loop0: detected capacity change from 0 to 32768 [pid 5831] <... umount2 resumed>) = 0 [pid 7030] mkdir("./file0", 0777 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7030] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7030] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./12/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./12") = 0 [pid 5831] mkdir("./13", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7055 ./strace-static-x86_64: Process 7055 attached [pid 7055] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7055] chdir("./13") = 0 [pid 7055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7055] setpgid(0, 0) = 0 [pid 7055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7055] write(3, "1000", 4) = 4 [pid 7055] close(3) = 0 [pid 7055] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7055] write(1, "executing program\n", 18) = 18 [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7055] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7055] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7064 attached => {parent_tid=[7064]}, 88) = 7064 [pid 7055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7064] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7064] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7064] memfd_create("syzkaller", 0) = 3 [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 102.742786][ T7030] BTRFS: device /dev/loop0 (7:0) using temp-fsid d6bc83ba-1a24-4c16-aca7-3da6b62c7056 [ 102.772621][ T7030] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7030) [ 102.851975][ T7030] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7027] <... mount resumed>) = 0 [pid 7048] <... write resumed>) = 16777216 [pid 7027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7027] chdir("./file0") = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7027] ioctl(4, LOOP_CLR_FD) = 0 [ 102.897890][ T7030] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 7027] close(4) = 0 [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7026] <... futex resumed>) = 0 [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] munmap(0x7fb775000000, 138412032 [pid 7027] memfd_create("syzkaller", 0 [pid 7026] <... futex resumed>) = 0 [pid 7027] <... memfd_create resumed>) = 4 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7048] <... munmap resumed>) = 0 [ 102.949594][ T7030] BTRFS info (device loop0): using free-space-tree [pid 7048] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7048] close(3) = 0 [pid 7048] close(4) = 0 [pid 7048] mkdir("./file0", 0777) = 0 [ 103.021175][ T7048] loop1: detected capacity change from 0 to 32768 [pid 7048] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7030] <... mount resumed>) = 0 [pid 7030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7030] chdir("./file0") = 0 [ 103.079299][ T7048] BTRFS: device /dev/loop1 (7:1) using temp-fsid 66eb5536-b400-4b8e-9308-dd2c3525bf48 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7030] ioctl(4, LOOP_CLR_FD) = 0 [pid 7023] <... write resumed>) = 16777216 [pid 7030] close(4) = 0 [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7030] memfd_create("syzkaller", 0) = 4 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 103.156276][ T7048] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7048) [pid 7023] munmap(0x7fb775000000, 138412032 [pid 7027] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7023] <... munmap resumed>) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7023] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7023] ioctl(5, LOOP_CLR_FD) = 0 [pid 7023] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7023] close(5) = 0 [ 103.251687][ T7048] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7023] close(4 [ 103.301211][ T7048] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 103.320228][ T7048] BTRFS info (device loop1): using free-space-tree [pid 7064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7023] <... close resumed>) = 0 [pid 7027] <... write resumed>) = 16777216 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] munmap(0x7fb775000000, 138412032 [pid 7023] <... futex resumed>) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7023] rename("./file1", "./file0/file0" [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] <... mount resumed>) = 0 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7048] chdir("./file0") = 0 [pid 7048] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7048] ioctl(4, LOOP_CLR_FD) = 0 [pid 7048] close(4) = 0 [pid 7027] <... munmap resumed>) = 0 [pid 7023] <... rename resumed>) = 0 [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7048] memfd_create("syzkaller", 0 [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... memfd_create resumed>) = 4 [pid 7037] <... futex resumed>) = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7027] <... openat resumed>) = 5 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... mmap resumed>) = 0x7fb775000000 [pid 7027] ioctl(5, LOOP_SET_FD, 4 [pid 7023] <... futex resumed>) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7027] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7023] mkdir(".", 0777 [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7021] <... futex resumed>) = 0 [pid 7023] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7027] ioctl(5, LOOP_CLR_FD) = 0 [pid 7027] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7027] close(5) = 0 [pid 7027] close(4 [ 103.692365][ T7023] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 103.741786][ T7023] BTRFS info (device loop4 state M): setting nodatasum [ 103.748923][ T7023] BTRFS info (device loop4 state M): setting nodatasum [ 103.763471][ T7023] BTRFS info (device loop4 state M): turning off barriers [ 103.795691][ T7023] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 7030] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7027] <... close resumed>) = 0 [pid 7064] <... write resumed>) = 16777216 [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... mount resumed>) = 0 [pid 7064] munmap(0x7fb775000000, 138412032 [pid 7027] <... futex resumed>) = 1 [pid 7026] <... futex resumed>) = 0 [pid 7023] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... openat resumed>) = 4 [pid 7026] <... futex resumed>) = 0 [pid 7023] chdir("." [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] rename("./file1", "./file0/file0" [pid 7023] <... chdir resumed>) = 0 [ 103.851673][ T7023] BTRFS info (device loop4 state M): force clearing of disk cache [ 103.862629][ T7023] BTRFS info (device loop4 state M): doing ref verification [ 103.869958][ T7023] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7021] exit_group(0) = ? [pid 7027] <... rename resumed>) = 0 [pid 7023] +++ exited with 0 +++ [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7064] <... munmap resumed>) = 0 [pid 7048] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7026] <... futex resumed>) = 0 [pid 7021] +++ exited with 0 +++ [pid 7064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... futex resumed>) = 0 [pid 7026] <... futex resumed>) = 1 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7021, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=66 /* 0.66 s */} --- [pid 7064] <... openat resumed>) = 4 [pid 7027] mkdir(".", 0777 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7027] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] <... restart_syscall resumed>) = 0 [pid 7064] ioctl(4, LOOP_SET_FD, 3 [pid 7027] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./12/binderfs") = 0 [pid 5833] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7064] <... ioctl resumed>) = 0 [pid 7064] close(3) = 0 [pid 7064] close(4) = 0 [ 103.970718][ T7064] loop2: detected capacity change from 0 to 32768 [ 103.989632][ T5833] BTRFS info (device loop4): last unmount of filesystem 2a99d89a-7394-4c50-b4b8-1b78e5f643a0 [pid 7064] mkdir("./file0", 0777) = 0 [ 104.012263][ T7027] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 104.032255][ T7027] BTRFS info (device loop3 state M): setting nodatasum [ 104.043525][ T7064] BTRFS: device /dev/loop2 (7:2) using temp-fsid b35a8dab-f09d-401f-bc59-1f024eebd02e [ 104.068005][ T7027] BTRFS info (device loop3 state M): setting nodatasum [ 104.072363][ T7064] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7064) [ 104.092214][ T7027] BTRFS info (device loop3 state M): turning off barriers [ 104.116284][ T7027] BTRFS info (device loop3 state M): turning on flush-on-commit [ 104.141830][ T7064] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 104.148960][ T7027] BTRFS info (device loop3 state M): force clearing of disk cache [pid 7064] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7030] <... write resumed>) = 16777216 [ 104.187340][ T7064] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 104.207393][ T7027] BTRFS info (device loop3 state M): doing ref verification [ 104.212837][ T7064] BTRFS info (device loop2): using free-space-tree [pid 7030] munmap(0x7fb775000000, 138412032) = 0 [pid 7027] <... mount resumed>) = 0 [pid 7027] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7027] chdir(".") = 0 [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7027] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7026] <... futex resumed>) = 0 [pid 7030] <... openat resumed>) = 5 [pid 7026] exit_group(0 [pid 7030] ioctl(5, LOOP_SET_FD, 4 [pid 7027] <... futex resumed>) = ? [pid 7026] <... exit_group resumed>) = ? [pid 7030] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7030] ioctl(5, LOOP_CLR_FD) = 0 [pid 7027] +++ exited with 0 +++ [pid 7026] +++ exited with 0 +++ [pid 7030] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7026, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 7030] close(5 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 7030] <... close resumed>) = 0 [pid 7030] close(4 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 104.241683][ T7027] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./12/binderfs") = 0 [ 104.346841][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5832] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7064] <... mount resumed>) = 0 [pid 7064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7064] chdir("./file0") = 0 [pid 7064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7064] ioctl(4, LOOP_CLR_FD) = 0 [pid 7064] close(4) = 0 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] <... futex resumed>) = 0 [pid 7064] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7064] memfd_create("syzkaller", 0 [pid 7055] <... futex resumed>) = 0 [pid 7064] <... memfd_create resumed>) = 4 [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7048] <... write resumed>) = 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 7030] <... close resumed>) = 0 [pid 7048] munmap(0x7fb775000000, 138412032 [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] <... futex resumed>) = 0 [pid 7030] rename("./file1", "./file0/file0" [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 7030] <... rename resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 7030] <... futex resumed>) = 1 [pid 7029] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] <... futex resumed>) = 0 [pid 7030] mkdir(".", 0777 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] rmdir("./12/file0" [pid 7030] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] <... rmdir resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./12") = 0 [pid 5833] mkdir("./13", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 7048] <... munmap resumed>) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7120 attached [pid 7048] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7120 [pid 7120] set_robust_list(0x55558bffa6a0, 24 [pid 7048] <... openat resumed>) = 5 [pid 7048] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7048] ioctl(5, LOOP_CLR_FD) = 0 [pid 7048] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7048] close(5) = 0 [pid 7048] close(4 [pid 7120] <... set_robust_list resumed>) = 0 [pid 7120] chdir("./13") = 0 [pid 7120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7120] setpgid(0, 0) = 0 [pid 7120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 104.624636][ T7030] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 104.663388][ T7030] BTRFS info (device loop0 state M): setting nodatasum [pid 7120] write(3, "1000", 4) = 4 [pid 7120] close(3) = 0 [pid 7120] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7120] write(1, "executing program\n", 18) = 18 [ 104.670293][ T7030] BTRFS info (device loop0 state M): setting nodatasum [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7120] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7121 attached => {parent_tid=[7121]}, 88) = 7121 [pid 7120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7121] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] <... rseq resumed>) = 0 [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7064] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7121] memfd_create("syzkaller", 0) = 3 [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 104.733795][ T7030] BTRFS info (device loop0 state M): turning off barriers [ 104.741107][ T7030] BTRFS info (device loop0 state M): turning on flush-on-commit [ 104.755363][ T7030] BTRFS info (device loop0 state M): force clearing of disk cache [pid 5832] <... umount2 resumed>) = 0 [pid 7030] <... mount resumed>) = 0 [pid 7048] <... close resumed>) = 0 [ 104.802350][ T7030] BTRFS info (device loop0 state M): doing ref verification [ 104.809703][ T7030] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7030] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7030] chdir("." [pid 5832] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7030] <... chdir resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7030] <... futex resumed>) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] newfstatat(AT_FDCWD, "./12/file0", [pid 7029] exit_group(0 [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = ? [pid 7029] <... exit_group resumed>) = ? [pid 7048] <... futex resumed>) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7030] +++ exited with 0 +++ [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 7048] rename("./file1", "./file0/file0" [pid 7029] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7029, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=68 /* 0.68 s */} --- [pid 5832] getdents64(4, [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./12/file0" [pid 5829] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5829] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] <... openat resumed>) = 3 [pid 7048] <... rename resumed>) = 0 [pid 5832] close(3 [pid 5829] newfstatat(3, "", [pid 5832] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] rmdir("./12" [pid 5829] getdents64(3, [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./12/binderfs" [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] mkdir("./13", 0777 [pid 5829] <... unlink resumed>) = 0 [pid 7048] <... futex resumed>) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7048] mkdir(".", 0777 [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7048] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7037] <... futex resumed>) = 0 [pid 7048] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7123 ./strace-static-x86_64: Process 7123 attached [pid 7123] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7123] chdir("./13") = 0 [pid 7123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7123] setpgid(0, 0) = 0 [pid 7123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 7123] write(3, "1000", 4) = 4 [pid 7123] close(3) = 0 [pid 7123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7123] write(1, "executing program\n", 18) = 18 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7123] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7124]}, 88) = 7124 [pid 7123] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7124 attached NULL, 8) = 0 [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7124] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7124] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7124] memfd_create("syzkaller", 0) = 3 [pid 7124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 104.916902][ T7048] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 104.932087][ T5829] BTRFS info (device loop0): last unmount of filesystem d6bc83ba-1a24-4c16-aca7-3da6b62c7056 [ 104.951656][ T7048] BTRFS info (device loop1 state M): setting nodatasum [ 104.969653][ T7048] BTRFS info (device loop1 state M): setting nodatasum [ 104.981680][ T7048] BTRFS info (device loop1 state M): turning off barriers [ 105.001096][ T7048] BTRFS info (device loop1 state M): turning on flush-on-commit [ 105.018192][ T7048] BTRFS info (device loop1 state M): force clearing of disk cache [ 105.051605][ T7048] BTRFS info (device loop1 state M): doing ref verification [pid 7121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7048] <... mount resumed>) = 0 [pid 7048] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7048] chdir(".") = 0 [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7048] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7037] exit_group(0 [pid 7048] <... futex resumed>) = ? [pid 7037] <... exit_group resumed>) = ? [pid 7048] +++ exited with 0 +++ [pid 7037] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7037, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=61 /* 0.61 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./12/binderfs") = 0 [ 105.088367][ T7048] BTRFS info (device loop1 state M): max_inline set to 26856 [ 105.162275][ T5830] BTRFS info (device loop1): last unmount of filesystem 66eb5536-b400-4b8e-9308-dd2c3525bf48 [pid 5830] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7064] <... write resumed>) = 16777216 [pid 7064] munmap(0x7fb775000000, 138412032 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./12/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./12") = 0 [pid 5829] mkdir("./13", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 7064] <... munmap resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7064] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 7125 attached ) = 5 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7125 [pid 7125] set_robust_list(0x55558bffa6a0, 24 [pid 7064] ioctl(5, LOOP_SET_FD, 4 [pid 7125] <... set_robust_list resumed>) = 0 [pid 7064] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7125] chdir("./13" [pid 7064] ioctl(5, LOOP_CLR_FD) = 0 [pid 7125] <... chdir resumed>) = 0 [pid 7125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7064] ioctl(5, LOOP_SET_FD, 4 [pid 7125] setpgid(0, 0 [pid 7064] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7125] <... setpgid resumed>) = 0 [pid 7064] close(5 [pid 7125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7064] <... close resumed>) = 0 [pid 7064] close(4 [pid 7125] <... openat resumed>) = 3 [pid 7125] write(3, "1000", 4) = 4 [pid 7125] close(3) = 0 [pid 7125] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7125] write(1, "executing program\n", 18) = 18 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7125] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7126 attached => {parent_tid=[7126]}, 88) = 7126 [pid 7125] rt_sigprocmask(SIG_SETMASK, [], [pid 7126] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7126] <... rseq resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] set_robust_list(0x7fb77d6019a0, 24 [pid 7125] <... futex resumed>) = 0 [pid 7126] <... set_robust_list resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7126] memfd_create("syzkaller", 0) = 3 [pid 5830] <... umount2 resumed>) = 0 [pid 7126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] <... mmap resumed>) = 0x7fb775000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./12/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./12") = 0 [pid 5830] mkdir("./13", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7128 ./strace-static-x86_64: Process 7128 attached [pid 7128] set_robust_list(0x55558bffa6a0, 24 [pid 7121] <... write resumed>) = 16777216 [pid 7128] <... set_robust_list resumed>) = 0 [pid 7121] munmap(0x7fb775000000, 138412032 [pid 7128] chdir("./13") = 0 [pid 7128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7128] setpgid(0, 0) = 0 [pid 7128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7121] <... munmap resumed>) = 0 [pid 7128] <... openat resumed>) = 3 [pid 7128] write(3, "1000", 4 [pid 7121] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7128] <... write resumed>) = 4 [pid 7121] <... openat resumed>) = 4 [pid 7128] close(3 [pid 7121] ioctl(4, LOOP_SET_FD, 3 [pid 7128] <... close resumed>) = 0 [pid 7128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7128] write(1, "executing program\n", 18executing program ) = 18 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7128] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7128] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7121] <... ioctl resumed>) = 0 [pid 7128] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7121] close(3 [pid 7128] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7121] <... close resumed>) = 0 [pid 7121] close(4./strace-static-x86_64: Process 7129 attached [pid 7128] <... clone3 resumed> => {parent_tid=[7129]}, 88) = 7129 [ 105.581375][ T7121] loop4: detected capacity change from 0 to 32768 [pid 7129] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7128] rt_sigprocmask(SIG_SETMASK, [], [pid 7129] <... rseq resumed>) = 0 [pid 7121] <... close resumed>) = 0 [pid 7064] <... close resumed>) = 0 [pid 7121] mkdir("./file0", 0777) = 0 [pid 7121] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 7129] set_robust_list(0x7fb77d6019a0, 24 [pid 7128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] <... set_robust_list resumed>) = 0 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] <... futex resumed>) = 0 [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] rename("./file1", "./file0/file0" [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7128] <... futex resumed>) = 0 [pid 7129] memfd_create("syzkaller", 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] <... memfd_create resumed>) = 3 [pid 7129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 105.646373][ T7121] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7121) [pid 7124] <... write resumed>) = 16777216 [pid 7064] <... rename resumed>) = 0 [pid 7124] munmap(0x7fb775000000, 138412032 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] <... munmap resumed>) = 0 [pid 7055] <... futex resumed>) = 0 [pid 7064] mkdir(".", 0777 [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7055] <... futex resumed>) = 0 [pid 7064] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7124] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 105.707063][ T7121] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 105.739794][ T7121] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 7124] ioctl(4, LOOP_SET_FD, 3) = 0 [ 105.765795][ T7121] BTRFS info (device loop4): using free-space-tree [ 105.775734][ T7124] loop3: detected capacity change from 0 to 32768 [ 105.783558][ T7064] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 105.807933][ T7064] BTRFS info (device loop2 state M): setting nodatasum [pid 7124] close(3) = 0 [pid 7124] close(4) = 0 [pid 7124] mkdir("./file0", 0777) = 0 [pid 7126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 105.823400][ T7064] BTRFS info (device loop2 state M): setting nodatasum [ 105.859363][ T7124] BTRFS: device /dev/loop3 (7:3) using temp-fsid 074d424e-b89c-4b0a-a465-894710e075e7 [ 105.881391][ T7064] BTRFS info (device loop2 state M): turning off barriers [ 105.908150][ T7064] BTRFS info (device loop2 state M): turning on flush-on-commit [ 105.915989][ T7124] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7124) [ 105.942133][ T7064] BTRFS info (device loop2 state M): force clearing of disk cache [ 105.963529][ T7064] BTRFS info (device loop2 state M): doing ref verification [ 105.970874][ T7064] BTRFS info (device loop2 state M): max_inline set to 26856 [ 105.981036][ T7124] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7124] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7121] <... mount resumed>) = 0 [pid 7121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7121] chdir("./file0") = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7121] ioctl(4, LOOP_CLR_FD) = 0 [pid 7121] close(4) = 0 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] memfd_create("syzkaller", 0 [pid 7064] <... mount resumed>) = 0 [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] <... memfd_create resumed>) = 4 [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7064] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7064] chdir(".") = 0 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] <... futex resumed>) = 0 [pid 7064] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7055] exit_group(0) = ? [pid 7064] <... futex resumed>) = ? [pid 7064] +++ exited with 0 +++ [pid 7055] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7055, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=69 /* 0.69 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./13/binderfs") = 0 [ 106.007091][ T7124] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 106.073504][ T7124] BTRFS info (device loop3): using free-space-tree [ 106.082852][ T5831] BTRFS info (device loop2): last unmount of filesystem b35a8dab-f09d-401f-bc59-1f024eebd02e [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] <... write resumed>) = 16777216 [pid 7129] munmap(0x7fb775000000, 138412032) = 0 [pid 7129] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7129] ioctl(4, LOOP_SET_FD, 3 [pid 7121] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7124] <... mount resumed>) = 0 [pid 7124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7124] chdir("./file0") = 0 [pid 7124] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7124] ioctl(4, LOOP_CLR_FD) = 0 [pid 7124] close(4) = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7123] <... futex resumed>) = 0 [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = 0 [pid 7123] <... futex resumed>) = 1 [pid 7124] memfd_create("syzkaller", 0) = 4 [pid 7124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7129] <... ioctl resumed>) = 0 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] close(3) = 0 [pid 7129] close(4) = 0 [pid 7129] mkdir("./file0", 0777) = 0 [ 106.346714][ T7129] loop1: detected capacity change from 0 to 32768 [pid 7129] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [ 106.401633][ T7129] BTRFS: device /dev/loop1 (7:1) using temp-fsid 001da3cd-8cc3-4aed-910e-0a5fa238de15 [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./13/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./13") = 0 [pid 5831] mkdir("./14", 0777) = 0 [ 106.443023][ T7129] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7129) [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 7126] <... write resumed>) = 16777216 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 7126] munmap(0x7fb775000000, 138412032 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7163 ./strace-static-x86_64: Process 7163 attached [pid 7163] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7163] chdir("./14") = 0 [pid 7163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7163] setpgid(0, 0) = 0 [pid 7163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7163] write(3, "1000", 4) = 4 [pid 7163] close(3) = 0 [pid 7163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7163] write(1, "executing program\n", 18) = 18 [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7163] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7165]}, 88) = 7165 [pid 7163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 7165 attached [pid 7165] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7165] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7165] memfd_create("syzkaller", 0) = 3 [pid 7165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 106.534033][ T7129] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 106.569349][ T7129] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 7126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7126] close(3) = 0 [pid 7126] close(4) = 0 [pid 7126] mkdir("./file0", 0777) = 0 [ 106.612913][ T7129] BTRFS info (device loop1): using free-space-tree [ 106.620057][ T7126] loop0: detected capacity change from 0 to 32768 [ 106.648514][ T7126] BTRFS: device /dev/loop0 (7:0) using temp-fsid c988fbd1-373e-4ceb-8b80-4c6d12a4cb1c [pid 7126] mount("/dev/loop0", "./file0", "btrfs", 0, "" [ 106.713927][ T7126] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7126) [pid 7124] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] <... write resumed>) = 16777216 [pid 7165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] munmap(0x7fb775000000, 138412032) = 0 [pid 7129] <... mount resumed>) = 0 [pid 7129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7129] chdir("./file0") = 0 [pid 7129] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7129] ioctl(4, LOOP_CLR_FD) = 0 [pid 7129] close(4) = 0 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7128] <... futex resumed>) = 0 [pid 7129] memfd_create("syzkaller", 0 [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... memfd_create resumed>) = 4 [pid 7128] <... futex resumed>) = 0 [pid 7129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] <... mmap resumed>) = 0x7fb775000000 [ 106.797063][ T7126] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 106.807368][ T7126] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 106.816690][ T7126] BTRFS info (device loop0): using free-space-tree [pid 7121] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7121] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7121] ioctl(5, LOOP_CLR_FD) = 0 [pid 7121] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7121] close(5) = 0 [pid 7121] close(4 [pid 7126] <... mount resumed>) = 0 [pid 7126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7126] chdir("./file0") = 0 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7126] ioctl(4, LOOP_CLR_FD) = 0 [pid 7126] close(4) = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7126] memfd_create("syzkaller", 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] <... memfd_create resumed>) = 4 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7165] <... write resumed>) = 16777216 [pid 7165] munmap(0x7fb775000000, 138412032) = 0 [pid 7121] <... close resumed>) = 0 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7165] ioctl(4, LOOP_SET_FD, 3 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... ioctl resumed>) = 0 [pid 7121] <... futex resumed>) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7165] close(3 [pid 7121] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... close resumed>) = 0 [pid 7121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7120] <... futex resumed>) = 0 [pid 7165] close(4 [pid 7121] rename("./file1", "./file0/file0" [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] <... close resumed>) = 0 [pid 7165] mkdir("./file0", 0777) = 0 [pid 7165] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7121] <... rename resumed>) = 0 [pid 7129] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7121] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.202916][ T7165] loop2: detected capacity change from 0 to 32768 [ 107.237887][ T7165] BTRFS: device /dev/loop2 (7:2) using temp-fsid 7abc3ff4-3ddd-4d33-b1ea-5c14d6ec26e5 [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7121] mkdir(".", 0777) = -1 EEXIST (File exists) [ 107.274157][ T7165] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7165) [ 107.302492][ T7121] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 7121] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7124] <... write resumed>) = 16777216 [ 107.348693][ T7165] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 107.360596][ T7121] BTRFS info (device loop4 state M): setting nodatasum [ 107.387838][ T7121] BTRFS info (device loop4 state M): setting nodatasum [pid 7124] munmap(0x7fb775000000, 138412032) = 0 [pid 7124] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7126] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7124] <... openat resumed>) = 5 [pid 7124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7124] ioctl(5, LOOP_CLR_FD) = 0 [ 107.397213][ T7165] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 107.420014][ T7121] BTRFS info (device loop4 state M): turning off barriers [ 107.427560][ T7165] BTRFS info (device loop2): using free-space-tree [ 107.441656][ T7121] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 7124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7124] close(5) = 0 [pid 7124] close(4 [pid 7121] <... mount resumed>) = 0 [pid 7121] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7121] chdir(".") = 0 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7121] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] exit_group(0 [pid 7121] <... futex resumed>) = ? [pid 7120] <... exit_group resumed>) = ? [pid 7121] +++ exited with 0 +++ [pid 7120] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7120, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=60 /* 0.60 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./13/binderfs") = 0 [ 107.463795][ T7121] BTRFS info (device loop4 state M): force clearing of disk cache [ 107.483193][ T7121] BTRFS info (device loop4 state M): doing ref verification [ 107.491402][ T7121] BTRFS info (device loop4 state M): max_inline set to 26856 [ 107.556784][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7124] <... close resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7123] <... futex resumed>) = 0 [pid 7124] rename("./file1", "./file0/file0" [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] <... mount resumed>) = 0 [pid 7165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7165] chdir("./file0") = 0 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7165] ioctl(4, LOOP_CLR_FD) = 0 [pid 7165] close(4) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... rename resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... futex resumed>) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7124] <... futex resumed>) = 1 [pid 7123] <... futex resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7123] <... futex resumed>) = 0 [pid 7124] mkdir(".", 0777 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7124] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7165] memfd_create("syzkaller", 0 [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7165] <... memfd_create resumed>) = 4 [pid 7163] <... futex resumed>) = 0 [pid 7165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 107.702951][ T7124] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 107.729313][ T7124] BTRFS info (device loop3 state M): setting nodatasum [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] <... write resumed>) = 16777216 [pid 7129] munmap(0x7fb775000000, 138412032) = 0 [ 107.751579][ T7124] BTRFS info (device loop3 state M): setting nodatasum [ 107.758492][ T7124] BTRFS info (device loop3 state M): turning off barriers [pid 7129] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [ 107.812188][ T7124] BTRFS info (device loop3 state M): turning on flush-on-commit [ 107.821200][ T7124] BTRFS info (device loop3 state M): force clearing of disk cache [ 107.851730][ T7124] BTRFS info (device loop3 state M): doing ref verification [pid 7129] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7129] ioctl(5, LOOP_CLR_FD) = 0 [pid 7124] <... mount resumed>) = 0 [ 107.859074][ T7124] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 7129] ioctl(5, LOOP_SET_FD, 4 [pid 7124] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7124] chdir(".") = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7123] <... futex resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7123] exit_group(0 [pid 7129] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7129] close(5 [pid 7124] <... futex resumed>) = ? [pid 7123] <... exit_group resumed>) = ? [pid 7124] +++ exited with 0 +++ [pid 7123] +++ exited with 0 +++ [pid 7129] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7123, si_uid=0, si_status=0, si_utime=17 /* 0.17 s */, si_stime=61 /* 0.61 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7129] close(4 [pid 5832] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] <... umount2 resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] newfstatat(AT_FDCWD, "./13/file0", [pid 5832] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./13/binderfs" [pid 5833] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... unlink resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./13/file0") = 0 [pid 7126] <... write resumed>) = 16777216 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./13") = 0 [pid 5833] mkdir("./14", 0777 [pid 7126] munmap(0x7fb775000000, 138412032) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 7165] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] ioctl(3, LOOP_CLR_FD [pid 7126] <... openat resumed>) = 5 [pid 7126] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7126] ioctl(5, LOOP_CLR_FD) = 0 [pid 7126] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7126] close(5) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7126] close(4 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7216 attached [pid 7216] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7216 [pid 7216] <... set_robust_list resumed>) = 0 [pid 7216] chdir("./14") = 0 [pid 7216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7216] setpgid(0, 0) = 0 [pid 7216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7129] <... close resumed>) = 0 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] write(3, "1000", 4 [pid 7128] <... futex resumed>) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7216] <... write resumed>) = 4 [pid 7129] rename("./file1", "./file0/file0" [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] close(3 [pid 7128] <... futex resumed>) = 0 [ 108.056886][ T5832] BTRFS info (device loop3): last unmount of filesystem 074d424e-b89c-4b0a-a465-894710e075e7 [pid 7216] <... close resumed>) = 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7216] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7216] write(1, "executing program\n", 18) = 18 [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7216] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7216] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7129] <... rename resumed>) = 0 [pid 7216] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7217 attached => {parent_tid=[7217]}, 88) = 7217 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] rt_sigprocmask(SIG_SETMASK, [], [pid 7217] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7128] <... futex resumed>) = 0 [pid 7217] <... rseq resumed>) = 0 [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] set_robust_list(0x7fb77d6019a0, 24 [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] mkdir(".", 0777 [pid 7128] <... futex resumed>) = 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... set_robust_list resumed>) = 0 [pid 7216] <... futex resumed>) = 0 [pid 7129] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7217] rt_sigprocmask(SIG_SETMASK, [], [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7217] memfd_create("syzkaller", 0) = 3 [pid 7217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 108.242037][ T7129] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 108.281587][ T7129] BTRFS info (device loop1 state M): setting nodatasum [ 108.288494][ T7129] BTRFS info (device loop1 state M): setting nodatasum [ 108.341640][ T7129] BTRFS info (device loop1 state M): turning off barriers [ 108.348809][ T7129] BTRFS info (device loop1 state M): turning on flush-on-commit [pid 7126] <... close resumed>) = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.391592][ T7129] BTRFS info (device loop1 state M): force clearing of disk cache [ 108.399459][ T7129] BTRFS info (device loop1 state M): doing ref verification [pid 7126] rename("./file1", "./file0/file0") = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7126] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5832] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7129] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7129] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 4 [pid 7129] chdir("." [pid 5832] newfstatat(4, "", [pid 7129] <... chdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 7129] <... futex resumed>) = 1 [pid 7128] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7129] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7128] exit_group(0 [pid 5832] getdents64(4, [pid 7129] <... futex resumed>) = ? [pid 7128] <... exit_group resumed>) = ? [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [ 108.468280][ T7129] BTRFS info (device loop1 state M): max_inline set to 26856 [ 108.496279][ T7126] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 7217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7165] <... write resumed>) = 16777216 [pid 7129] +++ exited with 0 +++ [pid 7128] +++ exited with 0 +++ [pid 5832] close(4 [pid 7165] munmap(0x7fb775000000, 138412032 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./13/file0") = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7128, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=57 /* 0.57 s */} --- [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] close(3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./13" [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] mkdir("./14", 0777 [pid 5830] getdents64(3, [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5832] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] unlink("./13/binderfs") = 0 [pid 5830] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 108.533654][ T7126] BTRFS info (device loop0 state M): setting nodatasum [ 108.553511][ T7126] BTRFS info (device loop0 state M): setting nodatasum [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7219 attached [pid 7165] <... munmap resumed>) = 0 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7219 [pid 7219] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7219] chdir("./14") = 0 [pid 7219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7219] setpgid(0, 0) = 0 [pid 7219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7219] write(3, "1000", 4) = 4 [pid 7219] close(3) = 0 [pid 7219] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7219] write(1, "executing program\n", 18) = 18 [pid 7165] <... openat resumed>) = 5 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7219] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7220]}, 88) = 7220 [pid 7219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] ioctl(5, LOOP_SET_FD, 4./strace-static-x86_64: Process 7220 attached [pid 7219] <... futex resumed>) = 0 [pid 7165] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7220] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] <... rseq resumed>) = 0 [pid 7165] ioctl(5, LOOP_CLR_FD [pid 7220] set_robust_list(0x7fb77d6019a0, 24 [pid 7165] <... ioctl resumed>) = 0 [pid 7220] <... set_robust_list resumed>) = 0 [pid 7220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7220] memfd_create("syzkaller", 0) = 3 [pid 7165] ioctl(5, LOOP_SET_FD, 4 [pid 7220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7165] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7220] <... mmap resumed>) = 0x7fb775000000 [pid 7165] close(5) = 0 [ 108.578662][ T7126] BTRFS info (device loop0 state M): turning off barriers [ 108.582221][ T5830] BTRFS info (device loop1): last unmount of filesystem 001da3cd-8cc3-4aed-910e-0a5fa238de15 [ 108.587242][ T7126] BTRFS info (device loop0 state M): turning on flush-on-commit [ 108.649626][ T7126] BTRFS info (device loop0 state M): force clearing of disk cache [ 108.659196][ T7126] BTRFS info (device loop0 state M): doing ref verification [ 108.668165][ T7126] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7165] close(4 [pid 7126] <... mount resumed>) = 0 [pid 7126] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7126] chdir(".") = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7126] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] exit_group(0) = ? [pid 7126] <... futex resumed>) = ? [pid 7126] +++ exited with 0 +++ [pid 7125] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7125, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=70 /* 0.70 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./13/binderfs") = 0 [ 108.812521][ T5829] BTRFS info (device loop0): last unmount of filesystem c988fbd1-373e-4ceb-8b80-4c6d12a4cb1c [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7165] <... close resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7163] <... futex resumed>) = 0 [pid 7165] rename("./file1", "./file0/file0" [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7217] <... write resumed>) = 16777216 [pid 7217] munmap(0x7fb775000000, 138412032 [pid 7165] <... rename resumed>) = 0 [pid 7217] <... munmap resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7165] <... futex resumed>) = 0 [pid 7163] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] <... umount2 resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... openat resumed>) = 4 [pid 7165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7163] <... futex resumed>) = 0 [pid 7165] mkdir(".", 0777 [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] ioctl(4, LOOP_SET_FD, 3 [pid 7165] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7165] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7217] <... ioctl resumed>) = 0 [pid 7220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7217] close(3 [pid 5830] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7217] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7217] close(4 [pid 5830] newfstatat(AT_FDCWD, "./13/file0", [pid 7217] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7217] mkdir("./file0", 0777) = 0 [pid 5830] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7217] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 109.012933][ T7217] loop4: detected capacity change from 0 to 32768 [ 109.047557][ T7165] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5830] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 109.059633][ T7217] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7217) [ 109.081784][ T7165] BTRFS info (device loop2 state M): setting nodatasum [ 109.098185][ T7217] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./13/file0") = 0 [ 109.108520][ T7165] BTRFS info (device loop2 state M): setting nodatasum [ 109.116009][ T7165] BTRFS info (device loop2 state M): turning off barriers [ 109.123544][ T7217] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 109.133732][ T7165] BTRFS info (device loop2 state M): turning on flush-on-commit [ 109.142813][ T7217] BTRFS info (device loop4): using free-space-tree [ 109.150046][ T7165] BTRFS info (device loop2 state M): force clearing of disk cache [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./13") = 0 [pid 5830] mkdir("./14", 0777 [pid 7165] <... mount resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 7165] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7225 attached [pid 7165] <... openat resumed>) = 4 [pid 7165] chdir("." [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7225 [pid 7225] set_robust_list(0x55558bffa6a0, 24 [pid 7165] <... chdir resumed>) = 0 [pid 7225] <... set_robust_list resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7225] chdir("./14" [pid 7165] <... futex resumed>) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7225] <... chdir resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7163] exit_group(0 [pid 5829] <... umount2 resumed>) = 0 [pid 7163] <... exit_group resumed>) = ? [pid 7225] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7165] <... futex resumed>) = ? [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7225] <... prctl resumed>) = 0 [pid 7225] setpgid(0, 0 [pid 7165] +++ exited with 0 +++ [pid 7163] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7225] <... setpgid resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./13/file0", [pid 7225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7163, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=62 /* 0.62 s */} --- [pid 7225] <... openat resumed>) = 3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 109.158634][ T7165] BTRFS info (device loop2 state M): doing ref verification [ 109.167149][ T7165] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 7225] write(3, "1000", 4 [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7225] <... write resumed>) = 4 [pid 5831] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7225] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7225] <... close resumed>) = 0 [pid 5831] unlink("./14/binderfs" [pid 7225] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... unlink resumed>) = 0 executing program [pid 5829] <... openat resumed>) = 4 [pid 7225] <... symlink resumed>) = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7225] write(1, "executing program\n", 18 [pid 5829] newfstatat(4, "", [pid 7225] <... write resumed>) = 18 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7225] <... futex resumed>) = 0 [pid 7225] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5829] getdents64(4, [pid 7225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5829] getdents64(4, [pid 7225] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7225] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5829] close(4 [pid 7225] <... mprotect resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 7225] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5829] rmdir("./13/file0" [pid 7225] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 7225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7225] <... clone3 resumed> => {parent_tid=[7228]}, 88) = 7228 [pid 5829] close(3 [pid 7225] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... close resumed>) = 0 [pid 7225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] rmdir("./13" [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... rmdir resumed>) = 0 [pid 7225] <... futex resumed>) = 0 [pid 5829] mkdir("./14", 0777 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7228 attached [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 7228] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7234 attached [pid 7228] <... rseq resumed>) = 0 [pid 7228] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7234] set_robust_list(0x55558bffa6a0, 24 [pid 7228] memfd_create("syzkaller", 0 [pid 7234] <... set_robust_list resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7234 [ 109.233168][ T5831] BTRFS info (device loop2): last unmount of filesystem 7abc3ff4-3ddd-4d33-b1ea-5c14d6ec26e5 [pid 7234] chdir("./14" [pid 7228] <... memfd_create resumed>) = 3 [pid 7228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7234] <... chdir resumed>) = 0 [pid 7234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7234] setpgid(0, 0) = 0 [pid 7234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7234] write(3, "1000", 4) = 4 [pid 7234] close(3) = 0 [pid 7234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7234] write(1, "executing program\n", 18executing program ) = 18 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7220] <... write resumed>) = 16777216 [pid 7217] <... mount resumed>) = 0 [pid 7234] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7220] munmap(0x7fb775000000, 138412032 [pid 7217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7234] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7217] <... openat resumed>) = 3 [pid 7217] chdir("./file0") = 0 [pid 7217] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7217] ioctl(4, LOOP_CLR_FD) = 0 [pid 7217] close(4) = 0 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7216] <... futex resumed>) = 0 [pid 7217] memfd_create("syzkaller", 0 [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... memfd_create resumed>) = 4 [pid 7217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7241 attached => {parent_tid=[7241]}, 88) = 7241 [pid 7220] <... munmap resumed>) = 0 [pid 7234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7241] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7241] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7241] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7241] <... futex resumed>) = 0 [pid 7234] <... futex resumed>) = 1 [pid 7220] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] <... openat resumed>) = 4 [pid 7241] memfd_create("syzkaller", 0) = 3 [pid 7241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7220] close(3) = 0 [ 109.443188][ T7220] loop3: detected capacity change from 0 to 32768 [pid 7220] close(4) = 0 [pid 7220] mkdir("./file0", 0777) = 0 [ 109.534799][ T7220] BTRFS: device /dev/loop3 (7:3) using temp-fsid 7e2cf363-8ac5-4ad9-ab9a-6f001313ab15 [pid 7220] mount("/dev/loop3", "./file0", "btrfs", 0, "" [ 109.584773][ T7220] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7220) [pid 7228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7217] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.640428][ T7220] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [ 109.690393][ T7220] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 109.710877][ T7220] BTRFS info (device loop3): using free-space-tree [pid 5831] rmdir("./14/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./14") = 0 [pid 5831] mkdir("./15", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7256 attached , child_tidptr=0x55558bffa690) = 7256 [pid 7256] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7256] chdir("./15") = 0 [pid 7256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7256] setpgid(0, 0) = 0 [pid 7256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7256] write(3, "1000", 4) = 4 [pid 7256] close(3) = 0 [pid 7256] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7256] write(1, "executing program\n", 18) = 18 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7256] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7259]}, 88) = 7259 [pid 7256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7259 attached [pid 7259] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7259] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7259] memfd_create("syzkaller", 0) = 3 [pid 7259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7220] <... mount resumed>) = 0 [pid 7217] <... write resumed>) = 16777216 [pid 7220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7220] chdir("./file0") = 0 [pid 7220] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7220] ioctl(4, LOOP_CLR_FD) = 0 [pid 7220] close(4) = 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] munmap(0x7fb775000000, 138412032 [pid 7219] <... futex resumed>) = 1 [pid 7220] <... futex resumed>) = 0 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] memfd_create("syzkaller", 0) = 4 [pid 7220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7217] <... munmap resumed>) = 0 [pid 7217] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7217] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7217] ioctl(5, LOOP_CLR_FD) = 0 [pid 7217] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7217] close(5) = 0 [pid 7217] close(4 [pid 7228] <... write resumed>) = 16777216 [pid 7228] munmap(0x7fb775000000, 138412032 [pid 7259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7228] <... munmap resumed>) = 0 [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7228] close(3) = 0 [pid 7228] close(4) = 0 [pid 7228] mkdir("./file0", 0777) = 0 [ 110.113414][ T7228] loop1: detected capacity change from 0 to 32768 [ 110.145813][ T7228] BTRFS: device /dev/loop1 (7:1) using temp-fsid e4e08809-fba6-4508-bbb5-1ca3e3d4f617 [ 110.179458][ T7228] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7228) [pid 7228] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7241] <... write resumed>) = 16777216 [pid 7217] <... close resumed>) = 0 [ 110.237708][ T7228] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 110.271404][ T7228] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 7241] munmap(0x7fb775000000, 138412032 [pid 7220] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7241] <... munmap resumed>) = 0 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7216] <... futex resumed>) = 0 [pid 7217] rename("./file1", "./file0/file0" [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7217] <... rename resumed>) = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 110.311687][ T7228] BTRFS info (device loop1): using free-space-tree [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] <... futex resumed>) = 0 [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... futex resumed>) = 0 [pid 7241] ioctl(4, LOOP_SET_FD, 3 [pid 7216] <... futex resumed>) = 1 [pid 7217] mkdir(".", 0777 [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7217] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7241] <... ioctl resumed>) = 0 [ 110.356061][ T7241] loop0: detected capacity change from 0 to 32768 [ 110.366621][ T7217] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 110.391732][ T7217] BTRFS info (device loop4 state M): setting nodatasum [pid 7241] close(3) = 0 [pid 7241] close(4) = 0 [pid 7241] mkdir("./file0", 0777) = 0 [ 110.401309][ T7217] BTRFS info (device loop4 state M): setting nodatasum [ 110.413006][ T7217] BTRFS info (device loop4 state M): turning off barriers [ 110.420315][ T7217] BTRFS info (device loop4 state M): turning on flush-on-commit [ 110.468060][ T7241] BTRFS: device /dev/loop0 (7:0) using temp-fsid 681b8f3d-c93d-46a7-a159-a998b54918b5 [ 110.499980][ T7241] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7241) [pid 7241] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7259] <... write resumed>) = 16777216 [pid 7228] <... mount resumed>) = 0 [ 110.515217][ T7217] BTRFS info (device loop4 state M): force clearing of disk cache [pid 7228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7228] chdir("./file0" [pid 7259] munmap(0x7fb775000000, 138412032 [pid 7228] <... chdir resumed>) = 0 [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7259] <... munmap resumed>) = 0 [pid 7228] ioctl(4, LOOP_CLR_FD) = 0 [pid 7228] close(4) = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... write resumed>) = 16777216 [pid 7217] <... mount resumed>) = 0 [ 110.542199][ T7217] BTRFS info (device loop4 state M): doing ref verification [ 110.549818][ T7217] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7228] <... futex resumed>) = 1 [pid 7225] <... futex resumed>) = 0 [pid 7220] munmap(0x7fb775000000, 138412032 [pid 7217] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7228] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... munmap resumed>) = 0 [pid 7228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7225] <... futex resumed>) = 0 [pid 7217] <... openat resumed>) = 4 [pid 7228] memfd_create("syzkaller", 0 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] chdir(".") = 0 [pid 7228] <... memfd_create resumed>) = 4 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7259] ioctl(4, LOOP_SET_FD, 3 [pid 7228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7220] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7217] <... futex resumed>) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7228] <... mmap resumed>) = 0x7fb775000000 [pid 7220] <... openat resumed>) = 5 [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] exit_group(0 [pid 7220] ioctl(5, LOOP_SET_FD, 4 [pid 7216] <... exit_group resumed>) = ? [pid 7259] <... ioctl resumed>) = 0 [pid 7220] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7217] <... futex resumed>) = ? [pid 7259] close(3) = 0 [pid 7259] close(4) = 0 [pid 7259] mkdir("./file0", 0777) = 0 [pid 7259] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7217] +++ exited with 0 +++ [pid 7216] +++ exited with 0 +++ [ 110.594377][ T7241] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 110.608377][ T7259] loop2: detected capacity change from 0 to 32768 [ 110.621866][ T7241] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 110.630568][ T7241] BTRFS info (device loop0): using free-space-tree [pid 7220] ioctl(5, LOOP_CLR_FD) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7216, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7220] ioctl(5, LOOP_SET_FD, 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7220] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7220] close(5 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/binderfs", [pid 7220] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7220] close(4 [ 110.642630][ T7259] BTRFS: device /dev/loop2 (7:2) using temp-fsid e1be850d-4d43-457a-b5eb-d23ba8777470 [ 110.672638][ T7259] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7259) [pid 5833] unlink("./14/binderfs") = 0 [ 110.736040][ T7259] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 110.764635][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7228] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7241] <... mount resumed>) = 0 [pid 7241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7241] chdir("./file0") = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7241] ioctl(4, LOOP_CLR_FD) = 0 [pid 7241] close(4) = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7234] <... futex resumed>) = 0 [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7241] memfd_create("syzkaller", 0) = 4 [pid 7241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 110.792338][ T7259] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 110.813951][ T7259] BTRFS info (device loop2): using free-space-tree [pid 7259] <... mount resumed>) = 0 [pid 7259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7259] chdir("./file0") = 0 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7259] ioctl(4, LOOP_CLR_FD) = 0 [pid 7259] close(4) = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7259] memfd_create("syzkaller", 0) = 4 [pid 7259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7220] <... close resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7220] <... futex resumed>) = 0 [pid 7220] rename("./file1", "./file0/file0") = 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] mkdir(".", 0777 [pid 7219] <... futex resumed>) = 0 [pid 7220] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7241] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.202594][ T7220] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 111.241681][ T7220] BTRFS info (device loop3 state M): setting nodatasum [pid 5833] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 7228] <... write resumed>) = 16777216 [pid 5833] rmdir("./14/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 7228] munmap(0x7fb775000000, 138412032) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./14") = 0 [ 111.282127][ T7220] BTRFS info (device loop3 state M): setting nodatasum [ 111.289170][ T7220] BTRFS info (device loop3 state M): turning off barriers [ 111.321738][ T7220] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] mkdir("./15", 0777 [pid 7228] <... openat resumed>) = 5 [pid 5833] <... mkdir resumed>) = 0 [pid 7228] ioctl(5, LOOP_SET_FD, 4 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 7228] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7228] ioctl(5, LOOP_CLR_FD) = 0 [pid 5833] close(3 [pid 7259] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7310 attached [pid 7228] ioctl(5, LOOP_SET_FD, 4 [pid 7310] set_robust_list(0x55558bffa6a0, 24 [pid 7228] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7310 [pid 7310] <... set_robust_list resumed>) = 0 [pid 7310] chdir("./15") = 0 [pid 7310] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7228] close(5 [pid 7310] <... prctl resumed>) = 0 [pid 7228] <... close resumed>) = 0 [pid 7310] setpgid(0, 0) = 0 [pid 7310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7310] write(3, "1000", 4) = 4 [pid 7310] close(3) = 0 [pid 7310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7310] write(1, "executing program\n", 18) = 18 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7310] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7311 attached => {parent_tid=[7311]}, 88) = 7311 [pid 7310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7311] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7220] <... mount resumed>) = 0 executing program [pid 7311] rt_sigprocmask(SIG_SETMASK, [], [pid 7220] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] <... openat resumed>) = 4 [pid 7311] memfd_create("syzkaller", 0 [pid 7228] close(4 [pid 7220] chdir("." [pid 7311] <... memfd_create resumed>) = 3 [pid 7220] <... chdir resumed>) = 0 [pid 7311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] <... mmap resumed>) = 0x7fb775000000 [pid 7220] <... futex resumed>) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] exit_group(0) = ? [pid 7220] <... futex resumed>) = ? [pid 7220] +++ exited with 0 +++ [pid 7219] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7219, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=56 /* 0.56 s */} --- [ 111.351602][ T7220] BTRFS info (device loop3 state M): force clearing of disk cache [ 111.372971][ T7220] BTRFS info (device loop3 state M): doing ref verification [ 111.380313][ T7220] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./14/binderfs") = 0 [ 111.452422][ T5832] BTRFS info (device loop3): last unmount of filesystem 7e2cf363-8ac5-4ad9-ab9a-6f001313ab15 [pid 5832] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7241] <... write resumed>) = 16777216 [pid 7241] munmap(0x7fb775000000, 138412032) = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7241] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7241] ioctl(5, LOOP_CLR_FD) = 0 [pid 7241] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7241] close(5 [pid 7228] <... close resumed>) = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7241] <... close resumed>) = 0 [pid 7225] <... futex resumed>) = 0 [pid 7241] close(4 [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] rename("./file1", "./file0/file0") = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7225] <... futex resumed>) = 0 [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7228] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7228] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./14/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./14") = 0 [pid 5832] mkdir("./15", 0777) = 0 [ 111.784568][ T7228] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7313 ./strace-static-x86_64: Process 7313 attached [pid 7313] set_robust_list(0x55558bffa6a0, 24 [pid 7259] <... write resumed>) = 16777216 [pid 7313] <... set_robust_list resumed>) = 0 [pid 7313] chdir("./15") = 0 [pid 7259] munmap(0x7fb775000000, 138412032 [pid 7313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7313] setpgid(0, 0) = 0 [pid 7313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 111.847118][ T7228] BTRFS info (device loop1 state M): setting nodatasum [ 111.868059][ T7228] BTRFS info (device loop1 state M): setting nodatasum [pid 7313] write(3, "1000", 4) = 4 [pid 7313] close(3) = 0 [pid 7313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7259] <... munmap resumed>) = 0 [pid 7313] write(1, "executing program\n", 18executing program ) = 18 [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7259] ioctl(5, LOOP_SET_FD, 4 [pid 7313] <... futex resumed>) = 0 [pid 7259] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7313] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7259] ioctl(5, LOOP_CLR_FD [pid 7313] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7259] <... ioctl resumed>) = 0 [pid 7313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7313] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7259] ioctl(5, LOOP_SET_FD, 4 [pid 7313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7259] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7259] close(5) = 0 ./strace-static-x86_64: Process 7315 attached [pid 7259] close(4 [pid 7315] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7313] <... clone3 resumed> => {parent_tid=[7315]}, 88) = 7315 [pid 7315] <... rseq resumed>) = 0 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], [pid 7315] set_robust_list(0x7fb77d6019a0, 24) = 0 [ 111.917850][ T7228] BTRFS info (device loop1 state M): turning off barriers [ 111.947224][ T7228] BTRFS info (device loop1 state M): turning on flush-on-commit [pid 7315] rt_sigprocmask(SIG_SETMASK, [], [pid 7313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7241] <... close resumed>) = 0 [pid 7315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7313] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7315] memfd_create("syzkaller", 0 [pid 7313] <... futex resumed>) = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7241] <... futex resumed>) = 1 [pid 7234] <... futex resumed>) = 0 [pid 7315] <... memfd_create resumed>) = 3 [pid 7241] rename("./file1", "./file0/file0" [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] <... mmap resumed>) = 0x7fb775000000 [ 111.992381][ T7228] BTRFS info (device loop1 state M): force clearing of disk cache [ 112.001126][ T7228] BTRFS info (device loop1 state M): doing ref verification [pid 7228] <... mount resumed>) = 0 [pid 7241] <... rename resumed>) = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7228] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7241] <... futex resumed>) = 0 [pid 7234] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7241] mkdir(".", 0777 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7228] <... openat resumed>) = 4 [pid 7241] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7228] chdir(".") = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7228] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... futex resumed>) = 0 [pid 7225] exit_group(0) = ? [pid 7228] <... futex resumed>) = ? [pid 7228] +++ exited with 0 +++ [pid 7225] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7225, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=58 /* 0.58 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 7241] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./14/binderfs") = 0 [ 112.033394][ T7228] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7259] <... close resumed>) = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 112.112158][ T5830] BTRFS info (device loop1): last unmount of filesystem e4e08809-fba6-4508-bbb5-1ca3e3d4f617 [ 112.132045][ T7241] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 112.155227][ T7241] BTRFS info (device loop0 state M): setting nodatasum [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7259] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7259] rename("./file1", "./file0/file0") = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] <... futex resumed>) = 0 [pid 7256] <... futex resumed>) = 1 [pid 7259] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7259] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 112.188486][ T7241] BTRFS info (device loop0 state M): setting nodatasum [ 112.221585][ T7241] BTRFS info (device loop0 state M): turning off barriers [ 112.229405][ T7241] BTRFS info (device loop0 state M): turning on flush-on-commit [ 112.262071][ T7241] BTRFS info (device loop0 state M): force clearing of disk cache [ 112.271268][ T7241] BTRFS info (device loop0 state M): doing ref verification [ 112.298724][ T7259] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] <... write resumed>) = 16777216 [pid 7311] munmap(0x7fb775000000, 138412032 [pid 7315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7241] <... mount resumed>) = 0 [ 112.302347][ T7241] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7241] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7311] <... munmap resumed>) = 0 [pid 7241] <... openat resumed>) = 4 [pid 7241] chdir(".") = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7241] <... futex resumed>) = 1 [pid 7311] <... openat resumed>) = 4 [pid 7241] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7234] <... futex resumed>) = 0 [pid 7311] ioctl(4, LOOP_SET_FD, 3 [pid 7234] exit_group(0) = ? [pid 7241] <... futex resumed>) = ? [pid 7241] +++ exited with 0 +++ [pid 7234] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7234, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=72 /* 0.72 s */} --- [pid 7311] <... ioctl resumed>) = 0 [pid 5829] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7311] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 112.352351][ T7259] BTRFS info (device loop2 state M): setting nodatasum [ 112.359262][ T7259] BTRFS info (device loop2 state M): setting nodatasum [ 112.376287][ T7311] loop4: detected capacity change from 0 to 32768 [pid 7311] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7311] close(4 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 7311] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 7311] mkdir("./file0", 0777 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7311] <... mkdir resumed>) = 0 [pid 7311] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5829] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 112.406327][ T7259] BTRFS info (device loop2 state M): turning off barriers [ 112.431634][ T7259] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 5829] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./14/binderfs") = 0 [ 112.451842][ T7311] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7311) [ 112.472896][ T7259] BTRFS info (device loop2 state M): force clearing of disk cache [ 112.492067][ T5829] BTRFS info (device loop0): last unmount of filesystem 681b8f3d-c93d-46a7-a159-a998b54918b5 [ 112.497974][ T7259] BTRFS info (device loop2 state M): doing ref verification [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7259] <... mount resumed>) = 0 [pid 7259] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7259] chdir(".") = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] exit_group(0 [pid 7259] <... futex resumed>) = ? [pid 7256] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./14/file0", [pid 7259] +++ exited with 0 +++ [pid 7256] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7256, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=63 /* 0.63 s */} --- [pid 5831] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 112.521289][ T7259] BTRFS info (device loop2 state M): max_inline set to 26856 [ 112.541789][ T7311] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 112.554450][ T7311] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 112.563688][ T7311] BTRFS info (device loop4): using free-space-tree [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./15/binderfs" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./14/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./14") = 0 [pid 5830] mkdir("./15", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7331 attached [pid 7331] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7331 [pid 7331] chdir("./15") = 0 [pid 7331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7331] setpgid(0, 0) = 0 [pid 7331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7331] write(3, "1000", 4) = 4 [pid 7331] close(3) = 0 [pid 7331] symlink("/dev/binderfs", "./binderfs") = 0 [ 112.612671][ T5831] BTRFS info (device loop2): last unmount of filesystem e1be850d-4d43-457a-b5eb-d23ba8777470 executing program [pid 7331] write(1, "executing program\n", 18 [pid 7315] <... write resumed>) = 16777216 [pid 7315] munmap(0x7fb775000000, 138412032 [pid 7331] <... write resumed>) = 18 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7331] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7331] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7332 attached => {parent_tid=[7332]}, 88) = 7332 [pid 7331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7332] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] <... rseq resumed>) = 0 [pid 7331] <... futex resumed>) = 0 [pid 7332] set_robust_list(0x7fb77d6019a0, 24 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7315] <... munmap resumed>) = 0 [pid 7332] <... set_robust_list resumed>) = 0 [pid 7332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7332] memfd_create("syzkaller", 0) = 3 [pid 7332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7315] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7315] close(3) = 0 [pid 7315] close(4) = 0 [pid 7315] mkdir("./file0", 0777 [pid 7311] <... mount resumed>) = 0 [pid 7311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7311] chdir("./file0") = 0 [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7311] ioctl(4, LOOP_CLR_FD) = 0 [ 112.704822][ T7315] loop3: detected capacity change from 0 to 32768 [pid 7311] close(4 [pid 7315] <... mkdir resumed>) = 0 [pid 7311] <... close resumed>) = 0 [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7315] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7311] memfd_create("syzkaller", 0) = 4 [pid 7311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 112.782570][ T7315] BTRFS: device /dev/loop3 (7:3) using temp-fsid ae6ff08d-8ee1-4208-a081-0b40c2378a0c [ 112.818323][ T7315] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7315) [ 112.868737][ T7315] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 112.890079][ T7315] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 112.927271][ T7315] BTRFS info (device loop3): using free-space-tree [pid 7332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7311] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./14/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./14") = 0 [pid 5829] mkdir("./15", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7349 attached [pid 7349] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7349 [pid 7349] <... set_robust_list resumed>) = 0 [pid 7349] chdir("./15") = 0 [pid 7349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... umount2 resumed>) = 0 [pid 7349] <... prctl resumed>) = 0 [pid 7349] setpgid(0, 0) = 0 [pid 7349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7349] write(3, "1000", 4) = 4 [pid 7349] close(3) = 0 [pid 7349] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7349] <... symlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 7349] write(1, "executing program\n", 18 [pid 5831] newfstatat(AT_FDCWD, "./15/file0", [pid 7349] <... write resumed>) = 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7349] <... futex resumed>) = 0 [pid 7349] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7349] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5831] getdents64(4, ./strace-static-x86_64: Process 7352 attached 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7349] <... clone3 resumed> => {parent_tid=[7352]}, 88) = 7352 [pid 7349] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] getdents64(4, [pid 7349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7352] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7349] <... futex resumed>) = 0 [pid 7352] <... rseq resumed>) = 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] close(4 [pid 7352] set_robust_list(0x7fb77d6019a0, 24 [pid 5831] <... close resumed>) = 0 [pid 7352] <... set_robust_list resumed>) = 0 [pid 5831] rmdir("./15/file0" [pid 7352] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... rmdir resumed>) = 0 [pid 7352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] getdents64(3, [pid 7352] memfd_create("syzkaller", 0 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7352] <... memfd_create resumed>) = 3 [pid 7352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] close(3 [pid 7352] <... mmap resumed>) = 0x7fb775000000 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./15") = 0 [pid 5831] mkdir("./16", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 7315] <... mount resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5831] close(3 [pid 7315] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 7315] chdir("./file0" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7353 attached [pid 7315] <... chdir resumed>) = 0 [pid 7353] set_robust_list(0x55558bffa6a0, 24 [pid 7315] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7353 [pid 7353] <... set_robust_list resumed>) = 0 [pid 7353] chdir("./16") = 0 [pid 7353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7353] setpgid(0, 0 [pid 7315] <... openat resumed>) = 4 [pid 7315] ioctl(4, LOOP_CLR_FD) = 0 [pid 7353] <... setpgid resumed>) = 0 [pid 7315] close(4) = 0 [pid 7315] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7315] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7353] write(3, "1000", 4 [pid 7313] <... futex resumed>) = 0 [pid 7353] <... write resumed>) = 4 [pid 7353] close(3) = 0 [pid 7353] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7353] write(1, "executing program\n", 18 [pid 7313] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] <... write resumed>) = 18 [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] <... futex resumed>) = 0 [pid 7313] <... futex resumed>) = 1 [pid 7353] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7353] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7315] memfd_create("syzkaller", 0 [pid 7353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7315] <... memfd_create resumed>) = 4 [pid 7353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7353] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7315] <... mmap resumed>) = 0x7fb775000000 [pid 7353] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7355 attached => {parent_tid=[7355]}, 88) = 7355 [pid 7355] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7353] rt_sigprocmask(SIG_SETMASK, [], [pid 7355] <... rseq resumed>) = 0 [pid 7353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7355] set_robust_list(0x7fb77d6019a0, 24 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] <... set_robust_list resumed>) = 0 [pid 7353] <... futex resumed>) = 0 [pid 7355] rt_sigprocmask(SIG_SETMASK, [], [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7355] memfd_create("syzkaller", 0) = 3 [pid 7355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7332] <... write resumed>) = 16777216 [pid 7332] munmap(0x7fb775000000, 138412032 [pid 7352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7332] <... munmap resumed>) = 0 [pid 7332] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7332] close(3) = 0 [pid 7332] close(4) = 0 [pid 7332] mkdir("./file0", 0777) = 0 [pid 7332] mount("/dev/loop1", "./file0", "btrfs", 0, "" [ 113.514086][ T7332] loop1: detected capacity change from 0 to 32768 [ 113.535350][ T7332] BTRFS: device /dev/loop1 (7:1) using temp-fsid 1c28e17f-5c6c-499a-8466-2b6bc80da0e6 [pid 7315] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7311] <... write resumed>) = 16777216 [pid 7311] munmap(0x7fb775000000, 138412032) = 0 [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7311] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7311] ioctl(5, LOOP_CLR_FD) = 0 [pid 7311] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7311] close(5 [pid 7355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7311] <... close resumed>) = 0 [ 113.568061][ T7332] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7332) [ 113.637907][ T7332] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 113.683948][ T7332] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 113.713516][ T7332] BTRFS info (device loop1): using free-space-tree [pid 7311] close(4) = 0 [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7311] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] <... futex resumed>) = 0 [pid 7310] <... futex resumed>) = 1 [pid 7311] rename("./file1", "./file0/file0" [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7311] <... rename resumed>) = 0 [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7311] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7352] <... write resumed>) = 16777216 [pid 7352] munmap(0x7fb775000000, 138412032) = 0 [pid 7332] <... mount resumed>) = 0 [pid 7332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7352] ioctl(4, LOOP_SET_FD, 3 [pid 7332] chdir("./file0") = 0 [pid 7352] <... ioctl resumed>) = 0 [pid 7332] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7352] close(3 [pid 7332] <... openat resumed>) = 4 [pid 7332] ioctl(4, LOOP_CLR_FD) = 0 [pid 7352] <... close resumed>) = 0 [pid 7332] close(4 [pid 7352] close(4) = 0 [pid 7332] <... close resumed>) = 0 [pid 7352] mkdir("./file0", 0777) = 0 [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7332] <... futex resumed>) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7332] memfd_create("syzkaller", 0 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7332] <... memfd_create resumed>) = 4 [ 113.957975][ T7311] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 113.976266][ T7352] loop0: detected capacity change from 0 to 32768 [ 113.997148][ T7352] BTRFS: device /dev/loop0 (7:0) using temp-fsid 1d1694e7-30d8-45af-80cb-e5f0815d0579 [pid 7332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 114.016436][ T7311] BTRFS info (device loop4 state M): setting nodatasum [ 114.045601][ T7311] BTRFS info (device loop4 state M): setting nodatasum [ 114.051781][ T7352] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7352) [pid 7355] <... write resumed>) = 16777216 [pid 7315] <... write resumed>) = 16777216 [ 114.068784][ T7311] BTRFS info (device loop4 state M): turning off barriers [ 114.090340][ T7311] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 7355] munmap(0x7fb775000000, 138412032 [pid 7315] munmap(0x7fb775000000, 138412032 [pid 7355] <... munmap resumed>) = 0 [pid 7315] <... munmap resumed>) = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 114.111641][ T7311] BTRFS info (device loop4 state M): force clearing of disk cache [ 114.120893][ T7352] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 114.130485][ T7311] BTRFS info (device loop4 state M): doing ref verification [ 114.142432][ T7352] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 114.161652][ T7311] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7315] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7355] <... openat resumed>) = 4 [pid 7315] <... openat resumed>) = 5 [pid 7355] ioctl(4, LOOP_SET_FD, 3 [pid 7315] ioctl(5, LOOP_SET_FD, 4 [pid 7311] <... mount resumed>) = 0 [pid 7315] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7315] ioctl(5, LOOP_CLR_FD [pid 7311] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7315] <... ioctl resumed>) = 0 [pid 7311] <... openat resumed>) = 4 [pid 7311] chdir("." [pid 7315] ioctl(5, LOOP_SET_FD, 4 [pid 7311] <... chdir resumed>) = 0 [pid 7315] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7315] close(5 [pid 7311] <... futex resumed>) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7315] <... close resumed>) = 0 [pid 7311] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7310] exit_group(0 [pid 7315] close(4 [pid 7311] <... futex resumed>) = ? [pid 7310] <... exit_group resumed>) = ? [pid 7311] +++ exited with 0 +++ [pid 7310] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7310, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=64 /* 0.64 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7355] <... ioctl resumed>) = 0 [pid 7355] close(3) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 7355] close(4 [ 114.162477][ T7355] loop2: detected capacity change from 0 to 32768 [ 114.177807][ T7352] BTRFS info (device loop0): using free-space-tree [pid 5833] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7355] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7355] mkdir("./file0", 0777 [pid 5833] <... openat resumed>) = 3 [pid 7355] <... mkdir resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 7355] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7332] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./15/binderfs") = 0 [ 114.236092][ T7355] BTRFS: device /dev/loop2 (7:2) using temp-fsid cb016b5e-0144-4aa1-bcce-1c6f10dcec63 [ 114.259249][ T7355] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7355) [ 114.305832][ T7355] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7352] <... mount resumed>) = 0 [pid 7352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7352] chdir("./file0") = 0 [pid 7352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 114.349259][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 114.381663][ T7355] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 114.390361][ T7355] BTRFS info (device loop2): using free-space-tree [pid 7352] ioctl(4, LOOP_CLR_FD) = 0 [pid 7352] close(4) = 0 [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] memfd_create("syzkaller", 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7352] <... memfd_create resumed>) = 4 [pid 7352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7315] <... close resumed>) = 0 [pid 7315] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7313] <... futex resumed>) = 0 [pid 7315] rename("./file1", "./file0/file0" [pid 7313] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7313] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 7313] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 7405 attached => {parent_tid=[7405]}, 88) = 7405 [pid 7405] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], [pid 7405] <... rseq resumed>) = 0 [pid 7313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7405] set_robust_list(0x7fb77d5e09a0, 24 [pid 7313] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... set_robust_list resumed>) = 0 [pid 7313] <... futex resumed>) = 0 [pid 7405] rt_sigprocmask(SIG_SETMASK, [], [pid 7313] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7405] mkdir(".", 0777 [pid 7315] <... rename resumed>) = 0 [pid 7405] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7405] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7315] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7355] <... mount resumed>) = 0 [pid 7355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7355] chdir("./file0") = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7355] ioctl(4, LOOP_CLR_FD) = 0 [pid 7355] close(4) = 0 [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7355] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] <... futex resumed>) = 0 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7355] <... futex resumed>) = 0 [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 114.598022][ T7405] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 7355] memfd_create("syzkaller", 0) = 4 [pid 7355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 114.641629][ T7405] BTRFS info (device loop3 state M): setting nodatasum [ 114.671600][ T7405] BTRFS info (device loop3 state M): setting nodatasum [ 114.681861][ T7405] BTRFS info (device loop3 state M): turning off barriers [ 114.689027][ T7405] BTRFS info (device loop3 state M): turning on flush-on-commit [ 114.738871][ T7405] BTRFS info (device loop3 state M): force clearing of disk cache [ 114.771777][ T7405] BTRFS info (device loop3 state M): doing ref verification [pid 7352] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7405] <... mount resumed>) = 0 [pid 7405] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7405] chdir(".") = 0 [pid 7405] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7313] <... futex resumed>) = 0 [pid 7313] exit_group(0 [pid 7405] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 7313] <... exit_group resumed>) = ? [pid 7405] +++ exited with 0 +++ [pid 7315] <... futex resumed>) = ? [pid 7315] +++ exited with 0 +++ [pid 7313] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7313, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=64 /* 0.64 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./15/binderfs") = 0 [pid 5832] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7332] <... write resumed>) = 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 7332] munmap(0x7fb775000000, 138412032 [pid 5833] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [ 114.811662][ T7405] BTRFS info (device loop3 state M): max_inline set to 26856 [ 114.840306][ T5832] BTRFS info (device loop3): last unmount of filesystem ae6ff08d-8ee1-4208-a081-0b40c2378a0c [pid 5833] rmdir("./15/file0") = 0 [pid 7332] <... munmap resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./15") = 0 [pid 5833] mkdir("./16", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7407 attached [pid 7407] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7407] chdir("./16") = 0 [pid 7407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7407] setpgid(0, 0) = 0 [pid 7407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7407 [pid 7407] <... openat resumed>) = 3 [pid 7332] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7407] write(3, "1000", 4 [pid 7332] <... openat resumed>) = 5 [pid 7407] <... write resumed>) = 4 [pid 7407] close(3) = 0 [pid 7407] symlink("/dev/binderfs", "./binderfs" [pid 7332] ioctl(5, LOOP_SET_FD, 4 [pid 7407] <... symlink resumed>) = 0 [pid 7332] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7407] write(1, "executing program\n", 18 [pid 7332] ioctl(5, LOOP_CLR_FDexecuting program [pid 7407] <... write resumed>) = 18 [pid 7332] <... ioctl resumed>) = 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7332] ioctl(5, LOOP_SET_FD, 4 [pid 7407] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7332] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7332] close(5 [pid 7407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7407] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7332] <... close resumed>) = 0 [pid 7332] close(4./strace-static-x86_64: Process 7408 attached [pid 7407] <... clone3 resumed> => {parent_tid=[7408]}, 88) = 7408 [pid 7407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7408] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] <... rseq resumed>) = 0 [pid 7407] <... futex resumed>) = 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7408] set_robust_list(0x7fb77d6019a0, 24 [pid 7355] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7408] <... set_robust_list resumed>) = 0 [pid 7408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7408] memfd_create("syzkaller", 0) = 3 [pid 7408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] <... umount2 resumed>) = 0 [pid 7352] <... write resumed>) = 16777216 [pid 5832] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7352] munmap(0x7fb775000000, 138412032 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7352] <... munmap resumed>) = 0 [pid 7332] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7331] <... futex resumed>) = 0 [pid 7352] <... openat resumed>) = 5 [pid 7332] <... futex resumed>) = 1 [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 7331] <... futex resumed>) = 0 [pid 7352] ioctl(5, LOOP_SET_FD, 4 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7332] rename("./file1", "./file0/file0" [pid 7352] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] getdents64(4, [pid 7352] ioctl(5, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./15/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 7352] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./15") = 0 [pid 7352] ioctl(5, LOOP_SET_FD, 4 [pid 5832] mkdir("./16", 0777 [pid 7352] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... mkdir resumed>) = 0 [pid 7352] close(5 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7352] <... close resumed>) = 0 [pid 7352] close(4 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7332] <... rename resumed>) = 0 [pid 5832] close(3) = 0 [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7332] <... futex resumed>) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7332] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7410 [pid 7332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7331] <... futex resumed>) = 0 [pid 7332] mkdir(".", 0777 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7410 attached [pid 7332] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7410] set_robust_list(0x55558bffa6a0, 24 [pid 7332] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7410] <... set_robust_list resumed>) = 0 [pid 7410] chdir("./16") = 0 [pid 7410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7410] setpgid(0, 0) = 0 [pid 7410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7410] write(3, "1000", 4) = 4 [pid 7410] close(3) = 0 [pid 7410] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7410] write(1, "executing program\n", 18) = 18 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7410] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7410] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7411 attached [pid 7411] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7410] <... clone3 resumed> => {parent_tid=[7411]}, 88) = 7411 [pid 7411] <... rseq resumed>) = 0 [pid 7410] rt_sigprocmask(SIG_SETMASK, [], [pid 7411] set_robust_list(0x7fb77d6019a0, 24 [pid 7410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7411] <... set_robust_list resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7411] rt_sigprocmask(SIG_SETMASK, [], [pid 7410] <... futex resumed>) = 0 [pid 7411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7411] memfd_create("syzkaller", 0) = 3 [pid 7411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 115.296083][ T7332] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 115.335414][ T7332] BTRFS info (device loop1 state M): setting nodatasum [ 115.368009][ T7332] BTRFS info (device loop1 state M): setting nodatasum [ 115.398785][ T7332] BTRFS info (device loop1 state M): turning off barriers [ 115.431613][ T7332] BTRFS info (device loop1 state M): turning on flush-on-commit [ 115.439310][ T7332] BTRFS info (device loop1 state M): force clearing of disk cache [pid 7408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7355] <... write resumed>) = 16777216 [pid 7352] <... close resumed>) = 0 [pid 7355] munmap(0x7fb775000000, 138412032 [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7352] rename("./file1", "./file0/file0" [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7352] <... rename resumed>) = 0 [pid 7332] <... mount resumed>) = 0 [pid 7355] <... munmap resumed>) = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] <... openat resumed>) = 5 [pid 7352] <... futex resumed>) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7355] ioctl(5, LOOP_SET_FD, 4 [pid 7352] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7349] <... futex resumed>) = 0 [pid 7355] ioctl(5, LOOP_CLR_FD [pid 7352] mkdir(".", 0777 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7355] <... ioctl resumed>) = 0 [pid 7352] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7352] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7332] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7332] chdir(".") = 0 [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7332] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7331] exit_group(0 [pid 7355] ioctl(5, LOOP_SET_FD, 4 [pid 7332] <... futex resumed>) = ? [pid 7331] <... exit_group resumed>) = ? [pid 7355] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7332] +++ exited with 0 +++ [pid 7331] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7331, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=59 /* 0.59 s */} --- [pid 7355] close(5) = 0 [ 115.481709][ T7332] BTRFS info (device loop1 state M): doing ref verification [ 115.507693][ T7332] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7355] close(4 [pid 5830] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./15/binderfs") = 0 [pid 5830] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 115.592183][ T5830] BTRFS info (device loop1): last unmount of filesystem 1c28e17f-5c6c-499a-8466-2b6bc80da0e6 [ 115.613068][ T7352] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 115.656669][ T7352] BTRFS info (device loop0 state M): setting nodatasum [ 115.691035][ T7352] BTRFS info (device loop0 state M): setting nodatasum [ 115.720203][ T7352] BTRFS info (device loop0 state M): turning off barriers [ 115.747612][ T7352] BTRFS info (device loop0 state M): turning on flush-on-commit [ 115.781612][ T7352] BTRFS info (device loop0 state M): force clearing of disk cache [ 115.789481][ T7352] BTRFS info (device loop0 state M): doing ref verification [pid 7411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7355] <... close resumed>) = 0 [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7353] <... futex resumed>) = 0 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7355] rename("./file1", "./file0/file0" [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7352] <... mount resumed>) = 0 [pid 7352] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7355] <... rename resumed>) = 0 [pid 7352] chdir(".") = 0 [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] <... futex resumed>) = 0 [pid 7352] <... futex resumed>) = 1 [pid 7355] <... futex resumed>) = 1 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] <... futex resumed>) = 0 [pid 7353] <... futex resumed>) = 0 [pid 7349] exit_group(0 [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7352] <... futex resumed>) = ? [pid 7349] <... exit_group resumed>) = ? [pid 7352] +++ exited with 0 +++ [pid 7349] +++ exited with 0 +++ [ 115.827379][ T7352] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7355] mkdir(".", 0777 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7349, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=71 /* 0.71 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7355] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7355] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5829] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7408] <... write resumed>) = 16777216 [pid 5829] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7408] munmap(0x7fb775000000, 138412032 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 7408] <... munmap resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./15/binderfs", [pid 7408] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7408] <... openat resumed>) = 4 [pid 5829] unlink("./15/binderfs" [pid 7408] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... unlink resumed>) = 0 [pid 5829] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7408] <... ioctl resumed>) = 0 [pid 7408] close(3) = 0 [pid 7408] close(4) = 0 [pid 7408] mkdir("./file0", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 7408] <... mkdir resumed>) = 0 [pid 5830] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7408] mount("/dev/loop4", "./file0", "btrfs", 0, "" [ 115.923521][ T7408] loop4: detected capacity change from 0 to 32768 [ 115.925353][ T7355] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 115.947839][ T5829] BTRFS info (device loop0): last unmount of filesystem 1d1694e7-30d8-45af-80cb-e5f0815d0579 [pid 5830] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./15/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [ 115.987549][ T7408] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7408) [ 115.987811][ T7355] BTRFS info (device loop2 state M): setting nodatasum [pid 5830] rmdir("./15" [pid 7411] <... write resumed>) = 16777216 [pid 5830] <... rmdir resumed>) = 0 [pid 7411] munmap(0x7fb775000000, 138412032 [pid 5830] mkdir("./16", 0777 [pid 7411] <... munmap resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 7411] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 116.048606][ T7355] BTRFS info (device loop2 state M): setting nodatasum [ 116.057360][ T7355] BTRFS info (device loop2 state M): turning off barriers [ 116.063940][ T7408] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 116.067058][ T7355] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 7411] ioctl(4, LOOP_SET_FD, 3 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 7411] <... ioctl resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7411] close(3./strace-static-x86_64: Process 7414 attached ) = 0 [pid 7414] set_robust_list(0x55558bffa6a0, 24 [pid 7411] close(4 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7414 [pid 7414] <... set_robust_list resumed>) = 0 [pid 7411] <... close resumed>) = 0 [pid 7414] chdir("./16" [pid 7411] mkdir("./file0", 0777 [pid 7414] <... chdir resumed>) = 0 [pid 7411] <... mkdir resumed>) = 0 [ 116.095874][ T7411] loop3: detected capacity change from 0 to 32768 [ 116.107511][ T7355] BTRFS info (device loop2 state M): force clearing of disk cache [ 116.136961][ T7408] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 7414] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7411] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7414] <... prctl resumed>) = 0 [pid 7414] setpgid(0, 0) = 0 [ 116.146892][ T7411] BTRFS: device /dev/loop3 (7:3) using temp-fsid 55d6e47c-0265-42f4-afa9-6c9b49fa9c5e [ 116.163076][ T7355] BTRFS info (device loop2 state M): doing ref verification [ 116.185169][ T7355] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 7414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7414] write(3, "1000", 4) = 4 [pid 7414] close(3) = 0 [pid 7355] <... mount resumed>) = 0 [pid 7355] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7355] chdir(".") = 0 executing program [pid 7414] symlink("/dev/binderfs", "./binderfs" [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7353] <... futex resumed>) = 0 [pid 7414] <... symlink resumed>) = 0 [pid 7355] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] exit_group(0 [pid 7414] write(1, "executing program\n", 18 [pid 7355] <... futex resumed>) = ? [pid 7353] <... exit_group resumed>) = ? [pid 7414] <... write resumed>) = 18 [pid 7355] +++ exited with 0 +++ [pid 7353] +++ exited with 0 +++ [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7414] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7418 attached [ 116.195114][ T7408] BTRFS info (device loop4): using free-space-tree [ 116.201830][ T7411] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7411) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7353, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=71 /* 0.71 s */} --- [pid 7414] <... clone3 resumed> => {parent_tid=[7418]}, 88) = 7418 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 7418] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... restart_syscall resumed>) = 0 [pid 7418] <... rseq resumed>) = 0 [pid 7418] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 5831] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7418] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7418] <... memfd_create resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 7418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 116.240615][ T7411] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./16/binderfs") = 0 [ 116.288535][ T7411] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 116.312185][ T5831] BTRFS info (device loop2): last unmount of filesystem cb016b5e-0144-4aa1-bcce-1c6f10dcec63 [pid 5831] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7408] <... mount resumed>) = 0 [pid 7408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7408] chdir("./file0") = 0 [pid 7408] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7408] ioctl(4, LOOP_CLR_FD) = 0 [pid 7408] close(4) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] memfd_create("syzkaller", 0 [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] <... memfd_create resumed>) = 4 [pid 7407] <... futex resumed>) = 0 [pid 7408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7408] <... mmap resumed>) = 0x7fb775000000 [ 116.342188][ T7411] BTRFS info (device loop3): using free-space-tree [pid 5829] <... umount2 resumed>) = 0 [pid 7418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./15/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./15") = 0 [pid 5829] mkdir("./16", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7446 ./strace-static-x86_64: Process 7446 attached [pid 7446] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7446] chdir("./16") = 0 [pid 7446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7446] setpgid(0, 0) = 0 [pid 7446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7446] write(3, "1000", 4) = 4 [pid 7446] close(3) = 0 [pid 7446] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7446] write(1, "executing program\n", 18) = 18 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7446] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7446] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7449]}, 88) = 7449 [pid 7446] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7449 attached [pid 7449] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7449] <... rseq resumed>) = 0 [pid 7449] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7449] memfd_create("syzkaller", 0) = 3 [pid 7449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7411] <... mount resumed>) = 0 [pid 7411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7449] <... mmap resumed>) = 0x7fb775000000 [pid 7411] <... openat resumed>) = 3 [pid 7411] chdir("./file0") = 0 [pid 7408] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7411] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7411] ioctl(4, LOOP_CLR_FD) = 0 [pid 7411] close(4) = 0 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7411] <... futex resumed>) = 1 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7411] memfd_create("syzkaller", 0) = 4 [pid 7411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./16/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./16") = 0 [pid 5831] mkdir("./17", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7450 attached [pid 7450] set_robust_list(0x55558bffa6a0, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7450 [pid 7450] <... set_robust_list resumed>) = 0 [pid 7450] chdir("./17") = 0 [pid 7450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7450] setpgid(0, 0) = 0 [pid 7450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7450] write(3, "1000", 4) = 4 [pid 7450] close(3) = 0 [pid 7450] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7450] write(1, "executing program\n", 18) = 18 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7450] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7418] <... write resumed>) = 16777216 [pid 7450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7411] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7408] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 7451 attached [pid 7408] munmap(0x7fb775000000, 138412032 [pid 7451] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7450] <... clone3 resumed> => {parent_tid=[7451]}, 88) = 7451 [pid 7418] munmap(0x7fb775000000, 138412032 [pid 7408] <... munmap resumed>) = 0 [pid 7451] <... rseq resumed>) = 0 [pid 7450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7451] memfd_create("syzkaller", 0) = 3 [pid 7451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7408] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7408] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7408] ioctl(5, LOOP_CLR_FD) = 0 [pid 7408] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7408] close(5) = 0 [pid 7408] close(4 [pid 7418] <... munmap resumed>) = 0 [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7418] close(3) = 0 [pid 7418] close(4) = 0 [pid 7418] mkdir("./file0", 0777) = 0 [ 117.015343][ T7418] loop1: detected capacity change from 0 to 32768 [ 117.064803][ T7418] BTRFS: device /dev/loop1 (7:1) using temp-fsid e8830850-d67a-4307-b1dd-4341c754b76e [ 117.096892][ T7418] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7418) [pid 7418] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7408] <... close resumed>) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] rename("./file1", "./file0/file0" [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.171712][ T7418] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 117.201325][ T7418] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7408] <... rename resumed>) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] mkdir(".", 0777 [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7408] <... mkdir resumed>) = -1 EEXIST (File exists) [ 117.226207][ T7418] BTRFS info (device loop1): using free-space-tree [ 117.284616][ T7408] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 117.301590][ T7408] BTRFS info (device loop4 state M): setting nodatasum [ 117.312496][ T7408] BTRFS info (device loop4 state M): setting nodatasum [pid 7408] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7449] <... write resumed>) = 16777216 [pid 7449] munmap(0x7fb775000000, 138412032 [pid 7411] <... write resumed>) = 16777216 [pid 7411] munmap(0x7fb775000000, 138412032 [pid 7408] <... mount resumed>) = 0 [pid 7408] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7408] chdir(".") = 0 [pid 7449] <... munmap resumed>) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7407] exit_group(0 [pid 7449] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7407] <... exit_group resumed>) = ? [pid 7449] <... openat resumed>) = 4 [ 117.329435][ T7408] BTRFS info (device loop4 state M): turning off barriers [ 117.339633][ T7408] BTRFS info (device loop4 state M): turning on flush-on-commit [ 117.359934][ T7408] BTRFS info (device loop4 state M): force clearing of disk cache [ 117.369231][ T7408] BTRFS info (device loop4 state M): doing ref verification [ 117.376703][ T7408] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7411] <... munmap resumed>) = 0 [pid 7408] +++ exited with 0 +++ [pid 7407] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7407, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=62 /* 0.62 s */} --- [pid 5833] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7411] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5833] newfstatat(3, "", [pid 7449] close(3 [pid 7411] <... openat resumed>) = 5 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7449] <... close resumed>) = 0 [pid 7411] ioctl(5, LOOP_SET_FD, 4 [pid 5833] getdents64(3, [pid 7449] close(4 [pid 7411] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7411] ioctl(5, LOOP_CLR_FD [pid 5833] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7449] <... close resumed>) = 0 [pid 7411] <... ioctl resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./16/binderfs", [pid 7449] mkdir("./file0", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7449] <... mkdir resumed>) = 0 [pid 5833] unlink("./16/binderfs" [pid 7449] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7418] <... mount resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 7418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7411] ioctl(5, LOOP_SET_FD, 4 [pid 5833] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7418] <... openat resumed>) = 3 [pid 7411] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7418] chdir("./file0" [pid 7411] close(5 [pid 7418] <... chdir resumed>) = 0 [pid 7411] <... close resumed>) = 0 [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7411] close(4 [pid 7418] <... openat resumed>) = 4 [pid 7418] ioctl(4, LOOP_CLR_FD) = 0 [ 117.402821][ T7449] loop0: detected capacity change from 0 to 32768 [pid 7418] close(4) = 0 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7418] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7414] <... futex resumed>) = 0 [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7418] <... futex resumed>) = 0 [pid 7418] memfd_create("syzkaller", 0) = 4 [ 117.466103][ T7449] BTRFS: device /dev/loop0 (7:0) using temp-fsid d0d6e0f2-3b08-469a-9817-eebe38067de2 [ 117.502837][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 117.516389][ T7449] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7449) [ 117.597256][ T7449] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 117.642355][ T7449] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 117.651061][ T7449] BTRFS info (device loop0): using free-space-tree [pid 7411] <... close resumed>) = 0 [pid 7451] <... write resumed>) = 16777216 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7451] munmap(0x7fb775000000, 138412032 [pid 5833] <... umount2 resumed>) = 0 [pid 7411] <... futex resumed>) = 1 [pid 7410] <... futex resumed>) = 0 [pid 5833] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7411] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7411] <... futex resumed>) = 0 [pid 7410] <... futex resumed>) = 1 [pid 5833] newfstatat(AT_FDCWD, "./16/file0", [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7411] rename("./file1", "./file0/file0" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 7411] <... rename resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7411] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(4 [pid 7410] <... futex resumed>) = 1 [pid 7411] <... futex resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 7411] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7411] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] rmdir("./16/file0" [pid 7451] <... munmap resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./16") = 0 [pid 5833] mkdir("./17", 0777 [pid 7451] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... mkdir resumed>) = 0 [pid 7451] <... openat resumed>) = 4 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7451] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... openat resumed>) = 3 [pid 7418] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3 [pid 7451] <... ioctl resumed>) = 0 [pid 7451] close(3) = 0 [pid 7451] close(4) = 0 [pid 7451] mkdir("./file0", 0777) = 0 [ 117.788172][ T7451] loop2: detected capacity change from 0 to 32768 [ 117.815387][ T7411] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 117.866106][ T7451] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7451) [ 117.896787][ T7411] BTRFS info (device loop3 state M): setting nodatasum [pid 7451] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7449] <... mount resumed>) = 0 [pid 7449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7449] chdir("./file0") = 0 [pid 7449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7449] ioctl(4, LOOP_CLR_FD) = 0 [pid 7449] close(4) = 0 [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7449] memfd_create("syzkaller", 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7449] <... memfd_create resumed>) = 4 [pid 7446] <... futex resumed>) = 0 [pid 7449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7449] <... mmap resumed>) = 0x7fb775000000 [ 117.931224][ T7451] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 117.942311][ T7451] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 117.950995][ T7451] BTRFS info (device loop2): using free-space-tree [ 117.957912][ T7411] BTRFS info (device loop3 state M): setting nodatasum [ 117.965965][ T7411] BTRFS info (device loop3 state M): turning off barriers [ 117.973428][ T7411] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 7411] <... mount resumed>) = 0 [pid 7411] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7411] chdir(".") = 0 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7410] <... futex resumed>) = 0 [pid 7411] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7410] exit_group(0 [pid 7411] <... futex resumed>) = ? [pid 7410] <... exit_group resumed>) = ? [pid 7411] +++ exited with 0 +++ [pid 7410] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7410, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=54 /* 0.54 s */} --- [ 117.981098][ T7411] BTRFS info (device loop3 state M): force clearing of disk cache [ 117.989354][ T7411] BTRFS info (device loop3 state M): doing ref verification [ 117.997087][ T7411] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./16/binderfs") = 0 [ 118.076892][ T5832] BTRFS info (device loop3): last unmount of filesystem 55d6e47c-0265-42f4-afa9-6c9b49fa9c5e [pid 5832] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7451] <... mount resumed>) = 0 [pid 7451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7451] chdir("./file0") = 0 [pid 7451] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7451] ioctl(4, LOOP_CLR_FD) = 0 [pid 7451] close(4) = 0 [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7451] memfd_create("syzkaller", 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] <... memfd_create resumed>) = 4 [pid 7451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7418] <... write resumed>) = 16777216 [pid 7418] munmap(0x7fb775000000, 138412032 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7502 attached [pid 7502] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7502 [pid 7502] <... set_robust_list resumed>) = 0 [pid 7502] chdir("./17") = 0 [pid 7502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7502] setpgid(0, 0) = 0 [pid 7502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7502] write(3, "1000", 4) = 4 [pid 7502] close(3) = 0 [pid 7418] <... munmap resumed>) = 0 [pid 7502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7502] write(1, "executing program\n", 18executing program ) = 18 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7502] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7502] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7503 attached => {parent_tid=[7503]}, 88) = 7503 [pid 7502] rt_sigprocmask(SIG_SETMASK, [], [pid 7503] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7503] <... rseq resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7503] set_robust_list(0x7fb77d6019a0, 24 [pid 7502] <... futex resumed>) = 0 [pid 7503] <... set_robust_list resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7503] memfd_create("syzkaller", 0) = 3 [pid 7503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 7418] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7418] ioctl(5, LOOP_CLR_FD) = 0 [pid 7418] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7418] close(5) = 0 [pid 7418] close(4 [pid 7449] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7451] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./16/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./16") = 0 [pid 5832] mkdir("./17", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7506 attached [pid 7418] <... close resumed>) = 0 [pid 7506] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7506 [pid 7506] <... set_robust_list resumed>) = 0 [pid 7506] chdir("./17") = 0 [pid 7503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7418] <... futex resumed>) = 1 [pid 7414] <... futex resumed>) = 0 [pid 7418] rename("./file1", "./file0/file0" [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] <... prctl resumed>) = 0 [pid 7414] <... futex resumed>) = 0 [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7506] setpgid(0, 0) = 0 [pid 7506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7506] write(3, "1000", 4) = 4 [pid 7506] close(3) = 0 [pid 7506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7506] write(1, "executing program\n", 18executing program ) = 18 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7506] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7418] <... rename resumed>) = 0 [pid 7506] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7418] <... futex resumed>) = 1 [pid 7414] <... futex resumed>) = 0 [pid 7506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7418] mkdir(".", 0777 [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7414] <... futex resumed>) = 0 [pid 7506] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7418] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7506] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7507 attached [pid 7418] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7506] <... clone3 resumed> => {parent_tid=[7507]}, 88) = 7507 [pid 7506] rt_sigprocmask(SIG_SETMASK, [], [pid 7507] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7507] <... rseq resumed>) = 0 [pid 7507] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7507] memfd_create("syzkaller", 0) = 3 [pid 7507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 118.752985][ T7418] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 118.801603][ T7418] BTRFS info (device loop1 state M): setting nodatasum [ 118.821601][ T7418] BTRFS info (device loop1 state M): setting nodatasum [ 118.841645][ T7418] BTRFS info (device loop1 state M): turning off barriers [ 118.861610][ T7418] BTRFS info (device loop1 state M): turning on flush-on-commit [ 118.892017][ T7418] BTRFS info (device loop1 state M): force clearing of disk cache [ 118.899943][ T7418] BTRFS info (device loop1 state M): doing ref verification [pid 7418] <... mount resumed>) = 0 [pid 7418] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7418] chdir(".") = 0 [pid 7449] <... write resumed>) = 16777216 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7414] <... futex resumed>) = 0 [pid 7418] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7414] exit_group(0 [pid 7418] <... futex resumed>) = ? [pid 7414] <... exit_group resumed>) = ? [pid 7418] +++ exited with 0 +++ [pid 7414] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7414, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=60 /* 0.60 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [ 118.922679][ T7418] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7449] munmap(0x7fb775000000, 138412032 [pid 7451] <... write resumed>) = 16777216 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./16/binderfs") = 0 [pid 5830] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7451] munmap(0x7fb775000000, 138412032 [pid 7449] <... munmap resumed>) = 0 [pid 7449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7449] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7449] ioctl(5, LOOP_CLR_FD) = 0 [pid 7449] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7451] <... munmap resumed>) = 0 [pid 7449] close(5 [pid 7451] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7449] <... close resumed>) = 0 [pid 7451] <... openat resumed>) = 5 [pid 7451] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7449] close(4 [pid 7451] ioctl(5, LOOP_CLR_FD) = 0 [pid 7503] <... write resumed>) = 16777216 [pid 7451] ioctl(5, LOOP_SET_FD, 4 [pid 7503] munmap(0x7fb775000000, 138412032 [pid 7451] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7451] close(5) = 0 [ 119.005377][ T5830] BTRFS info (device loop1): last unmount of filesystem e8830850-d67a-4307-b1dd-4341c754b76e [pid 7451] close(4 [pid 7507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7503] <... munmap resumed>) = 0 [pid 7503] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7503] close(3) = 0 [pid 7503] close(4) = 0 [ 119.103323][ T7503] loop4: detected capacity change from 0 to 32768 [pid 7503] mkdir("./file0", 0777) = 0 [ 119.181165][ T7503] BTRFS: device /dev/loop4 (7:4) using temp-fsid ff6dc4c5-7f3d-45d5-bf38-108ba9e312a9 [ 119.218437][ T7503] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7503) [pid 7503] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 7449] <... close resumed>) = 0 [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7449] rename("./file1", "./file0/file0" [pid 7446] <... futex resumed>) = 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7451] <... close resumed>) = 0 [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.301655][ T7503] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 119.339635][ T7503] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 7451] rename("./file1", "./file0/file0" [pid 7449] <... rename resumed>) = 0 [pid 7451] <... rename resumed>) = 0 [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7449] mkdir(".", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./16/file0", [pid 7451] <... futex resumed>) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7449] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7449] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7450] <... futex resumed>) = 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7451] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [ 119.404335][ T7503] BTRFS info (device loop4): using free-space-tree [pid 5830] rmdir("./16/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./16") = 0 [pid 5830] mkdir("./17", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 119.460645][ T7449] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 119.472599][ T7451] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7523 attached , child_tidptr=0x55558bffa690) = 7523 [pid 7523] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7523] chdir("./17") = 0 [pid 7523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7523] setpgid(0, 0) = 0 [ 119.529735][ T7449] BTRFS info (device loop0 state M): setting nodatasum [ 119.538188][ T7451] BTRFS info (device loop2 state M): setting nodatasum [ 119.563088][ T7449] BTRFS info (device loop0 state M): setting nodatasum [ 119.571187][ T7449] BTRFS info (device loop0 state M): turning off barriers [pid 7523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7523] write(3, "1000", 4) = 4 [ 119.579312][ T7449] BTRFS info (device loop0 state M): turning on flush-on-commit [ 119.581203][ T7451] BTRFS info (device loop2 state M): setting nodatasum [ 119.588375][ T7449] BTRFS info (device loop0 state M): force clearing of disk cache [ 119.601129][ T7451] BTRFS info (device loop2 state M): turning off barriers [ 119.609268][ T7451] BTRFS info (device loop2 state M): turning on flush-on-commit [ 119.618078][ T7451] BTRFS info (device loop2 state M): force clearing of disk cache [pid 7523] close(3executing program ) = 0 [pid 7503] <... mount resumed>) = 0 [pid 7503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7503] chdir("./file0") = 0 [pid 7503] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7503] ioctl(4, LOOP_CLR_FD) = 0 [pid 7503] close(4) = 0 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7503] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7523] write(1, "executing program\n", 18) = 18 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7502] <... futex resumed>) = 0 [pid 7451] <... mount resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7523] <... futex resumed>) = 0 [pid 7523] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7523] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7503] <... futex resumed>) = 0 [pid 7502] <... futex resumed>) = 1 [pid 7503] memfd_create("syzkaller", 0 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7503] <... memfd_create resumed>) = 4 [pid 7503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7451] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7523] <... clone3 resumed> => {parent_tid=[7527]}, 88) = 7527 [pid 7451] <... openat resumed>) = 4 [pid 7523] rt_sigprocmask(SIG_SETMASK, [], [pid 7451] chdir("."./strace-static-x86_64: Process 7527 attached [pid 7523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7451] <... chdir resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] <... futex resumed>) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7527] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7451] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7527] <... rseq resumed>) = 0 [pid 7450] exit_group(0 [pid 7527] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7527] memfd_create("syzkaller", 0 [pid 7451] <... futex resumed>) = ? [pid 7450] <... exit_group resumed>) = ? [pid 7449] <... mount resumed>) = 0 [pid 7451] +++ exited with 0 +++ [pid 7527] <... memfd_create resumed>) = 3 [pid 7450] +++ exited with 0 +++ [pid 7449] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7449] <... openat resumed>) = 4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7450, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=71 /* 0.71 s */} --- [pid 7527] <... mmap resumed>) = 0x7fb775000000 [ 119.626618][ T7451] BTRFS info (device loop2 state M): doing ref verification [ 119.634273][ T7451] BTRFS info (device loop2 state M): max_inline set to 26856 [ 119.642607][ T7449] BTRFS info (device loop0 state M): doing ref verification [ 119.649930][ T7449] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7449] chdir("." [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 7449] <... chdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./17/binderfs") = 0 [pid 5831] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7449] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7446] exit_group(0 [pid 7449] <... futex resumed>) = ? [pid 7446] <... exit_group resumed>) = ? [pid 7449] +++ exited with 0 +++ [pid 7446] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7446, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=57 /* 0.57 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./16/binderfs") = 0 [pid 5829] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7507] <... write resumed>) = 16777216 [ 119.686973][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 119.726995][ T5829] BTRFS info (device loop0): last unmount of filesystem d0d6e0f2-3b08-469a-9817-eebe38067de2 [pid 7507] munmap(0x7fb775000000, 138412032) = 0 [pid 7507] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7507] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7507] close(3) = 0 [pid 7507] close(4) = 0 [pid 7507] mkdir("./file0", 0777) = 0 [ 119.785590][ T7507] loop3: detected capacity change from 0 to 32768 [ 119.824608][ T7507] BTRFS: device /dev/loop3 (7:3) using temp-fsid db7fbd10-5a0b-47fc-901d-407e57e4fb25 [ 119.867085][ T7507] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7507) [pid 7507] mount("/dev/loop3", "./file0", "btrfs", 0, "" [ 119.916781][ T7507] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 119.945506][ T7507] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 7503] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 119.976992][ T7507] BTRFS info (device loop3): using free-space-tree [pid 7527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./16/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./16") = 0 [pid 5829] mkdir("./17", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7542 ./strace-static-x86_64: Process 7542 attached [pid 7542] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7542] chdir("./17" [pid 5831] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7542] <... chdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./17/file0", [pid 7542] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7542] <... prctl resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 7542] setpgid(0, 0 [pid 5831] newfstatat(4, "", [pid 7542] <... setpgid resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 7542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7542] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 7542] write(3, "1000", 4 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7542] <... write resumed>) = 4 [pid 5831] close(4 [pid 7542] close(3 [pid 5831] <... close resumed>) = 0 [pid 7542] <... close resumed>) = 0 [pid 5831] rmdir("./17/file0" [pid 7542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] <... rmdir resumed>) = 0 executing program [pid 7542] write(1, "executing program\n", 18 [pid 5831] getdents64(3, [pid 7542] <... write resumed>) = 18 [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7542] <... futex resumed>) = 0 [pid 5831] close(3 [pid 7542] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5831] <... close resumed>) = 0 [pid 7542] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] rmdir("./17" [pid 7542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... rmdir resumed>) = 0 [pid 7542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 5831] mkdir("./18", 0777 [pid 7542] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7542] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... mkdir resumed>) = 0 [pid 7542] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 7545 attached [pid 7545] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5831] <... openat resumed>) = 3 [pid 7545] <... rseq resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 7545] set_robust_list(0x7fb77d6019a0, 24 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7545] <... set_robust_list resumed>) = 0 [pid 5831] close(3 [pid 7545] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... close resumed>) = 0 [pid 7545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7542] <... clone3 resumed> => {parent_tid=[7545]}, 88) = 7545 [pid 7507] <... mount resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7545] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7542] rt_sigprocmask(SIG_SETMASK, [], [pid 7507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7507] <... openat resumed>) = 3 ./strace-static-x86_64: Process 7546 attached [pid 7542] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7507] chdir("./file0" [pid 7546] set_robust_list(0x55558bffa6a0, 24 [pid 7545] <... futex resumed>) = 0 [pid 7542] <... futex resumed>) = 1 [pid 7507] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7546 [pid 7546] <... set_robust_list resumed>) = 0 [pid 7545] memfd_create("syzkaller", 0 [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7507] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7546] chdir("./18" [pid 7545] <... memfd_create resumed>) = 3 [pid 7507] <... openat resumed>) = 4 [pid 7545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7507] ioctl(4, LOOP_CLR_FD [pid 7545] <... mmap resumed>) = 0x7fb775000000 [pid 7507] <... ioctl resumed>) = 0 [pid 7507] close(4) = 0 [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7546] <... chdir resumed>) = 0 [pid 7507] <... futex resumed>) = 1 [pid 7506] <... futex resumed>) = 0 [pid 7546] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7507] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7546] <... prctl resumed>) = 0 [pid 7507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7506] <... futex resumed>) = 0 [pid 7546] setpgid(0, 0 [pid 7507] memfd_create("syzkaller", 0 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7546] <... setpgid resumed>) = 0 [pid 7546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7507] <... memfd_create resumed>) = 4 [pid 7507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7546] <... openat resumed>) = 3 [pid 7507] <... mmap resumed>) = 0x7fb775000000 [pid 7546] write(3, "1000", 4) = 4 [pid 7546] close(3) = 0 [pid 7503] <... write resumed>) = 16777216 [pid 7546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7503] munmap(0x7fb775000000, 138412032 executing program [pid 7546] write(1, "executing program\n", 18 [pid 7503] <... munmap resumed>) = 0 [pid 7546] <... write resumed>) = 18 [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7503] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7546] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7503] <... openat resumed>) = 5 [pid 7546] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7503] ioctl(5, LOOP_SET_FD, 4 [pid 7546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7503] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7503] ioctl(5, LOOP_CLR_FD [pid 7546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7503] <... ioctl resumed>) = 0 [pid 7546] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7546] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7503] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7503] close(5./strace-static-x86_64: Process 7547 attached [pid 7547] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7503] <... close resumed>) = 0 [pid 7503] close(4 [pid 7547] <... rseq resumed>) = 0 [pid 7547] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7547] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] <... clone3 resumed> => {parent_tid=[7547]}, 88) = 7547 [pid 7546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7547] <... futex resumed>) = 0 [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7547] memfd_create("syzkaller", 0) = 3 [pid 7547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7507] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7503] <... close resumed>) = 0 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7502] <... futex resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7503] rename("./file1", "./file0/file0") = 0 [pid 7527] <... write resumed>) = 16777216 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7527] munmap(0x7fb775000000, 138412032 [pid 7503] <... futex resumed>) = 1 [pid 7502] <... futex resumed>) = 0 [pid 7503] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7503] <... futex resumed>) = 0 [pid 7502] <... futex resumed>) = 1 [pid 7503] mkdir(".", 0777 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7503] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7503] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7527] <... munmap resumed>) = 0 [pid 7527] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 120.669637][ T7527] loop1: detected capacity change from 0 to 32768 [ 120.669837][ T7503] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 7527] close(3) = 0 [pid 7527] close(4) = 0 [pid 7527] mkdir("./file0", 0777) = 0 [ 120.721598][ T7503] BTRFS info (device loop4 state M): setting nodatasum [ 120.758438][ T7503] BTRFS info (device loop4 state M): setting nodatasum [ 120.766888][ T7527] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7527) [ 120.798996][ T7503] BTRFS info (device loop4 state M): turning off barriers [ 120.806439][ T7527] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 120.827853][ T7503] BTRFS info (device loop4 state M): turning on flush-on-commit [ 120.828389][ T7527] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 120.861634][ T7527] BTRFS info (device loop1): using free-space-tree [ 120.861768][ T7503] BTRFS info (device loop4 state M): force clearing of disk cache [pid 7527] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7507] <... write resumed>) = 16777216 [pid 7507] munmap(0x7fb775000000, 138412032 [pid 7503] <... mount resumed>) = 0 [pid 7507] <... munmap resumed>) = 0 [pid 7503] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7503] chdir(".") = 0 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7502] <... futex resumed>) = 0 [pid 7502] exit_group(0) = ? [pid 7507] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 7507] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7507] ioctl(5, LOOP_CLR_FD) = 0 [pid 7503] +++ exited with 0 +++ [pid 7502] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7502, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=71 /* 0.71 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7507] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7507] close(5) = 0 [pid 7507] close(4 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./17/binderfs") = 0 [ 120.906943][ T7503] BTRFS info (device loop4 state M): doing ref verification [ 120.915421][ T7503] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7527] <... mount resumed>) = 0 [pid 7527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7527] chdir("./file0") = 0 [pid 7527] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7527] ioctl(4, LOOP_CLR_FD) = 0 [pid 7527] close(4) = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7545] <... write resumed>) = 16777216 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 120.966244][ T5833] BTRFS info (device loop4): last unmount of filesystem ff6dc4c5-7f3d-45d5-bf38-108ba9e312a9 [pid 7527] memfd_create("syzkaller", 0) = 4 [pid 7527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7545] munmap(0x7fb775000000, 138412032) = 0 [pid 7545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7545] close(3) = 0 [pid 7545] close(4) = 0 [pid 7545] mkdir("./file0", 0777) = 0 [ 121.117486][ T7545] loop0: detected capacity change from 0 to 32768 [pid 7545] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7547] <... write resumed>) = 16777216 [ 121.170532][ T7545] BTRFS: device /dev/loop0 (7:0) using temp-fsid b97ae5cb-e052-4aa3-bd85-7f4f29453738 [ 121.196103][ T7545] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7545) [pid 7547] munmap(0x7fb775000000, 138412032 [pid 7507] <... close resumed>) = 0 [pid 7547] <... munmap resumed>) = 0 [pid 7547] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 121.252631][ T7545] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 121.283412][ T7545] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 121.284681][ T7547] loop2: detected capacity change from 0 to 32768 [pid 7547] ioctl(4, LOOP_SET_FD, 3 [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7507] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7506] <... futex resumed>) = 0 [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7507] <... futex resumed>) = 0 [pid 7507] rename("./file1", "./file0/file0" [pid 7547] <... ioctl resumed>) = 0 [pid 7547] close(3) = 0 [pid 7507] <... rename resumed>) = 0 [pid 7547] close(4) = 0 [pid 7547] mkdir("./file0", 0777) = 0 [pid 7547] mount("/dev/loop2", "./file0", "btrfs", 0, "" [ 121.309619][ T7545] BTRFS info (device loop0): using free-space-tree [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7527] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7507] <... futex resumed>) = 1 [pid 7506] <... futex resumed>) = 0 [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7507] mkdir(".", 0777) = -1 EEXIST (File exists) [ 121.353559][ T7547] BTRFS: device /dev/loop2 (7:2) using temp-fsid b6805e05-5997-4701-a4ef-0b086314ca84 [ 121.398854][ T7507] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 121.412967][ T7547] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7547) [ 121.431783][ T7507] BTRFS info (device loop3 state M): setting nodatasum [ 121.438867][ T7507] BTRFS info (device loop3 state M): setting nodatasum [pid 7507] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./17/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./17") = 0 [pid 5833] mkdir("./18", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [ 121.459167][ T7507] BTRFS info (device loop3 state M): turning off barriers [ 121.466701][ T7507] BTRFS info (device loop3 state M): turning on flush-on-commit [ 121.476683][ T7507] BTRFS info (device loop3 state M): force clearing of disk cache [ 121.484844][ T7507] BTRFS info (device loop3 state M): doing ref verification [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7576 attached , child_tidptr=0x55558bffa690) = 7576 [pid 7507] <... mount resumed>) = 0 [pid 7576] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7576] chdir("./18" [pid 7507] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7576] <... chdir resumed>) = 0 [pid 7576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7507] <... openat resumed>) = 4 [pid 7576] <... prctl resumed>) = 0 [pid 7576] setpgid(0, 0) = 0 [pid 7507] chdir("." [pid 7576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7507] <... chdir resumed>) = 0 [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7506] <... futex resumed>) = 0 [pid 7507] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7576] <... openat resumed>) = 3 [pid 7506] exit_group(0 [pid 7507] <... futex resumed>) = ? [pid 7506] <... exit_group resumed>) = ? [pid 7576] write(3, "1000", 4 [pid 7507] +++ exited with 0 +++ [pid 7506] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7506, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=67 /* 0.67 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 121.503052][ T7507] BTRFS info (device loop3 state M): max_inline set to 26856 [ 121.517874][ T7547] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7576] <... write resumed>) = 4 [pid 5832] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7576] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./17/binderfs") = 0 [pid 5832] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7576] <... close resumed>) = 0 [pid 7576] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7576] write(1, "executing program\n", 18) = 18 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7576] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7576] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7584]}, 88) = 7584 ./strace-static-x86_64: Process 7584 attached [pid 7576] rt_sigprocmask(SIG_SETMASK, [], [pid 7584] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7584] <... rseq resumed>) = 0 [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] set_robust_list(0x7fb77d6019a0, 24 [pid 7576] <... futex resumed>) = 0 [pid 7584] <... set_robust_list resumed>) = 0 [pid 7584] rt_sigprocmask(SIG_SETMASK, [], [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7584] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 121.565087][ T5832] BTRFS info (device loop3): last unmount of filesystem db7fbd10-5a0b-47fc-901d-407e57e4fb25 [ 121.582837][ T7547] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 7584] memfd_create("syzkaller", 0 [pid 7545] <... mount resumed>) = 0 [pid 7584] <... memfd_create resumed>) = 3 [pid 7545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7545] chdir("./file0" [pid 7584] <... mmap resumed>) = 0x7fb775000000 [pid 7545] <... chdir resumed>) = 0 [pid 7545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7545] ioctl(4, LOOP_CLR_FD) = 0 [pid 7545] close(4) = 0 [ 121.610243][ T7547] BTRFS info (device loop2): using free-space-tree [pid 7545] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7542] <... futex resumed>) = 0 [pid 7542] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7545] memfd_create("syzkaller", 0 [pid 7542] <... futex resumed>) = 0 [pid 7545] <... memfd_create resumed>) = 4 [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7547] <... mount resumed>) = 0 [pid 7547] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7547] chdir("./file0") = 0 [pid 7547] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7547] ioctl(4, LOOP_CLR_FD) = 0 [pid 7547] close(4) = 0 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7547] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7546] <... futex resumed>) = 0 [pid 7547] memfd_create("syzkaller", 0 [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7547] <... memfd_create resumed>) = 4 [pid 7547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./17/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 7527] <... write resumed>) = 16777216 [pid 5832] rmdir("./17") = 0 [pid 5832] mkdir("./18", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7600 attached , child_tidptr=0x55558bffa690) = 7600 [pid 7600] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7600] chdir("./18" [pid 7527] munmap(0x7fb775000000, 138412032 [pid 7600] <... chdir resumed>) = 0 [pid 7600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7600] setpgid(0, 0) = 0 [pid 7600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7527] <... munmap resumed>) = 0 [pid 7600] <... openat resumed>) = 3 [pid 7600] write(3, "1000", 4) = 4 [pid 7600] close(3 [pid 7547] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7600] <... close resumed>) = 0 [pid 7600] symlink("/dev/binderfs", "./binderfs" [pid 7545] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7527] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7600] <... symlink resumed>) = 0 [pid 7527] <... openat resumed>) = 5 [pid 7527] ioctl(5, LOOP_SET_FD, 4 [pid 7600] write(1, "executing program\n", 18 [pid 7527] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7527] ioctl(5, LOOP_CLR_FDexecuting program [pid 7600] <... write resumed>) = 18 [pid 7527] <... ioctl resumed>) = 0 [pid 7527] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7527] close(5) = 0 [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7600] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7527] close(4 [pid 7600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7600] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7601 attached [pid 7601] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7600] <... clone3 resumed> => {parent_tid=[7601]}, 88) = 7601 [pid 7601] <... rseq resumed>) = 0 [pid 7600] rt_sigprocmask(SIG_SETMASK, [], [pid 7601] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7601] rt_sigprocmask(SIG_SETMASK, [], [pid 7600] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7600] <... futex resumed>) = 0 [pid 7601] memfd_create("syzkaller", 0 [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7601] <... memfd_create resumed>) = 3 [pid 7601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7527] <... close resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7584] <... write resumed>) = 16777216 [pid 7527] rename("./file1", "./file0/file0" [pid 7584] munmap(0x7fb775000000, 138412032 [pid 7527] <... rename resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7523] <... futex resumed>) = 0 [pid 7527] mkdir(".", 0777 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7527] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7584] <... munmap resumed>) = 0 [pid 7527] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7584] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7584] close(3) = 0 [pid 7584] close(4) = 0 [pid 7584] mkdir("./file0", 0777) = 0 [ 122.361181][ T7527] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 122.383139][ T7584] loop4: detected capacity change from 0 to 32768 [ 122.389698][ T7527] BTRFS info (device loop1 state M): setting nodatasum [pid 7584] mount("/dev/loop4", "./file0", "btrfs", 0, "" [ 122.408910][ T7584] BTRFS: device /dev/loop4 (7:4) using temp-fsid 706f90f5-c6c5-4a9d-9667-c4ad004708c0 [ 122.424155][ T7584] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7584) [ 122.445395][ T7527] BTRFS info (device loop1 state M): setting nodatasum [pid 7601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7545] <... write resumed>) = 16777216 [pid 7547] <... write resumed>) = 16777216 [pid 7545] munmap(0x7fb775000000, 138412032 [ 122.461761][ T7527] BTRFS info (device loop1 state M): turning off barriers [ 122.483356][ T7527] BTRFS info (device loop1 state M): turning on flush-on-commit [ 122.491865][ T7527] BTRFS info (device loop1 state M): force clearing of disk cache [ 122.499719][ T7527] BTRFS info (device loop1 state M): doing ref verification [pid 7547] munmap(0x7fb775000000, 138412032 [pid 7545] <... munmap resumed>) = 0 [pid 7547] <... munmap resumed>) = 0 [pid 7545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7545] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7545] ioctl(5, LOOP_CLR_FD) = 0 [pid 7547] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7547] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7547] ioctl(5, LOOP_CLR_FD) = 0 [pid 7545] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7545] close(5) = 0 [pid 7545] close(4 [pid 7547] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7547] close(5) = 0 [pid 7547] close(4 [pid 7527] <... mount resumed>) = 0 [ 122.518903][ T7527] BTRFS info (device loop1 state M): max_inline set to 26856 [ 122.527183][ T7584] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7527] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7527] chdir(".") = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7523] exit_group(0) = ? [pid 7527] <... futex resumed>) = ? [pid 7527] +++ exited with 0 +++ [pid 7523] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7523, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=52 /* 0.52 s */} --- [ 122.565260][ T7584] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 122.597420][ T7584] BTRFS info (device loop4): using free-space-tree [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./17/binderfs") = 0 [pid 5830] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7601] <... write resumed>) = 16777216 [ 122.722128][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7601] munmap(0x7fb775000000, 138412032) = 0 [pid 7601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7545] <... close resumed>) = 0 [pid 7601] <... openat resumed>) = 4 [pid 7584] <... mount resumed>) = 0 [pid 7601] ioctl(4, LOOP_SET_FD, 3 [pid 7584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7545] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7584] <... openat resumed>) = 3 [pid 7542] <... futex resumed>) = 0 [pid 7542] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7584] chdir("./file0" [pid 7545] rename("./file1", "./file0/file0" [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7601] <... ioctl resumed>) = 0 [pid 7584] <... chdir resumed>) = 0 [pid 7601] close(3 [pid 7584] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7601] <... close resumed>) = 0 [pid 7584] <... openat resumed>) = 4 [ 122.818022][ T7601] loop3: detected capacity change from 0 to 32768 [pid 7601] close(4) = 0 [pid 7547] <... close resumed>) = 0 [pid 7601] mkdir("./file0", 0777 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] <... mkdir resumed>) = 0 [pid 7584] ioctl(4, LOOP_CLR_FD [pid 7547] <... futex resumed>) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7601] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7547] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7546] <... futex resumed>) = 0 [pid 7584] <... ioctl resumed>) = 0 [pid 7547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7542] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] close(4 [pid 7542] <... futex resumed>) = 0 [pid 7584] <... close resumed>) = 0 [pid 7542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7584] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] <... mmap resumed>) = 0x7fb77d5c0000 [pid 7584] <... futex resumed>) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7542] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE [pid 7584] memfd_create("syzkaller", 0 [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] <... mprotect resumed>) = 0 [pid 7584] <... memfd_create resumed>) = 4 [pid 7576] <... futex resumed>) = 0 [pid 7542] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7542] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7584] <... mmap resumed>) = 0x7fb775000000 [pid 7545] <... rename resumed>) = 0 [pid 7542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 7621 attached [pid 7547] rename("./file1", "./file0/file0" [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7542] <... clone3 resumed> => {parent_tid=[7621]}, 88) = 7621 [pid 7542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7542] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7621] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 7545] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7621] <... rseq resumed>) = 0 [pid 7621] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 7545] <... futex resumed>) = 0 [pid 7545] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 122.903395][ T7601] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7601) [pid 7621] mkdir(".", 0777 [pid 7547] <... rename resumed>) = 0 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7621] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7621] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7547] <... futex resumed>) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7547] mkdir(".", 0777 [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7547] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 122.950089][ T7601] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 122.993958][ T7621] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 123.012169][ T7601] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 123.034327][ T7547] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 123.041845][ T7621] BTRFS info (device loop0 state M): setting nodatasum [ 123.062156][ T7601] BTRFS info (device loop3): using free-space-tree [ 123.073707][ T7621] BTRFS info (device loop0 state M): setting nodatasum [ 123.080610][ T7621] BTRFS info (device loop0 state M): turning off barriers [ 123.081601][ T7547] BTRFS info (device loop2 state M): setting nodatasum [ 123.125997][ T7621] BTRFS info (device loop0 state M): turning on flush-on-commit [ 123.126578][ T7547] BTRFS info (device loop2 state M): setting nodatasum [ 123.140726][ T7547] BTRFS info (device loop2 state M): turning off barriers [ 123.147921][ T7547] BTRFS info (device loop2 state M): turning on flush-on-commit [ 123.162923][ T7547] BTRFS info (device loop2 state M): force clearing of disk cache [pid 7547] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"...) = 0 [pid 7547] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7547] chdir(".") = 0 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7546] exit_group(0) = ? [ 123.170794][ T7547] BTRFS info (device loop2 state M): doing ref verification [ 123.178308][ T7547] BTRFS info (device loop2 state M): max_inline set to 26856 [ 123.192673][ T7621] BTRFS info (device loop0 state M): force clearing of disk cache [ 123.201100][ T7621] BTRFS info (device loop0 state M): doing ref verification [pid 7547] +++ exited with 0 +++ [pid 7546] +++ exited with 0 +++ [pid 5830] <... umount2 resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7546, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=59 /* 0.59 s */} --- [pid 5830] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./17/file0", [pid 5831] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7621] <... mount resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7621] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7621] chdir("." [pid 5831] newfstatat(3, "", [pid 5830] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7621] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7621] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(3, [pid 5830] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7621] <... futex resumed>) = 1 [pid 7542] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7542] exit_group(0 [pid 5830] <... openat resumed>) = 4 [ 123.218697][ T7621] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7545] <... futex resumed>) = ? [pid 7542] <... exit_group resumed>) = ? [pid 5831] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 7545] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5830] getdents64(4, [pid 7621] +++ exited with 0 +++ [pid 7542] +++ exited with 0 +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] unlink("./18/binderfs" [pid 5830] getdents64(4, [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7542, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=63 /* 0.63 s */} --- [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] close(4 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./17/file0") = 0 [pid 5830] getdents64(3, [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./17/binderfs") = 0 [pid 5829] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7584] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./17") = 0 [pid 5830] mkdir("./18", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7638 ./strace-static-x86_64: Process 7638 attached [pid 7601] <... mount resumed>) = 0 [pid 7638] set_robust_list(0x55558bffa6a0, 24 [pid 7601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7638] <... set_robust_list resumed>) = 0 [pid 7638] chdir("./18") = 0 [pid 7601] chdir("./file0" [pid 7638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7601] <... chdir resumed>) = 0 [pid 7601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7638] setpgid(0, 0 [pid 7601] <... openat resumed>) = 4 [pid 7638] <... setpgid resumed>) = 0 [pid 7638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7601] ioctl(4, LOOP_CLR_FD) = 0 [pid 7638] <... openat resumed>) = 3 [pid 7601] close(4) = 0 [pid 7638] write(3, "1000", 4 [pid 7601] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7638] <... write resumed>) = 4 [pid 7600] <... futex resumed>) = 0 [pid 7601] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7600] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7638] close(3 [pid 7601] <... futex resumed>) = 0 [pid 7600] <... futex resumed>) = 1 [pid 7638] <... close resumed>) = 0 [pid 7601] memfd_create("syzkaller", 0 [pid 7638] symlink("/dev/binderfs", "./binderfs" [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7638] <... symlink resumed>) = 0 [ 123.273544][ T5831] BTRFS info (device loop2): last unmount of filesystem b6805e05-5997-4701-a4ef-0b086314ca84 [ 123.284556][ T5829] BTRFS info (device loop0): last unmount of filesystem b97ae5cb-e052-4aa3-bd85-7f4f29453738 executing program [pid 7638] write(1, "executing program\n", 18) = 18 [pid 7638] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] <... memfd_create resumed>) = 4 [pid 7601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7638] <... futex resumed>) = 0 [pid 7638] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7601] <... mmap resumed>) = 0x7fb775000000 [pid 7638] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7638] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7639 attached => {parent_tid=[7639]}, 88) = 7639 [pid 7639] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7638] rt_sigprocmask(SIG_SETMASK, [], [pid 7639] set_robust_list(0x7fb77d6019a0, 24 [pid 7638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7639] <... set_robust_list resumed>) = 0 [pid 7639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7639] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7638] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7639] <... futex resumed>) = 0 [pid 7639] memfd_create("syzkaller", 0) = 3 [pid 7638] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7584] <... write resumed>) = 16777216 [pid 7584] munmap(0x7fb775000000, 138412032) = 0 [pid 7584] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7584] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7584] ioctl(5, LOOP_CLR_FD) = 0 [pid 7584] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7584] close(5) = 0 [pid 7584] close(4 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./17/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./17") = 0 [pid 5829] mkdir("./18", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7640 ./strace-static-x86_64: Process 7640 attached [pid 5831] <... umount2 resumed>) = 0 [pid 7640] set_robust_list(0x55558bffa6a0, 24 [pid 5831] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7640] <... set_robust_list resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7640] chdir("./18" [pid 5831] newfstatat(AT_FDCWD, "./18/file0", [pid 7640] <... chdir resumed>) = 0 [pid 7640] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7640] <... prctl resumed>) = 0 [pid 5831] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7640] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7601] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... openat resumed>) = 4 [pid 7640] <... openat resumed>) = 3 [pid 5831] newfstatat(4, "", [pid 7640] write(3, "1000", 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7640] <... write resumed>) = 4 [pid 7640] close(3 [pid 5831] getdents64(4, [pid 7640] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7640] symlink("/dev/binderfs", "./binderfs" [pid 5831] getdents64(4, executing program [pid 7640] <... symlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7640] write(1, "executing program\n", 18 [pid 5831] close(4 [pid 7640] <... write resumed>) = 18 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./18/file0" [pid 7640] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 7640] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 5831] getdents64(3, [pid 7640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] close(3 [pid 7640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./18" [pid 7640] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7640] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... rmdir resumed>) = 0 [pid 7640] <... mprotect resumed>) = 0 [pid 5831] mkdir("./19", 0777 [pid 7640] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... mkdir resumed>) = 0 [pid 7640] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3./strace-static-x86_64: Process 7642 attached ) = 0 [pid 7640] <... clone3 resumed> => {parent_tid=[7642]}, 88) = 7642 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7642] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 ./strace-static-x86_64: Process 7643 attached [pid 7642] set_robust_list(0x7fb77d6019a0, 24 [pid 7640] rt_sigprocmask(SIG_SETMASK, [], [pid 7643] set_robust_list(0x55558bffa6a0, 24 [pid 7642] <... set_robust_list resumed>) = 0 [pid 7640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7643 [pid 7640] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7640] <... futex resumed>) = 0 [pid 7642] memfd_create("syzkaller", 0 [pid 7643] <... set_robust_list resumed>) = 0 [pid 7642] <... memfd_create resumed>) = 3 [pid 7640] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7643] chdir("./19" [pid 7642] <... mmap resumed>) = 0x7fb775000000 [pid 7643] <... chdir resumed>) = 0 [pid 7643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7643] setpgid(0, 0) = 0 [pid 7643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7643] write(3, "1000", 4) = 4 [pid 7643] close(3) = 0 [pid 7643] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7584] <... close resumed>) = 0 [pid 7643] write(1, "executing program\n", 18 [pid 7584] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7643] <... write resumed>) = 18 [pid 7643] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] <... futex resumed>) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7643] <... futex resumed>) = 0 [pid 7643] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7643] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7576] <... futex resumed>) = 0 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7584] rename("./file1", "./file0/file0" [pid 7643] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7643] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7644 attached [pid 7584] <... rename resumed>) = 0 [pid 7644] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7643] <... clone3 resumed> => {parent_tid=[7644]}, 88) = 7644 [pid 7644] <... rseq resumed>) = 0 [pid 7643] rt_sigprocmask(SIG_SETMASK, [], [pid 7644] set_robust_list(0x7fb77d6019a0, 24 [pid 7643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7644] <... set_robust_list resumed>) = 0 [pid 7643] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7584] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7644] rt_sigprocmask(SIG_SETMASK, [], [pid 7584] <... futex resumed>) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7584] mkdir(".", 0777 [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7576] <... futex resumed>) = 0 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7584] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7643] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7644] memfd_create("syzkaller", 0) = 3 [pid 7644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 123.958727][ T7584] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 123.996476][ T7584] BTRFS info (device loop4 state M): setting nodatasum [ 124.022652][ T7584] BTRFS info (device loop4 state M): setting nodatasum [ 124.052288][ T7584] BTRFS info (device loop4 state M): turning off barriers [ 124.059601][ T7584] BTRFS info (device loop4 state M): turning on flush-on-commit [ 124.091624][ T7584] BTRFS info (device loop4 state M): force clearing of disk cache [ 124.121302][ T7584] BTRFS info (device loop4 state M): doing ref verification [pid 7642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7639] <... write resumed>) = 16777216 [pid 7601] <... write resumed>) = 16777216 [pid 7584] <... mount resumed>) = 0 [pid 7601] munmap(0x7fb775000000, 138412032 [pid 7639] munmap(0x7fb775000000, 138412032 [pid 7584] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7584] chdir(".") = 0 [pid 7584] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7576] exit_group(0) = ? [pid 7584] +++ exited with 0 +++ [pid 7576] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7576, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=61 /* 0.61 s */} --- [pid 7601] <... munmap resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7639] <... munmap resumed>) = 0 [pid 7601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5833] <... restart_syscall resumed>) = 0 [pid 7639] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7601] <... openat resumed>) = 5 [pid 5833] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [ 124.140462][ T7584] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7639] ioctl(4, LOOP_SET_FD, 3 [pid 7601] ioctl(5, LOOP_SET_FD, 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7601] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7601] ioctl(5, LOOP_CLR_FD [pid 7639] <... ioctl resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 7639] close(3) = 0 [pid 5833] newfstatat(3, "", [pid 7639] close(4 [pid 7644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7639] <... close resumed>) = 0 [pid 7601] <... ioctl resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7639] mkdir("./file0", 0777) = 0 [pid 7639] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5833] getdents64(3, [pid 7601] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7601] close(5) = 0 [pid 7601] close(4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./18/binderfs") = 0 [ 124.196412][ T7639] loop1: detected capacity change from 0 to 32768 [ 124.217041][ T7639] BTRFS: device /dev/loop1 (7:1) using temp-fsid 9257a9c0-2cfc-496a-8090-9ce70991bff9 [ 124.248190][ T5833] BTRFS info (device loop4): last unmount of filesystem 706f90f5-c6c5-4a9d-9667-c4ad004708c0 [ 124.256982][ T7639] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7639) [ 124.326163][ T7639] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 124.351704][ T7639] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 124.402157][ T7639] BTRFS info (device loop1): using free-space-tree [pid 5833] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7601] <... close resumed>) = 0 [pid 7601] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7601] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7600] <... futex resumed>) = 0 [pid 7601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7600] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] rename("./file1", "./file0/file0" [pid 7600] <... futex resumed>) = 0 [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7601] <... rename resumed>) = 0 [pid 7601] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7600] <... futex resumed>) = 0 [pid 7601] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7600] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] mkdir(".", 0777 [pid 7600] <... futex resumed>) = 0 [pid 7601] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7601] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7639] <... mount resumed>) = 0 [pid 7639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7639] chdir("./file0") = 0 [pid 7639] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7639] ioctl(4, LOOP_CLR_FD) = 0 [pid 7639] close(4) = 0 [pid 7639] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7638] <... futex resumed>) = 0 [pid 7639] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7638] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7638] <... futex resumed>) = 0 [pid 7639] memfd_create("syzkaller", 0 [pid 7638] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7639] <... memfd_create resumed>) = 4 [pid 7639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7642] <... write resumed>) = 16777216 [pid 7642] munmap(0x7fb775000000, 138412032) = 0 [ 124.582525][ T7601] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 124.607580][ T7601] BTRFS info (device loop3 state M): setting nodatasum [ 124.614987][ T7601] BTRFS info (device loop3 state M): setting nodatasum [pid 7642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 124.631491][ T7601] BTRFS info (device loop3 state M): turning off barriers [ 124.639037][ T7601] BTRFS info (device loop3 state M): turning on flush-on-commit [ 124.652197][ T7642] loop0: detected capacity change from 0 to 32768 [ 124.671663][ T7601] BTRFS info (device loop3 state M): force clearing of disk cache [pid 7642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7642] close(3) = 0 [pid 7642] close(4) = 0 [pid 7642] mkdir("./file0", 0777) = 0 [pid 7601] <... mount resumed>) = 0 [pid 7642] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7601] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7601] chdir(".") = 0 [pid 7601] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7600] <... futex resumed>) = 0 [ 124.681781][ T7601] BTRFS info (device loop3 state M): doing ref verification [ 124.694065][ T7601] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 7601] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7600] exit_group(0) = ? [pid 7601] <... futex resumed>) = ? [pid 5833] <... umount2 resumed>) = 0 [pid 7601] +++ exited with 0 +++ [pid 7600] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7600, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=67 /* 0.67 s */} --- [pid 5833] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./18/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 5832] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./18" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... rmdir resumed>) = 0 [pid 5833] mkdir("./19", 0777 [pid 5832] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5833] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] newfstatat(3, "", [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] getdents64(3, [pid 7644] <... write resumed>) = 16777216 [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7662 [ 124.735520][ T7642] BTRFS: device /dev/loop0 (7:0) using temp-fsid 116c41a8-4d2f-4fd3-9294-4e55f80851ae [ 124.751734][ T7642] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7642) [pid 7644] munmap(0x7fb775000000, 138412032./strace-static-x86_64: Process 7662 attached [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7644] <... munmap resumed>) = 0 [pid 7662] set_robust_list(0x55558bffa6a0, 24 [pid 5832] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7662] <... set_robust_list resumed>) = 0 [pid 7644] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] unlink("./18/binderfs" [pid 7662] chdir("./19" [pid 7644] <... openat resumed>) = 4 [pid 5832] <... unlink resumed>) = 0 [pid 7662] <... chdir resumed>) = 0 [pid 7644] ioctl(4, LOOP_SET_FD, 3 [pid 5832] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7662] setpgid(0, 0) = 0 executing program [pid 7662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7662] write(3, "1000", 4) = 4 [pid 7662] close(3) = 0 [pid 7662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7662] write(1, "executing program\n", 18) = 18 [pid 7662] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7662] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7662] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7664]}, 88) = 7664 [pid 7662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7662] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7662] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7664 attached [pid 7664] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7664] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7664] memfd_create("syzkaller", 0 [pid 7639] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7664] <... memfd_create resumed>) = 3 [pid 7664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7644] <... ioctl resumed>) = 0 [pid 7644] close(3) = 0 [pid 7644] close(4) = 0 [ 124.834088][ T7642] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 124.850309][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 124.856838][ T7642] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 124.861170][ T7644] loop2: detected capacity change from 0 to 32768 [pid 7644] mkdir("./file0", 0777) = 0 [ 124.906413][ T7642] BTRFS info (device loop0): using free-space-tree [ 124.908430][ T7644] BTRFS: device /dev/loop2 (7:2) using temp-fsid d4f02d88-86da-408b-91bc-bf60486095a0 [ 124.992280][ T7644] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7644) [pid 7644] mount("/dev/loop2", "./file0", "btrfs", 0, "" [ 125.072139][ T7644] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 125.091967][ T7644] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 125.100658][ T7644] BTRFS info (device loop2): using free-space-tree [pid 7664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7642] <... mount resumed>) = 0 [pid 7642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7642] chdir("./file0") = 0 [pid 7642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7642] ioctl(4, LOOP_CLR_FD) = 0 [pid 7642] close(4) = 0 [pid 7642] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7640] <... futex resumed>) = 0 [pid 7640] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7640] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7664] <... write resumed>) = 16777216 [pid 7642] memfd_create("syzkaller", 0) = 4 [pid 7642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7664] munmap(0x7fb775000000, 138412032) = 0 [pid 7664] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7664] close(3) = 0 [pid 7664] close(4) = 0 [ 125.293297][ T7664] loop4: detected capacity change from 0 to 32768 [pid 7664] mkdir("./file0", 0777) = 0 [pid 7664] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 7644] <... mount resumed>) = 0 [pid 7644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7644] chdir("./file0") = 0 [pid 7644] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7644] ioctl(4, LOOP_CLR_FD) = 0 [ 125.356012][ T7664] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7664) [pid 7644] close(4) = 0 [pid 7644] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7644] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7643] <... futex resumed>) = 0 [pid 7643] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7644] <... futex resumed>) = 0 [pid 7643] <... futex resumed>) = 1 [pid 7644] memfd_create("syzkaller", 0 [pid 7643] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7644] <... memfd_create resumed>) = 4 [pid 7644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7639] <... write resumed>) = 16777216 [ 125.451983][ T7664] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7639] munmap(0x7fb775000000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 7642] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7639] <... munmap resumed>) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./18/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./18") = 0 [ 125.493129][ T7664] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 5832] mkdir("./19", 0777 [pid 7639] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 5832] <... mkdir resumed>) = 0 [pid 7639] ioctl(5, LOOP_SET_FD, 4 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7639] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... openat resumed>) = 3 [pid 7639] ioctl(5, LOOP_CLR_FD [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 7639] <... ioctl resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7698 attached [pid 7698] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7698 [pid 7698] chdir("./19" [pid 7639] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7639] close(5) = 0 [pid 7639] close(4 [pid 7698] <... chdir resumed>) = 0 [pid 7698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7698] setpgid(0, 0) = 0 [pid 7698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7698] write(3, "1000", 4) = 4 [pid 7698] close(3) = 0 [pid 7698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7698] write(1, "executing program\n", 18executing program ) = 18 [pid 7698] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7698] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7698] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7703 attached => {parent_tid=[7703]}, 88) = 7703 [pid 7698] rt_sigprocmask(SIG_SETMASK, [], [pid 7703] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7703] <... rseq resumed>) = 0 [pid 7698] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7703] set_robust_list(0x7fb77d6019a0, 24 [pid 7698] <... futex resumed>) = 0 [pid 7703] <... set_robust_list resumed>) = 0 [pid 7698] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 125.537910][ T7664] BTRFS info (device loop4): using free-space-tree [pid 7703] memfd_create("syzkaller", 0) = 3 [pid 7703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7664] <... mount resumed>) = 0 [pid 7664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7664] chdir("./file0") = 0 [pid 7664] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7664] ioctl(4, LOOP_CLR_FD) = 0 [pid 7664] close(4) = 0 [pid 7664] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7662] <... futex resumed>) = 0 [pid 7664] memfd_create("syzkaller", 0 [pid 7662] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7664] <... memfd_create resumed>) = 4 [pid 7662] <... futex resumed>) = 0 [pid 7664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7662] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7664] <... mmap resumed>) = 0x7fb775000000 [pid 7644] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7639] <... close resumed>) = 0 [pid 7639] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7638] <... futex resumed>) = 0 [pid 7639] rename("./file1", "./file0/file0" [pid 7638] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7638] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7642] <... write resumed>) = 16777216 [pid 7639] <... rename resumed>) = 0 [pid 7642] munmap(0x7fb775000000, 138412032 [pid 7639] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7638] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7639] <... futex resumed>) = 0 [pid 7639] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7638] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7639] <... futex resumed>) = 0 [pid 7638] <... futex resumed>) = 1 [pid 7639] mkdir(".", 0777 [pid 7638] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7639] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7639] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7642] <... munmap resumed>) = 0 [pid 7642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7642] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7642] ioctl(5, LOOP_CLR_FD) = 0 [pid 7642] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7642] close(5) = 0 [ 126.024060][ T7639] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 126.053243][ T7639] BTRFS info (device loop1 state M): setting nodatasum [pid 7642] close(4 [ 126.081566][ T7639] BTRFS info (device loop1 state M): setting nodatasum [ 126.088472][ T7639] BTRFS info (device loop1 state M): turning off barriers [ 126.113249][ T7639] BTRFS info (device loop1 state M): turning on flush-on-commit [ 126.141576][ T7639] BTRFS info (device loop1 state M): force clearing of disk cache [ 126.172565][ T7639] BTRFS info (device loop1 state M): doing ref verification [ 126.179926][ T7639] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7664] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7639] <... mount resumed>) = 0 [pid 7639] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7639] chdir(".") = 0 [pid 7639] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7639] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7638] <... futex resumed>) = 0 [pid 7638] exit_group(0) = ? [pid 7639] <... futex resumed>) = ? [pid 7639] +++ exited with 0 +++ [pid 7638] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7638, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=64 /* 0.64 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./18/binderfs") = 0 [pid 5830] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7642] <... close resumed>) = 0 [pid 7642] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7642] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7640] <... futex resumed>) = 0 [pid 7640] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7642] <... futex resumed>) = 0 [pid 7640] <... futex resumed>) = 1 [pid 7642] rename("./file1", "./file0/file0" [pid 7640] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7642] <... rename resumed>) = 0 [pid 7642] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7640] <... futex resumed>) = 0 [pid 7642] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7640] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7642] <... futex resumed>) = 0 [pid 7640] <... futex resumed>) = 1 [pid 7642] mkdir(".", 0777) = -1 EEXIST (File exists) [ 126.252783][ T5830] BTRFS info (device loop1): last unmount of filesystem 9257a9c0-2cfc-496a-8090-9ce70991bff9 [pid 7642] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7640] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7644] <... write resumed>) = 16777216 [ 126.352546][ T7642] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 7644] munmap(0x7fb775000000, 138412032) = 0 [ 126.408606][ T7642] BTRFS info (device loop0 state M): setting nodatasum [pid 7644] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7644] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7644] ioctl(5, LOOP_CLR_FD) = 0 [pid 7644] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7644] close(5 [pid 7703] <... write resumed>) = 16777216 [pid 7644] <... close resumed>) = 0 [pid 7644] close(4 [ 126.452265][ T7642] BTRFS info (device loop0 state M): setting nodatasum [ 126.475931][ T7642] BTRFS info (device loop0 state M): turning off barriers [pid 7703] munmap(0x7fb775000000, 138412032) = 0 [pid 7703] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 126.515734][ T7642] BTRFS info (device loop0 state M): turning on flush-on-commit [ 126.546306][ T7642] BTRFS info (device loop0 state M): force clearing of disk cache [ 126.556028][ T7703] loop3: detected capacity change from 0 to 32768 [pid 7703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7703] close(3) = 0 [pid 7703] close(4) = 0 [pid 7703] mkdir("./file0", 0777) = 0 [pid 7703] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7664] <... write resumed>) = 16777216 [pid 5830] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 7664] munmap(0x7fb775000000, 138412032 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 7642] <... mount resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 7642] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5830] rmdir("./18/file0" [pid 7642] <... openat resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 7642] chdir("." [pid 5830] getdents64(3, [pid 7642] <... chdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7642] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] close(3 [pid 7642] <... futex resumed>) = 1 [pid 5830] <... close resumed>) = 0 [pid 7642] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7640] <... futex resumed>) = 0 [pid 5830] rmdir("./18" [pid 7640] exit_group(0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./19", 0777 [pid 7640] <... exit_group resumed>) = ? [pid 7642] <... futex resumed>) = ? [pid 5830] <... mkdir resumed>) = 0 [pid 7642] +++ exited with 0 +++ [pid 7640] +++ exited with 0 +++ [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 126.576628][ T7642] BTRFS info (device loop0 state M): doing ref verification [ 126.607825][ T7642] BTRFS info (device loop0 state M): max_inline set to 26856 [ 126.608193][ T7703] BTRFS: device /dev/loop3 (7:3) using temp-fsid 2fb938e7-0c45-4b82-b676-8f4c1808de97 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7640, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=59 /* 0.59 s */} --- [pid 5830] close(3) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 7664] <... munmap resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7718 attached [pid 7664] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 5829] <... restart_syscall resumed>) = 0 [pid 7718] set_robust_list(0x55558bffa6a0, 24 [pid 7664] ioctl(5, LOOP_SET_FD, 4 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7718 [pid 7718] <... set_robust_list resumed>) = 0 [pid 7664] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7718] chdir("./19" [pid 7664] ioctl(5, LOOP_CLR_FD [pid 5829] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7664] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7718] <... chdir resumed>) = 0 [pid 7718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7718] setpgid(0, 0 [pid 7664] ioctl(5, LOOP_SET_FD, 4 [pid 7718] <... setpgid resumed>) = 0 [pid 7664] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7664] close(5 [pid 7718] <... openat resumed>) = 3 [pid 7664] <... close resumed>) = 0 [pid 7718] write(3, "1000", 4 [pid 7664] close(4 [pid 7718] <... write resumed>) = 4 [pid 7718] close(3 [pid 5829] <... openat resumed>) = 3 [pid 7718] <... close resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 7718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7718] write(1, "executing program\n", 18executing program ) = 18 [pid 7718] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7718] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7718] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7719 attached => {parent_tid=[7719]}, 88) = 7719 [pid 7718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7718] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] newfstatat(AT_FDCWD, "./18/binderfs", [pid 7718] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7719] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./18/binderfs") = 0 [pid 7719] <... rseq resumed>) = 0 [pid 5829] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7719] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7719] memfd_create("syzkaller", 0) = 3 [pid 7719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 126.685595][ T7703] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7703) [pid 7644] <... close resumed>) = 0 [pid 7644] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7643] <... futex resumed>) = 0 [pid 7643] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7644] rename("./file1", "./file0/file0" [pid 7643] <... futex resumed>) = 0 [ 126.733269][ T5829] BTRFS info (device loop0): last unmount of filesystem 116c41a8-4d2f-4fd3-9294-4e55f80851ae [ 126.762740][ T7703] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7643] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7644] <... rename resumed>) = 0 [pid 7644] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7643] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7644] <... futex resumed>) = 0 [pid 7644] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7643] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7643] <... futex resumed>) = 0 [pid 7644] mkdir(".", 0777 [pid 7643] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7644] <... mkdir resumed>) = -1 EEXIST (File exists) [ 126.812348][ T7703] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 126.821042][ T7703] BTRFS info (device loop3): using free-space-tree [ 126.912241][ T7644] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 126.991961][ T7644] BTRFS info (device loop2 state M): setting nodatasum [pid 7644] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7664] <... close resumed>) = 0 [pid 7719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7664] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7664] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7662] <... futex resumed>) = 0 [pid 7662] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7664] <... futex resumed>) = 0 [pid 7662] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 127.034512][ T7644] BTRFS info (device loop2 state M): setting nodatasum [ 127.041467][ T7644] BTRFS info (device loop2 state M): turning off barriers [pid 7664] rename("./file1", "./file0/file0") = 0 [pid 7664] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7664] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7662] <... futex resumed>) = 0 [pid 7662] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7664] <... futex resumed>) = 0 [pid 7662] <... futex resumed>) = 1 [pid 7664] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7664] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 127.101850][ T7644] BTRFS info (device loop2 state M): turning on flush-on-commit [ 127.130658][ T7644] BTRFS info (device loop2 state M): force clearing of disk cache [ 127.140962][ T7644] BTRFS info (device loop2 state M): doing ref verification [pid 7662] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7703] <... mount resumed>) = 0 [pid 7644] <... mount resumed>) = 0 [pid 7703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5829] <... umount2 resumed>) = 0 [pid 7644] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7703] <... openat resumed>) = 3 [pid 7644] chdir(".") = 0 [pid 7703] chdir("./file0" [pid 7644] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7703] <... chdir resumed>) = 0 [pid 7644] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7643] <... futex resumed>) = 0 [pid 7703] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7643] exit_group(0 [pid 7703] <... openat resumed>) = 4 [pid 7644] <... futex resumed>) = ? [pid 7643] <... exit_group resumed>) = ? [pid 7703] ioctl(4, LOOP_CLR_FD [pid 7644] +++ exited with 0 +++ [pid 7643] +++ exited with 0 +++ [pid 7703] <... ioctl resumed>) = 0 [pid 7703] close(4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7643, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=67 /* 0.67 s */} --- [pid 7703] <... close resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 7703] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... restart_syscall resumed>) = 0 [pid 7703] <... futex resumed>) = 1 [pid 7698] <... futex resumed>) = 0 [pid 7698] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7703] memfd_create("syzkaller", 0 [pid 7698] <... futex resumed>) = 0 [pid 7703] <... memfd_create resumed>) = 4 [pid 7698] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7703] <... mmap resumed>) = 0x7fb775000000 [pid 5831] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(3, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(AT_FDCWD, "./18/file0", [pid 5831] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 127.155217][ T7644] BTRFS info (device loop2 state M): max_inline set to 26856 [ 127.169058][ T7664] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 5829] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5831] unlink("./19/binderfs") = 0 [pid 5829] newfstatat(4, "", [pid 5831] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [ 127.227619][ T5831] BTRFS info (device loop2): last unmount of filesystem d4f02d88-86da-408b-91bc-bf60486095a0 [ 127.252115][ T7664] BTRFS info (device loop4 state M): setting nodatasum [pid 5829] rmdir("./18/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./18") = 0 [ 127.272069][ T7664] BTRFS info (device loop4 state M): setting nodatasum [pid 5829] mkdir("./19", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [ 127.298792][ T7664] BTRFS info (device loop4 state M): turning off barriers [ 127.311269][ T7664] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7738 attached [pid 7738] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7738 [pid 7738] <... set_robust_list resumed>) = 0 [pid 7738] chdir("./19") = 0 [pid 7738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7738] setpgid(0, 0) = 0 [ 127.343542][ T7664] BTRFS info (device loop4 state M): force clearing of disk cache [ 127.371913][ T7664] BTRFS info (device loop4 state M): doing ref verification [pid 7738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7738] write(3, "1000", 4) = 4 [pid 7738] close(3) = 0 [pid 7738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7664] <... mount resumed>) = 0 [pid 7664] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7664] chdir(".") = 0 [pid 7664] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7662] <... futex resumed>) = 0 [pid 7664] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7662] exit_group(0 [pid 7664] <... futex resumed>) = ? [pid 7662] <... exit_group resumed>) = ? [pid 7664] +++ exited with 0 +++ [pid 7662] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7662, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=68 /* 0.68 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7738] write(1, "executing program\n", 18 [pid 5833] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 executing program [pid 5833] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./19/binderfs") = 0 [pid 7738] <... write resumed>) = 18 [pid 5833] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7738] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7719] <... write resumed>) = 16777216 [pid 7738] <... futex resumed>) = 0 [pid 7719] munmap(0x7fb775000000, 138412032 [ 127.403382][ T7664] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7738] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7719] <... munmap resumed>) = 0 [pid 7738] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7738] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7719] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7719] <... openat resumed>) = 4 [pid 7719] ioctl(4, LOOP_SET_FD, 3 [pid 7738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7703] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 7739 attached [pid 7719] <... ioctl resumed>) = 0 [pid 7738] <... clone3 resumed> => {parent_tid=[7739]}, 88) = 7739 [pid 7739] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7738] rt_sigprocmask(SIG_SETMASK, [], [pid 7719] close(3 [pid 7739] <... rseq resumed>) = 0 [pid 7719] <... close resumed>) = 0 [pid 7738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7719] close(4 [pid 7739] set_robust_list(0x7fb77d6019a0, 24 [pid 7719] <... close resumed>) = 0 [pid 7739] <... set_robust_list resumed>) = 0 [pid 7738] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7719] mkdir("./file0", 0777 [pid 7739] rt_sigprocmask(SIG_SETMASK, [], [pid 7738] <... futex resumed>) = 0 [pid 7719] <... mkdir resumed>) = 0 [ 127.492644][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 127.510163][ T7719] loop1: detected capacity change from 0 to 32768 [pid 7739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7738] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7719] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7739] memfd_create("syzkaller", 0 [pid 5831] <... umount2 resumed>) = 0 [pid 7739] <... memfd_create resumed>) = 3 [pid 5831] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7739] <... mmap resumed>) = 0x7fb775000000 [pid 5831] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [ 127.551708][ T7719] BTRFS: device /dev/loop1 (7:1) using temp-fsid 1d3d1302-b078-4a28-a664-a8c957f76b99 [ 127.561330][ T7719] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7719) [pid 5831] close(4) = 0 [pid 5831] rmdir("./19/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./19") = 0 [pid 5831] mkdir("./20", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7740 ./strace-static-x86_64: Process 7740 attached [pid 7740] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7740] chdir("./20") = 0 [pid 7740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7740] setpgid(0, 0) = 0 [pid 7740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7740] write(3, "1000", 4) = 4 executing program [pid 7740] close(3) = 0 [pid 7740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7740] write(1, "executing program\n", 18) = 18 [pid 7740] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7740] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7740] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7740] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7740] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7741]}, 88) = 7741 [pid 7740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7740] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7740] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7741 attached [pid 7741] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7741] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7741] memfd_create("syzkaller", 0) = 3 [pid 7741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 127.642148][ T7719] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 127.673318][ T7719] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 127.700827][ T7719] BTRFS info (device loop1): using free-space-tree [pid 7741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7719] <... mount resumed>) = 0 [pid 7719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7719] chdir("./file0") = 0 [pid 7719] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7719] ioctl(4, LOOP_CLR_FD) = 0 [pid 7719] close(4) = 0 [pid 7719] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7718] <... futex resumed>) = 0 [pid 7719] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7718] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7718] <... futex resumed>) = 0 [pid 7719] memfd_create("syzkaller", 0 [pid 7718] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7719] <... memfd_create resumed>) = 4 [pid 7719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7741] <... write resumed>) = 16777216 [pid 7741] munmap(0x7fb775000000, 138412032 [pid 5833] <... umount2 resumed>) = 0 [pid 7741] <... munmap resumed>) = 0 [pid 5833] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7741] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7741] <... openat resumed>) = 4 [pid 7703] <... write resumed>) = 16777216 [pid 5833] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7703] munmap(0x7fb775000000, 138412032 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 7741] close(3 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7741] <... close resumed>) = 0 [pid 5833] getdents64(4, [pid 7741] close(4 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7741] <... close resumed>) = 0 [pid 7703] <... munmap resumed>) = 0 [pid 5833] close(4 [pid 7703] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 5833] <... close resumed>) = 0 [pid 7703] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5833] rmdir("./19/file0" [pid 7703] ioctl(5, LOOP_CLR_FD [pid 5833] <... rmdir resumed>) = 0 [pid 7741] mkdir("./file0", 0777 [pid 5833] getdents64(3, [pid 7741] <... mkdir resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7741] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5833] close(3) = 0 [pid 5833] rmdir("./19") = 0 [pid 5833] mkdir("./20", 0777) = 0 [ 128.093637][ T7741] loop2: detected capacity change from 0 to 32768 [pid 7703] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7703] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5833] close(3 [pid 7703] close(5) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7758 attached [pid 7703] close(4 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7758 [ 128.131157][ T7741] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7741) [pid 7758] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7758] chdir("./20") = 0 [pid 7758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7758] setpgid(0, 0) = 0 [pid 7758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7758] write(3, "1000", 4) = 4 [ 128.176039][ T7741] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 128.201662][ T7741] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 7758] close(3) = 0 [pid 7758] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7758] write(1, "executing program\n", 18) = 18 [pid 7758] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7758] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7758] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7761 attached [pid 7761] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7758] <... clone3 resumed> => {parent_tid=[7761]}, 88) = 7761 [pid 7761] <... rseq resumed>) = 0 [pid 7758] rt_sigprocmask(SIG_SETMASK, [], [pid 7761] set_robust_list(0x7fb77d6019a0, 24 [pid 7758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7761] <... set_robust_list resumed>) = 0 [pid 7761] rt_sigprocmask(SIG_SETMASK, [], [pid 7758] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7758] <... futex resumed>) = 0 [pid 7761] memfd_create("syzkaller", 0 [pid 7758] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7761] <... memfd_create resumed>) = 3 [pid 7761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 128.241003][ T7741] BTRFS info (device loop2): using free-space-tree [pid 7739] <... write resumed>) = 16777216 [pid 7739] munmap(0x7fb775000000, 138412032) = 0 [pid 7739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7739] ioctl(4, LOOP_SET_FD, 3 [pid 7719] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7741] <... mount resumed>) = 0 [pid 7741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7739] <... ioctl resumed>) = 0 [pid 7741] <... openat resumed>) = 3 [pid 7739] close(3 [pid 7741] chdir("./file0" [pid 7739] <... close resumed>) = 0 [pid 7739] close(4 [pid 7741] <... chdir resumed>) = 0 [pid 7739] <... close resumed>) = 0 [ 128.373017][ T7739] loop0: detected capacity change from 0 to 32768 [pid 7741] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7739] mkdir("./file0", 0777 [pid 7703] <... close resumed>) = 0 [pid 7741] <... openat resumed>) = 4 [pid 7741] ioctl(4, LOOP_CLR_FD) = 0 [pid 7739] <... mkdir resumed>) = 0 [pid 7741] close(4 [pid 7739] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7741] <... close resumed>) = 0 [pid 7741] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7741] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7740] <... futex resumed>) = 0 [pid 7740] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7740] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7741] memfd_create("syzkaller", 0 [pid 7703] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7703] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7741] <... memfd_create resumed>) = 4 [pid 7741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7698] <... futex resumed>) = 0 [pid 7698] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7703] <... futex resumed>) = 0 [pid 7698] <... futex resumed>) = 1 [pid 7703] rename("./file1", "./file0/file0" [ 128.449715][ T7739] BTRFS: device /dev/loop0 (7:0) using temp-fsid aba00b80-5ffb-42ab-8f12-122e0bf88ee3 [ 128.484500][ T7739] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7739) [pid 7698] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7703] <... rename resumed>) = 0 [pid 7703] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7698] <... futex resumed>) = 0 [pid 7703] mkdir(".", 0777 [pid 7698] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7703] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7698] <... futex resumed>) = 0 [pid 7703] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 128.563001][ T7703] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 128.593078][ T7739] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7698] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 128.621577][ T7703] BTRFS info (device loop3 state M): setting nodatasum [ 128.629444][ T7739] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 128.643008][ T7703] BTRFS info (device loop3 state M): setting nodatasum [ 128.649899][ T7703] BTRFS info (device loop3 state M): turning off barriers [ 128.681620][ T7739] BTRFS info (device loop0): using free-space-tree [ 128.703121][ T7703] BTRFS info (device loop3 state M): turning on flush-on-commit [ 128.741888][ T7703] BTRFS info (device loop3 state M): force clearing of disk cache [ 128.781834][ T7703] BTRFS info (device loop3 state M): doing ref verification [ 128.789183][ T7703] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 7761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7761] munmap(0x7fb775000000, 138412032 [pid 7703] <... mount resumed>) = 0 [pid 7703] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7703] chdir("." [pid 7761] <... munmap resumed>) = 0 [pid 7703] <... chdir resumed>) = 0 [pid 7703] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7698] <... futex resumed>) = 0 [pid 7703] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7698] exit_group(0 [pid 7761] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7703] <... futex resumed>) = ? [pid 7698] <... exit_group resumed>) = ? [pid 7761] <... openat resumed>) = 4 [pid 7703] +++ exited with 0 +++ [pid 7698] +++ exited with 0 +++ [pid 7761] ioctl(4, LOOP_SET_FD, 3 [pid 7741] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7698, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=58 /* 0.58 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./19/binderfs") = 0 [pid 5832] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7739] <... mount resumed>) = 0 [pid 7739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7739] chdir("./file0") = 0 [pid 7739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7739] ioctl(4, LOOP_CLR_FD) = 0 [pid 7739] close(4) = 0 [pid 7739] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7738] <... futex resumed>) = 0 [pid 7739] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7738] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7739] <... futex resumed>) = 0 [pid 7738] <... futex resumed>) = 1 [pid 7739] memfd_create("syzkaller", 0) = 4 [pid 7739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7738] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7761] <... ioctl resumed>) = 0 [pid 7761] close(3) = 0 [pid 7761] close(4) = 0 [pid 7761] mkdir("./file0", 0777) = 0 [ 128.866060][ T7761] loop4: detected capacity change from 0 to 32768 [ 128.882547][ T5832] BTRFS info (device loop3): last unmount of filesystem 2fb938e7-0c45-4b82-b676-8f4c1808de97 [ 128.938270][ T7761] BTRFS: device /dev/loop4 (7:4) using temp-fsid 808558ee-c4b5-4f16-9f5a-241f741a8d78 [pid 7761] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 7739] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7719] <... write resumed>) = 16777216 [ 128.991905][ T7761] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7761) [pid 7719] munmap(0x7fb775000000, 138412032) = 0 [pid 7719] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 7719] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7719] ioctl(5, LOOP_CLR_FD) = 0 [ 129.084101][ T7761] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7719] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7719] close(5) = 0 [ 129.131933][ T7761] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 129.166975][ T7761] BTRFS info (device loop4): using free-space-tree [pid 7719] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./19/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 7761] <... mount resumed>) = 0 [pid 7761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7761] chdir("./file0") = 0 [pid 7761] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7761] ioctl(4, LOOP_CLR_FD) = 0 [pid 7761] close(4) = 0 [pid 7761] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7758] <... futex resumed>) = 0 [pid 7758] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7758] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7761] <... futex resumed>) = 1 [pid 7761] memfd_create("syzkaller", 0) = 4 [pid 7761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] rmdir("./19") = 0 [pid 5832] mkdir("./20", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7810 attached [pid 7810] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7810] chdir("./20") = 0 [pid 7810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7810] setpgid(0, 0) = 0 [pid 7810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7810] write(3, "1000", 4executing program ) = 4 [pid 7810] close(3) = 0 [pid 7810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7810] write(1, "executing program\n", 18) = 18 [pid 7810] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7810] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7810] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7810 [pid 7810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7811 attached => {parent_tid=[7811]}, 88) = 7811 [pid 7810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7810] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7811] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7810] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7811] <... rseq resumed>) = 0 [pid 7811] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7811] memfd_create("syzkaller", 0) = 3 [pid 7811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7719] <... close resumed>) = 0 [pid 7719] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7718] <... futex resumed>) = 0 [pid 7718] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7718] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7719] <... futex resumed>) = 1 [pid 7719] rename("./file1", "./file0/file0") = 0 [pid 7719] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7718] <... futex resumed>) = 0 [pid 7718] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7718] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7719] <... futex resumed>) = 1 [pid 7719] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7719] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7741] <... write resumed>) = 16777216 [pid 7741] munmap(0x7fb775000000, 138412032) = 0 [pid 7739] <... write resumed>) = 16777216 [pid 7739] munmap(0x7fb775000000, 138412032 [pid 7741] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7739] <... munmap resumed>) = 0 [pid 7741] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 129.532093][ T7719] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 129.553766][ T7719] BTRFS info (device loop1 state M): setting nodatasum [pid 7741] ioctl(5, LOOP_CLR_FD [pid 7739] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7741] <... ioctl resumed>) = 0 [pid 7739] <... openat resumed>) = 5 [pid 7739] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7739] ioctl(5, LOOP_CLR_FD) = 0 [pid 7741] ioctl(5, LOOP_SET_FD, 4 [pid 7739] ioctl(5, LOOP_SET_FD, 4 [pid 7741] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7739] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7741] close(5 [pid 7739] close(5 [pid 7719] <... mount resumed>) = 0 [pid 7761] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7741] <... close resumed>) = 0 [pid 7739] <... close resumed>) = 0 [pid 7719] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7741] close(4 [pid 7739] close(4 [pid 7719] <... openat resumed>) = 4 [pid 7719] chdir(".") = 0 [pid 7719] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7718] <... futex resumed>) = 0 [pid 7718] exit_group(0) = ? [ 129.576206][ T7719] BTRFS info (device loop1 state M): setting nodatasum [ 129.587095][ T7719] BTRFS info (device loop1 state M): turning off barriers [ 129.596030][ T7719] BTRFS info (device loop1 state M): turning on flush-on-commit [ 129.603997][ T7719] BTRFS info (device loop1 state M): force clearing of disk cache [ 129.612218][ T7719] BTRFS info (device loop1 state M): doing ref verification [ 129.620249][ T7719] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7719] +++ exited with 0 +++ [pid 7718] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7718, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=63 /* 0.63 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./19/binderfs") = 0 [pid 5830] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 129.715180][ T5830] BTRFS info (device loop1): last unmount of filesystem 1d3d1302-b078-4a28-a664-a8c957f76b99 [pid 7811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7741] <... close resumed>) = 0 [pid 7741] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7740] <... futex resumed>) = 0 [pid 7740] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7740] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7741] rename("./file1", "./file0/file0") = 0 [pid 7739] <... close resumed>) = 0 [pid 7741] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7740] <... futex resumed>) = 0 [pid 7740] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7740] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7741] mkdir(".", 0777 [pid 7739] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7741] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7739] <... futex resumed>) = 1 [pid 7738] <... futex resumed>) = 0 [pid 7741] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7739] rename("./file1", "./file0/file0" [pid 7738] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7738] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7739] <... rename resumed>) = 0 [pid 7739] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7738] <... futex resumed>) = 0 [pid 7738] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7738] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7739] mkdir(".", 0777) = -1 EEXIST (File exists) [ 129.970701][ T7741] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 130.001858][ T7741] BTRFS info (device loop2 state M): setting nodatasum [ 130.008763][ T7741] BTRFS info (device loop2 state M): setting nodatasum [ 130.027566][ T7739] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 130.062500][ T7741] BTRFS info (device loop2 state M): turning off barriers [ 130.069672][ T7741] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 7739] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7761] <... write resumed>) = 16777216 [ 130.078637][ T7739] BTRFS info (device loop0 state M): setting nodatasum [ 130.089573][ T7739] BTRFS info (device loop0 state M): setting nodatasum [ 130.111570][ T7739] BTRFS info (device loop0 state M): turning off barriers [ 130.119685][ T7741] BTRFS info (device loop2 state M): force clearing of disk cache [pid 7761] munmap(0x7fb775000000, 138412032) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7761] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./19/file0", [pid 7761] <... openat resumed>) = 5 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7761] ioctl(5, LOOP_SET_FD, 4 [pid 5830] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7761] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7761] ioctl(5, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7761] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 7761] ioctl(5, LOOP_SET_FD, 4 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7761] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7761] close(5) = 0 [pid 7761] close(4 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [ 130.142153][ T7739] BTRFS info (device loop0 state M): turning on flush-on-commit [ 130.149845][ T7739] BTRFS info (device loop0 state M): force clearing of disk cache [ 130.157972][ T7741] BTRFS info (device loop2 state M): doing ref verification [ 130.176787][ T7741] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 5830] close(4) = 0 [pid 5830] rmdir("./19/file0" [pid 7741] <... mount resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 7741] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(3, [pid 7741] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7741] chdir("." [pid 5830] close(3 [pid 7741] <... chdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 7741] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] rmdir("./19" [pid 7741] <... futex resumed>) = 1 [pid 7740] <... futex resumed>) = 0 [pid 7741] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7740] exit_group(0 [pid 7741] <... futex resumed>) = ? [pid 7740] <... exit_group resumed>) = ? [pid 7741] +++ exited with 0 +++ [pid 7740] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7740, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=63 /* 0.63 s */} --- [pid 5831] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./20", 0777 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5830] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] unlink("./20/binderfs") = 0 [pid 5831] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [ 130.201609][ T7739] BTRFS info (device loop0 state M): doing ref verification [ 130.208954][ T7739] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7739] <... mount resumed>) = 0 [pid 7739] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7739] chdir(".") = 0 [pid 7739] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7738] <... futex resumed>) = 0 [pid 7739] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7738] exit_group(0 [pid 7739] <... futex resumed>) = ? [pid 7738] <... exit_group resumed>) = ? [pid 7739] +++ exited with 0 +++ [pid 7738] +++ exited with 0 +++ [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7738, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=60 /* 0.60 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7814 ./strace-static-x86_64: Process 7814 attached [pid 7814] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 7814] chdir("./20" [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7814] <... chdir resumed>) = 0 [pid 5829] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7814] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] unlink("./19/binderfs" [pid 7814] <... prctl resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 7814] setpgid(0, 0 [pid 5829] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7814] <... setpgid resumed>) = 0 [pid 7814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7814] write(3, "1000", 4) = 4 [ 130.249296][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7814] close(3) = 0 [pid 7814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7814] write(1, "executing program\n", 18executing program ) = 18 [pid 7814] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7814] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7814] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7816]}, 88) = 7816 [pid 7814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7816 attached [pid 7816] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7814] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7816] <... rseq resumed>) = 0 [pid 7816] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7816] rt_sigprocmask(SIG_SETMASK, [], [pid 7814] <... futex resumed>) = 0 [pid 7811] <... write resumed>) = 16777216 [pid 7816] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 130.290053][ T5829] BTRFS info (device loop0): last unmount of filesystem aba00b80-5ffb-42ab-8f12-122e0bf88ee3 [pid 7814] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7816] memfd_create("syzkaller", 0 [pid 7811] munmap(0x7fb775000000, 138412032 [pid 7816] <... memfd_create resumed>) = 3 [pid 7816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7811] <... munmap resumed>) = 0 [pid 7811] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7811] ioctl(4, LOOP_SET_FD, 3 [pid 7761] <... close resumed>) = 0 [pid 7811] <... ioctl resumed>) = 0 [pid 7811] close(3) = 0 [ 130.406175][ T7811] loop3: detected capacity change from 0 to 32768 [pid 7811] close(4 [pid 7761] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7811] <... close resumed>) = 0 [pid 7811] mkdir("./file0", 0777 [pid 7761] <... futex resumed>) = 1 [pid 7761] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7758] <... futex resumed>) = 0 [pid 7758] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7761] <... futex resumed>) = 0 [pid 7758] <... futex resumed>) = 1 [pid 7811] <... mkdir resumed>) = 0 [pid 7761] rename("./file1", "./file0/file0" [pid 7811] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7758] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7761] <... rename resumed>) = 0 [pid 7761] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7761] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7758] <... futex resumed>) = 0 [pid 7758] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7761] <... futex resumed>) = 0 [pid 7758] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7761] mkdir(".", 0777) = -1 EEXIST (File exists) [ 130.483280][ T7811] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7811) [ 130.534858][ T7811] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 130.552235][ T7761] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 130.591792][ T7811] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 130.611616][ T7761] BTRFS info (device loop4 state M): setting nodatasum [ 130.618520][ T7761] BTRFS info (device loop4 state M): setting nodatasum [ 130.631648][ T7811] BTRFS info (device loop3): using free-space-tree [pid 7761] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5829] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5829] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./19/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./19") = 0 [pid 5829] mkdir("./20", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [ 130.671698][ T7761] BTRFS info (device loop4 state M): turning off barriers [ 130.678870][ T7761] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7828 ./strace-static-x86_64: Process 7828 attached [pid 7816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7828] set_robust_list(0x55558bffa6a0, 24 [pid 5831] newfstatat(4, "", [pid 7828] <... set_robust_list resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 7828] chdir("./20" [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7761] <... mount resumed>) = 0 [pid 7761] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7761] chdir(".") = 0 [pid 7761] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7758] <... futex resumed>) = 0 [pid 7758] exit_group(0) = ? [pid 7761] +++ exited with 0 +++ [pid 7758] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7758, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=64 /* 0.64 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7828] <... chdir resumed>) = 0 [pid 5831] getdents64(4, [pid 7828] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5831] close(4 [pid 7828] <... prctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 7828] setpgid(0, 0 [pid 5831] rmdir("./20/file0" [pid 5833] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./20/binderfs") = 0 [ 130.714296][ T7761] BTRFS info (device loop4 state M): force clearing of disk cache [ 130.722301][ T7761] BTRFS info (device loop4 state M): doing ref verification [ 130.732098][ T7761] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7828] <... setpgid resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 7828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] getdents64(3, [pid 7828] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./20" [pid 7828] write(3, "1000", 4 [pid 7811] <... mount resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 7811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7811] chdir("./file0") = 0 [pid 7811] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7811] ioctl(4, LOOP_CLR_FD [pid 5831] mkdir("./21", 0777 [pid 7828] <... write resumed>) = 4 [pid 7811] <... ioctl resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 7811] close(4 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7811] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 7811] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 7811] <... futex resumed>) = 1 [pid 7810] <... futex resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7811] memfd_create("syzkaller", 0 [pid 7810] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7811] <... memfd_create resumed>) = 4 [pid 5831] close(3 [pid 7811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7810] <... futex resumed>) = 0 [ 130.765319][ T5833] BTRFS info (device loop4): last unmount of filesystem 808558ee-c4b5-4f16-9f5a-241f741a8d78 [pid 7828] close(3 [pid 7811] <... mmap resumed>) = 0x7fb775000000 [pid 7810] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 7828] <... close resumed>) = 0 [pid 7828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 7834 attached [pid 7828] write(1, "executing program\n", 18) = 18 [pid 7828] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7834 [pid 7834] set_robust_list(0x55558bffa6a0, 24 [pid 7828] <... futex resumed>) = 0 [pid 7834] <... set_robust_list resumed>) = 0 [pid 7828] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7834] chdir("./21" [pid 7828] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7834] <... chdir resumed>) = 0 [pid 7828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7834] <... prctl resumed>) = 0 [pid 7834] setpgid(0, 0 [pid 7828] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7834] <... setpgid resumed>) = 0 [pid 7828] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7828] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7828] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7834] <... openat resumed>) = 3 [pid 7828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7835 attached [pid 7834] write(3, "1000", 4) = 4 [pid 7828] <... clone3 resumed> => {parent_tid=[7835]}, 88) = 7835 [pid 7834] close(3 [pid 7828] rt_sigprocmask(SIG_SETMASK, [], [pid 7834] <... close resumed>) = 0 [pid 7828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7834] symlink("/dev/binderfs", "./binderfs" [pid 7828] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7835] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7834] <... symlink resumed>) = 0 [pid 7828] <... futex resumed>) = 0 [pid 7834] write(1, "executing program\n", 18 [pid 7828] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7834] <... write resumed>) = 18 [pid 7834] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7834] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7835] <... rseq resumed>) = 0 [pid 7834] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7835] set_robust_list(0x7fb77d6019a0, 24 [pid 7834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7835] <... set_robust_list resumed>) = 0 [pid 7834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7834] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7835] rt_sigprocmask(SIG_SETMASK, [], [pid 7834] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7834] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7836 attached [pid 7835] memfd_create("syzkaller", 0 [pid 7836] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7834] <... clone3 resumed> => {parent_tid=[7836]}, 88) = 7836 [pid 7836] <... rseq resumed>) = 0 [pid 7834] rt_sigprocmask(SIG_SETMASK, [], [pid 7836] set_robust_list(0x7fb77d6019a0, 24 [pid 7834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7836] <... set_robust_list resumed>) = 0 [pid 7834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7836] rt_sigprocmask(SIG_SETMASK, [], [pid 7834] <... futex resumed>) = 0 [pid 7836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7836] memfd_create("syzkaller", 0 [pid 7835] <... memfd_create resumed>) = 3 [pid 7836] <... memfd_create resumed>) = 3 [pid 7835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7835] <... mmap resumed>) = 0x7fb775000000 [pid 7836] <... mmap resumed>) = 0x7fb775000000 [pid 7811] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 7816] <... write resumed>) = 16777216 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7816] munmap(0x7fb775000000, 138412032 [pid 5833] close(4) = 0 [pid 5833] rmdir("./20/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./20") = 0 [pid 5833] mkdir("./21", 0777 [pid 7816] <... munmap resumed>) = 0 [pid 7816] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7816] <... openat resumed>) = 4 [pid 5833] <... openat resumed>) = 3 [pid 7816] ioctl(4, LOOP_SET_FD, 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 7836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7816] <... ioctl resumed>) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 7816] close(3 [pid 7811] <... write resumed>) = 16777216 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7816] <... close resumed>) = 0 [pid 7816] close(4) = 0 ./strace-static-x86_64: Process 7837 attached [pid 7816] mkdir("./file0", 0777 [pid 7811] munmap(0x7fb775000000, 138412032 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7837 [pid 7837] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7837] chdir("./21") = 0 [pid 7837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7816] <... mkdir resumed>) = 0 [pid 7837] setpgid(0, 0) = 0 [pid 7837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7837] write(3, "1000", 4) = 4 [pid 7837] close(3 [pid 7816] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7837] <... close resumed>) = 0 [ 131.243886][ T7816] loop1: detected capacity change from 0 to 32768 [pid 7837] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7837] write(1, "executing program\n", 18) = 18 [pid 7837] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7837] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7837] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7838]}, 88) = 7838 [pid 7837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7838 attached [pid 7838] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7838] set_robust_list(0x7fb77d6019a0, 24 [pid 7811] <... munmap resumed>) = 0 [pid 7838] <... set_robust_list resumed>) = 0 [pid 7838] rt_sigprocmask(SIG_SETMASK, [], [pid 7811] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7811] <... openat resumed>) = 5 [pid 7838] memfd_create("syzkaller", 0 [pid 7811] ioctl(5, LOOP_SET_FD, 4 [pid 7838] <... memfd_create resumed>) = 3 [pid 7838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7811] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7811] ioctl(5, LOOP_CLR_FD) = 0 [pid 7811] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7811] close(5) = 0 [ 131.293417][ T7816] BTRFS: device /dev/loop1 (7:1) using temp-fsid a133d1be-fc79-4465-8df5-4006615e0adc [ 131.330538][ T7816] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7816) [ 131.401161][ T7816] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 131.429317][ T7816] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 131.471805][ T7816] BTRFS info (device loop1): using free-space-tree [pid 7811] close(4 [pid 7838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7811] <... close resumed>) = 0 [pid 7811] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7810] <... futex resumed>) = 0 [pid 7811] rename("./file1", "./file0/file0" [pid 7810] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7810] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7811] <... rename resumed>) = 0 [pid 7811] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7811] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7810] <... futex resumed>) = 0 [pid 7810] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7811] <... futex resumed>) = 0 [pid 7810] <... futex resumed>) = 1 [pid 7810] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7811] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7811] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7836] <... write resumed>) = 16777216 [pid 7816] <... mount resumed>) = 0 [pid 7836] munmap(0x7fb775000000, 138412032 [pid 7816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7816] chdir("./file0") = 0 [ 131.694247][ T7811] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 7816] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7836] <... munmap resumed>) = 0 [pid 7835] <... write resumed>) = 16777216 [pid 7816] <... openat resumed>) = 4 [pid 7816] ioctl(4, LOOP_CLR_FD) = 0 [pid 7816] close(4) = 0 [pid 7836] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7835] munmap(0x7fb775000000, 138412032 [pid 7816] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7814] <... futex resumed>) = 0 [pid 7816] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7814] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7814] <... futex resumed>) = 0 [pid 7814] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7816] memfd_create("syzkaller", 0 [pid 7836] <... openat resumed>) = 4 [pid 7835] <... munmap resumed>) = 0 [pid 7816] <... memfd_create resumed>) = 4 [pid 7836] ioctl(4, LOOP_SET_FD, 3 [pid 7816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7836] <... ioctl resumed>) = 0 [pid 7835] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7816] <... mmap resumed>) = 0x7fb775000000 [pid 7835] <... openat resumed>) = 4 [ 131.739161][ T7811] BTRFS info (device loop3 state M): setting nodatasum [ 131.762140][ T7811] BTRFS info (device loop3 state M): setting nodatasum [ 131.769045][ T7811] BTRFS info (device loop3 state M): turning off barriers [ 131.777881][ T7836] loop2: detected capacity change from 0 to 32768 [pid 7836] close(3 [pid 7835] ioctl(4, LOOP_SET_FD, 3 [pid 7836] <... close resumed>) = 0 [pid 7836] close(4) = 0 [pid 7835] <... ioctl resumed>) = 0 [pid 7836] mkdir("./file0", 0777 [pid 7835] close(3) = 0 [pid 7835] close(4 [pid 7836] <... mkdir resumed>) = 0 [pid 7835] <... close resumed>) = 0 [pid 7835] mkdir("./file0", 0777 [pid 7836] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7835] <... mkdir resumed>) = 0 [ 131.811641][ T7811] BTRFS info (device loop3 state M): turning on flush-on-commit [ 131.820524][ T7835] loop0: detected capacity change from 0 to 32768 [ 131.836056][ T7811] BTRFS info (device loop3 state M): force clearing of disk cache [pid 7835] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7838] <... write resumed>) = 16777216 [ 131.863235][ T7836] BTRFS: device /dev/loop2 (7:2) using temp-fsid c50c31b9-6e67-4e26-80d5-252af9509104 [ 131.872093][ T7811] BTRFS info (device loop3 state M): doing ref verification [ 131.891595][ T7836] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7836) [pid 7838] munmap(0x7fb775000000, 138412032) = 0 [pid 7838] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7838] ioctl(4, LOOP_SET_FD, 3 [pid 7811] <... mount resumed>) = 0 [pid 7838] <... ioctl resumed>) = 0 [pid 7838] close(3 [ 131.915432][ T7811] BTRFS info (device loop3 state M): max_inline set to 26856 [ 131.927988][ T7838] loop4: detected capacity change from 0 to 32768 [ 131.938798][ T7835] BTRFS: device /dev/loop0 (7:0) using temp-fsid 4b9836e1-e461-43b7-bd34-700766c26b9b [ 131.949888][ T7835] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7835) [pid 7811] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7838] <... close resumed>) = 0 [pid 7811] <... openat resumed>) = 4 [pid 7838] close(4) = 0 [pid 7811] chdir("." [pid 7838] mkdir("./file0", 0777 [pid 7811] <... chdir resumed>) = 0 [pid 7838] <... mkdir resumed>) = 0 [pid 7811] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7810] <... futex resumed>) = 0 [pid 7811] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7810] exit_group(0 [pid 7811] <... futex resumed>) = ? [pid 7810] <... exit_group resumed>) = ? [pid 7811] +++ exited with 0 +++ [pid 7810] +++ exited with 0 +++ [pid 7838] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7810, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=63 /* 0.63 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 131.950500][ T7836] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 131.986453][ T7835] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 132.002447][ T7838] BTRFS: device /dev/loop4 (7:4) using temp-fsid ada4571c-8b11-4a5c-aade-3d03147e8b80 [ 132.011985][ T7835] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 132.022028][ T7836] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 132.024518][ T7838] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7838) [ 132.030687][ T7836] BTRFS info (device loop2): using free-space-tree [pid 5832] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./20/binderfs") = 0 [ 132.060817][ T7835] BTRFS info (device loop0): using free-space-tree [pid 5832] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 132.086537][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 132.151952][ T7838] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7816] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7835] <... mount resumed>) = 0 [pid 7836] <... mount resumed>) = 0 [pid 7836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7836] chdir("./file0") = 0 [pid 7836] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7836] ioctl(4, LOOP_CLR_FD) = 0 [pid 7836] close(4) = 0 [pid 7836] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7834] <... futex resumed>) = 0 [pid 7834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7836] memfd_create("syzkaller", 0) = 4 [ 132.204784][ T7838] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 132.234508][ T7838] BTRFS info (device loop4): using free-space-tree [pid 7836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7836] <... mmap resumed>) = 0x7fb775000000 [pid 7835] chdir("./file0") = 0 [pid 7835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7835] ioctl(4, LOOP_CLR_FD) = 0 [pid 7835] close(4) = 0 [pid 7835] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7828] <... futex resumed>) = 0 [pid 7828] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7828] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7835] memfd_create("syzkaller", 0) = 4 [pid 7835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7836] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7838] <... mount resumed>) = 0 [pid 7838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7838] chdir("./file0") = 0 [pid 7838] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7838] ioctl(4, LOOP_CLR_FD) = 0 [pid 7838] close(4) = 0 [pid 7838] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7837] <... futex resumed>) = 0 [pid 7838] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7837] <... futex resumed>) = 0 [pid 7837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7838] memfd_create("syzkaller", 0) = 4 [pid 7838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./20/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./20") = 0 [pid 5832] mkdir("./21", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7905 ./strace-static-x86_64: Process 7905 attached [pid 7905] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7905] chdir("./21") = 0 [pid 7905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7905] setpgid(0, 0) = 0 [pid 7905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7905] write(3, "1000", 4) = 4 [pid 7905] close(3) = 0 [pid 7905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7835] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7905] write(1, "executing program\n", 18executing program ) = 18 [pid 7905] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7905] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7905] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7906 attached [pid 7906] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7905] <... clone3 resumed> => {parent_tid=[7906]}, 88) = 7906 [pid 7905] rt_sigprocmask(SIG_SETMASK, [], [pid 7906] <... rseq resumed>) = 0 [pid 7905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7906] set_robust_list(0x7fb77d6019a0, 24 [pid 7905] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7906] <... set_robust_list resumed>) = 0 [pid 7905] <... futex resumed>) = 0 [pid 7906] rt_sigprocmask(SIG_SETMASK, [], [pid 7905] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7906] memfd_create("syzkaller", 0) = 3 [pid 7906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7816] <... write resumed>) = 16777216 [pid 7816] munmap(0x7fb775000000, 138412032) = 0 [pid 7816] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 7816] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7816] ioctl(5, LOOP_CLR_FD) = 0 [pid 7816] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7816] close(5) = 0 [pid 7816] close(4 [pid 7838] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7836] <... write resumed>) = 16777216 [pid 7836] munmap(0x7fb775000000, 138412032) = 0 [pid 7836] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7836] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7836] ioctl(5, LOOP_CLR_FD) = 0 [pid 7836] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7836] close(5) = 0 [pid 7836] close(4 [pid 7816] <... close resumed>) = 0 [pid 7816] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7814] <... futex resumed>) = 0 [pid 7816] rename("./file1", "./file0/file0" [pid 7814] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7814] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7816] <... rename resumed>) = 0 [pid 7816] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7814] <... futex resumed>) = 0 [pid 7816] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7814] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7816] <... futex resumed>) = 0 [pid 7814] <... futex resumed>) = 1 [pid 7816] mkdir(".", 0777 [pid 7814] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7816] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7816] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7835] <... write resumed>) = 16777216 [ 133.165294][ T7816] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 133.201782][ T7816] BTRFS info (device loop1 state M): setting nodatasum [ 133.210034][ T7816] BTRFS info (device loop1 state M): setting nodatasum [pid 7835] munmap(0x7fb775000000, 138412032) = 0 [pid 7835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7835] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7835] ioctl(5, LOOP_CLR_FD) = 0 [pid 7835] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7835] close(5) = 0 [ 133.236700][ T7816] BTRFS info (device loop1 state M): turning off barriers [ 133.251905][ T7816] BTRFS info (device loop1 state M): turning on flush-on-commit [ 133.270275][ T7816] BTRFS info (device loop1 state M): force clearing of disk cache [pid 7835] close(4 [pid 7836] <... close resumed>) = 0 [pid 7836] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7834] <... futex resumed>) = 0 [pid 7836] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7836] <... futex resumed>) = 0 [pid 7834] <... futex resumed>) = 1 [pid 7836] rename("./file1", "./file0/file0" [pid 7834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7816] <... mount resumed>) = 0 [pid 7816] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7816] chdir(".") = 0 [pid 7816] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7814] <... futex resumed>) = 0 [pid 7816] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7836] <... rename resumed>) = 0 [ 133.299303][ T7816] BTRFS info (device loop1 state M): doing ref verification [ 133.323544][ T7816] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7814] exit_group(0 [pid 7836] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7816] <... futex resumed>) = ? [pid 7814] <... exit_group resumed>) = ? [pid 7836] <... futex resumed>) = 1 [pid 7836] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7834] <... futex resumed>) = 0 [pid 7816] +++ exited with 0 +++ [pid 7814] +++ exited with 0 +++ [pid 7834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7814, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=61 /* 0.61 s */} --- [pid 7836] <... futex resumed>) = 0 [pid 7834] <... futex resumed>) = 1 [pid 7836] mkdir(".", 0777 [pid 7834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7836] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5830] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7836] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./20/binderfs") = 0 [pid 5830] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7838] <... write resumed>) = 16777216 [ 133.396725][ T7836] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 133.422345][ T5830] BTRFS info (device loop1): last unmount of filesystem a133d1be-fc79-4465-8df5-4006615e0adc [pid 7838] munmap(0x7fb775000000, 138412032) = 0 [pid 7838] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [ 133.453713][ T7836] BTRFS info (device loop2 state M): setting nodatasum [ 133.461038][ T7836] BTRFS info (device loop2 state M): setting nodatasum [ 133.483529][ T7836] BTRFS info (device loop2 state M): turning off barriers [pid 7838] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7838] ioctl(5, LOOP_CLR_FD) = 0 [pid 7836] <... mount resumed>) = 0 [pid 7836] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7835] <... close resumed>) = 0 [pid 7838] ioctl(5, LOOP_SET_FD, 4 [pid 7835] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7838] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7836] <... openat resumed>) = 4 [pid 7835] <... futex resumed>) = 1 [pid 7838] close(5 [pid 7835] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7838] <... close resumed>) = 0 [pid 7836] chdir("." [pid 7828] <... futex resumed>) = 0 [pid 7838] close(4 [pid 7836] <... chdir resumed>) = 0 [pid 7828] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7836] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7835] <... futex resumed>) = 0 [pid 7834] <... futex resumed>) = 0 [pid 7828] <... futex resumed>) = 1 [pid 7835] rename("./file1", "./file0/file0" [pid 7834] exit_group(0) = ? [pid 7828] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7836] +++ exited with 0 +++ [pid 7835] <... rename resumed>) = 0 [pid 7834] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7834, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=58 /* 0.58 s */} --- [pid 5831] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7835] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7835] <... futex resumed>) = 1 [ 133.497368][ T7836] BTRFS info (device loop2 state M): turning on flush-on-commit [ 133.505409][ T7836] BTRFS info (device loop2 state M): force clearing of disk cache [ 133.514254][ T7836] BTRFS info (device loop2 state M): doing ref verification [ 133.523079][ T7836] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 7828] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7828] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7835] mkdir(".", 0777 [pid 5831] <... openat resumed>) = 3 [pid 7835] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7828] <... futex resumed>) = 0 [pid 7835] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7828] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./21/binderfs") = 0 [ 133.627708][ T5831] BTRFS info (device loop2): last unmount of filesystem c50c31b9-6e67-4e26-80d5-252af9509104 [ 133.645038][ T7835] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 5831] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7906] <... write resumed>) = 16777216 [pid 7906] munmap(0x7fb775000000, 138412032) = 0 [ 133.677211][ T7835] BTRFS info (device loop0 state M): setting nodatasum [pid 7906] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7906] ioctl(4, LOOP_SET_FD, 3) = 0 [ 133.721635][ T7835] BTRFS info (device loop0 state M): setting nodatasum [ 133.735555][ T7835] BTRFS info (device loop0 state M): turning off barriers [ 133.743568][ T7906] loop3: detected capacity change from 0 to 32768 [ 133.761290][ T7835] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 7906] close(3) = 0 [pid 7906] close(4) = 0 [pid 7906] mkdir("./file0", 0777) = 0 [pid 7906] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7838] <... close resumed>) = 0 [pid 7838] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7835] <... mount resumed>) = 0 [pid 7838] <... futex resumed>) = 1 [pid 7837] <... futex resumed>) = 0 [pid 7835] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7838] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7835] <... openat resumed>) = 4 [pid 7838] rename("./file1", "./file0/file0" [pid 7837] <... futex resumed>) = 0 [ 133.776993][ T7835] BTRFS info (device loop0 state M): force clearing of disk cache [ 133.795679][ T7835] BTRFS info (device loop0 state M): doing ref verification [ 133.805450][ T7835] BTRFS info (device loop0 state M): max_inline set to 26856 [ 133.813494][ T7906] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7906) [pid 7837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7835] chdir(".") = 0 [pid 7835] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7828] <... futex resumed>) = 0 [pid 7828] exit_group(0) = ? [pid 7838] <... rename resumed>) = 0 [pid 7835] +++ exited with 0 +++ [pid 7828] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7828, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=63 /* 0.63 s */} --- [pid 5829] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7838] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7838] <... futex resumed>) = 1 [pid 7837] <... futex resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7838] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... openat resumed>) = 3 [pid 7838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] newfstatat(3, "", [pid 7838] mkdir(".", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7838] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5829] getdents64(3, [pid 7838] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7837] <... futex resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 133.848418][ T7906] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5829] unlink("./20/binderfs" [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... unlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./20/file0", [pid 5829] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 133.902426][ T7906] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 133.913516][ T7838] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 133.925065][ T7838] BTRFS info (device loop4 state M): setting nodatasum [ 133.932001][ T7906] BTRFS info (device loop3): using free-space-tree [ 133.939821][ T7838] BTRFS info (device loop4 state M): setting nodatasum [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./20/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./20") = 0 [pid 5830] mkdir("./21", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7913 ./strace-static-x86_64: Process 7913 attached [pid 7913] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7913] chdir("./21") = 0 [pid 7913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7913] setpgid(0, 0) = 0 [pid 7913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7913] write(3, "1000", 4) = 4 [pid 7838] <... mount resumed>) = 0 [pid 7913] close(3) = 0 [pid 7838] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [ 133.949394][ T7838] BTRFS info (device loop4 state M): turning off barriers [ 133.957596][ T7838] BTRFS info (device loop4 state M): turning on flush-on-commit [ 133.965699][ T7838] BTRFS info (device loop4 state M): force clearing of disk cache [ 133.974331][ T7838] BTRFS info (device loop4 state M): doing ref verification [ 133.981976][ T7838] BTRFS info (device loop4 state M): max_inline set to 26856 [ 133.990042][ T5829] BTRFS info (device loop0): last unmount of filesystem 4b9836e1-e461-43b7-bd34-700766c26b9b executing program [pid 7913] symlink("/dev/binderfs", "./binderfs" [pid 7838] chdir(".") = 0 [pid 7838] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7837] <... futex resumed>) = 0 [pid 7838] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7837] exit_group(0 [pid 7838] <... futex resumed>) = ? [pid 7837] <... exit_group resumed>) = ? [pid 7838] +++ exited with 0 +++ [pid 7837] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7837, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=63 /* 0.63 s */} --- [pid 7913] <... symlink resumed>) = 0 [pid 5833] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7913] write(1, "executing program\n", 18 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7913] <... write resumed>) = 18 [pid 5833] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7913] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = 3 [pid 7913] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 7913] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7913] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] getdents64(3, [pid 7913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./21/binderfs", [pid 7913] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7913] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5833] unlink("./21/binderfs" [pid 7913] <... mprotect resumed>) = 0 [pid 7913] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... unlink resumed>) = 0 [pid 7913] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7924]}, 88) = 7924 [pid 7913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7913] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7913] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7924 attached [pid 7924] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7924] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7924] memfd_create("syzkaller", 0) = 3 [pid 7924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 134.072610][ T5833] BTRFS info (device loop4): last unmount of filesystem ada4571c-8b11-4a5c-aade-3d03147e8b80 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./21/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./21") = 0 [pid 5831] mkdir("./22", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7929 ./strace-static-x86_64: Process 7929 attached [pid 7929] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7929] chdir("./22") = 0 [pid 7929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7929] setpgid(0, 0) = 0 [pid 7929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7929] write(3, "1000", 4) = 4 [pid 7929] close(3) = 0 [pid 7929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7929] write(1, "executing program\n", 18 [pid 7906] <... mount resumed>) = 0 executing program [pid 7929] <... write resumed>) = 18 [pid 7929] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7929] <... futex resumed>) = 0 [pid 7929] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7906] <... openat resumed>) = 3 [pid 7929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7906] chdir("./file0" [pid 7929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7906] <... chdir resumed>) = 0 [pid 7929] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7929] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 7906] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7929] <... mprotect resumed>) = 0 [pid 7906] <... openat resumed>) = 4 [pid 7929] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7906] ioctl(4, LOOP_CLR_FD [pid 7929] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7930 attached => {parent_tid=[7930]}, 88) = 7930 [pid 7929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7906] <... ioctl resumed>) = 0 [pid 7906] close(4) = 0 [pid 7906] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7905] <... futex resumed>) = 0 [pid 7906] memfd_create("syzkaller", 0 [pid 7905] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7906] <... memfd_create resumed>) = 4 [pid 7905] <... futex resumed>) = 0 [pid 7906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7905] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7906] <... mmap resumed>) = 0x7fb775000000 [pid 7930] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7930] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7930] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... umount2 resumed>) = 0 [pid 7930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7930] memfd_create("syzkaller", 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7930] <... memfd_create resumed>) = 3 [pid 5833] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 7930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./21/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./21") = 0 [pid 5833] mkdir("./22", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7931 [pid 5829] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 7931 attached [pid 7931] set_robust_list(0x55558bffa6a0, 24 [pid 5829] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7931] <... set_robust_list resumed>) = 0 [pid 7931] chdir("./22" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7931] <... chdir resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7931] setpgid(0, 0) = 0 [pid 7931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7931] write(3, "1000", 4 [pid 5829] newfstatat(4, "", [pid 7931] <... write resumed>) = 4 [pid 7931] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7931] <... close resumed>) = 0 [pid 7931] symlink("/dev/binderfs", "./binderfs" [pid 5829] getdents64(4, executing program [pid 7931] <... symlink resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7931] write(1, "executing program\n", 18) = 18 [pid 5829] getdents64(4, [pid 7931] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7931] <... futex resumed>) = 0 [pid 7931] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5829] close(4 [pid 7931] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5829] <... close resumed>) = 0 [pid 7931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5829] rmdir("./20/file0" [pid 7931] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5829] <... rmdir resumed>) = 0 [pid 7931] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] getdents64(3, [pid 7931] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7931] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5829] close(3) = 0 ./strace-static-x86_64: Process 7932 attached [pid 5829] rmdir("./20" [pid 7932] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7931] <... clone3 resumed> => {parent_tid=[7932]}, 88) = 7932 [pid 5829] <... rmdir resumed>) = 0 [pid 7932] <... rseq resumed>) = 0 [pid 7931] rt_sigprocmask(SIG_SETMASK, [], [pid 7932] set_robust_list(0x7fb77d6019a0, 24 [pid 7931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] mkdir("./21", 0777 [pid 7932] <... set_robust_list resumed>) = 0 [pid 7931] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7932] rt_sigprocmask(SIG_SETMASK, [], [pid 7931] <... futex resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3 [pid 7931] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7933 attached [pid 7932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7933 [pid 7933] set_robust_list(0x55558bffa6a0, 24 [pid 7932] memfd_create("syzkaller", 0 [pid 7933] <... set_robust_list resumed>) = 0 [pid 7932] <... memfd_create resumed>) = 3 [pid 7932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7933] chdir("./21" [pid 7932] <... mmap resumed>) = 0x7fb775000000 [pid 7933] <... chdir resumed>) = 0 [pid 7933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7933] setpgid(0, 0) = 0 [pid 7924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7933] write(3, "1000", 4) = 4 [pid 7933] close(3) = 0 [pid 7933] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7933] write(1, "executing program\n", 18) = 18 [pid 7933] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7933] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7933] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7933] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7934 attached => {parent_tid=[7934]}, 88) = 7934 [pid 7934] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7933] rt_sigprocmask(SIG_SETMASK, [], [pid 7934] <... rseq resumed>) = 0 [pid 7933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7934] set_robust_list(0x7fb77d6019a0, 24 [pid 7933] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7934] <... set_robust_list resumed>) = 0 [pid 7933] <... futex resumed>) = 0 [pid 7934] rt_sigprocmask(SIG_SETMASK, [], [pid 7933] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7934] memfd_create("syzkaller", 0) = 3 [pid 7934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7906] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7924] <... write resumed>) = 16777216 [pid 7924] munmap(0x7fb775000000, 138412032) = 0 [pid 7924] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7924] close(3) = 0 [pid 7924] close(4) = 0 [pid 7924] mkdir("./file0", 0777) = 0 [ 134.953000][ T7924] loop1: detected capacity change from 0 to 32768 [pid 7924] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7906] <... write resumed>) = 16777216 [ 134.996403][ T7924] BTRFS: device /dev/loop1 (7:1) using temp-fsid c7545a30-7e85-43b9-94b8-e31c6ad2b835 [pid 7906] munmap(0x7fb775000000, 138412032) = 0 [pid 7906] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 7906] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7906] ioctl(5, LOOP_CLR_FD) = 0 [pid 7906] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7906] close(5) = 0 [pid 7906] close(4 [pid 7930] <... write resumed>) = 16777216 [pid 7930] munmap(0x7fb775000000, 138412032) = 0 [pid 7930] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 135.038908][ T7924] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7924) [pid 7930] ioctl(4, LOOP_SET_FD, 3) = 0 [ 135.093409][ T7930] loop2: detected capacity change from 0 to 32768 [ 135.123220][ T7924] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7930] close(3) = 0 [pid 7930] close(4) = 0 [pid 7930] mkdir("./file0", 0777) = 0 [pid 7930] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7932] <... write resumed>) = 16777216 [ 135.151690][ T7924] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 135.162728][ T7924] BTRFS info (device loop1): using free-space-tree [ 135.173974][ T7930] BTRFS: device /dev/loop2 (7:2) using temp-fsid 538b2452-2983-4e72-a713-42ac3eada1d9 [pid 7932] munmap(0x7fb775000000, 138412032 [pid 7934] <... write resumed>) = 16777216 [ 135.191832][ T7930] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7930) [pid 7934] munmap(0x7fb775000000, 138412032) = 0 [pid 7934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7934] ioctl(4, LOOP_SET_FD, 3 [pid 7932] <... munmap resumed>) = 0 [pid 7934] <... ioctl resumed>) = 0 [pid 7932] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7932] ioctl(4, LOOP_SET_FD, 3 [pid 7934] close(3) = 0 [pid 7934] close(4) = 0 [pid 7932] <... ioctl resumed>) = 0 [pid 7934] mkdir("./file0", 0777 [pid 7932] close(3) = 0 [pid 7932] close(4) = 0 [ 135.258450][ T7930] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 135.284523][ T7934] loop0: detected capacity change from 0 to 32768 [ 135.296288][ T7932] loop4: detected capacity change from 0 to 32768 [pid 7932] mkdir("./file0", 0777 [pid 7934] <... mkdir resumed>) = 0 [pid 7932] <... mkdir resumed>) = 0 [pid 7934] mount("/dev/loop0", "./file0", "btrfs", 0, "" [ 135.326551][ T7934] BTRFS: device /dev/loop0 (7:0) using temp-fsid f3baa54a-7d99-4c6a-8044-f0e60787596f [ 135.337741][ T7930] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 135.352216][ T7934] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7934) [ 135.365498][ T7930] BTRFS info (device loop2): using free-space-tree [pid 7932] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 7906] <... close resumed>) = 0 [pid 7924] <... mount resumed>) = 0 [pid 7924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7906] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7924] chdir("./file0" [pid 7906] <... futex resumed>) = 1 [pid 7905] <... futex resumed>) = 0 [pid 7924] <... chdir resumed>) = 0 [pid 7906] rename("./file1", "./file0/file0" [pid 7905] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [ 135.407836][ T7932] BTRFS: device /dev/loop4 (7:4) using temp-fsid 98a713cb-1e0b-4f30-abb9-12842277faed [ 135.422148][ T7932] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7932) [pid 7924] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7905] <... futex resumed>) = 0 [pid 7924] <... openat resumed>) = 4 [pid 7924] ioctl(4, LOOP_CLR_FD [pid 7905] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7924] <... ioctl resumed>) = 0 [pid 7906] <... rename resumed>) = 0 [pid 7924] close(4) = 0 [pid 7924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7924] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7913] <... futex resumed>) = 0 [pid 7913] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7906] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7924] <... futex resumed>) = 0 [pid 7913] <... futex resumed>) = 1 [pid 7906] <... futex resumed>) = 1 [pid 7905] <... futex resumed>) = 0 [pid 7924] memfd_create("syzkaller", 0 [pid 7913] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7906] mkdir(".", 0777 [pid 7905] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7924] <... memfd_create resumed>) = 4 [pid 7906] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7905] <... futex resumed>) = 0 [pid 7924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7906] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 135.459781][ T7934] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 135.480466][ T7932] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7905] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7924] <... mmap resumed>) = 0x7fb775000000 [pid 7930] <... mount resumed>) = 0 [pid 7930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7930] chdir("./file0") = 0 [pid 7930] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7930] ioctl(4, LOOP_CLR_FD) = 0 [pid 7930] close(4) = 0 [pid 7930] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7929] <... futex resumed>) = 0 [pid 7929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7930] memfd_create("syzkaller", 0) = 4 [pid 7930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 135.537078][ T7934] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 135.546384][ T7934] BTRFS info (device loop0): using free-space-tree [ 135.554845][ T7906] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 135.577463][ T7932] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 135.627314][ T7932] BTRFS info (device loop4): using free-space-tree [ 135.631813][ T7906] BTRFS info (device loop3 state M): setting nodatasum [ 135.691736][ T7906] BTRFS info (device loop3 state M): setting nodatasum [ 135.734003][ T7906] BTRFS info (device loop3 state M): turning off barriers [ 135.771568][ T7906] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 7906] <... mount resumed>) = 0 [pid 7906] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7906] chdir(".") = 0 [pid 7906] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7905] <... futex resumed>) = 0 [pid 7905] exit_group(0) = ? [ 135.811743][ T7906] BTRFS info (device loop3 state M): force clearing of disk cache [ 135.819841][ T7906] BTRFS info (device loop3 state M): doing ref verification [ 135.827642][ T7906] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 7924] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7906] +++ exited with 0 +++ [pid 7905] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7905, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=56 /* 0.56 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 7932] <... mount resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7932] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 7932] chdir("./file0" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7934] <... mount resumed>) = 0 [pid 7932] <... chdir resumed>) = 0 [pid 7934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7932] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7934] <... openat resumed>) = 3 [pid 7932] <... openat resumed>) = 4 [pid 5832] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7934] chdir("./file0" [pid 7932] ioctl(4, LOOP_CLR_FD [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./21/binderfs", [pid 7934] <... chdir resumed>) = 0 [pid 7932] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7934] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7932] close(4 [pid 5832] unlink("./21/binderfs" [pid 7934] <... openat resumed>) = 4 [pid 7932] <... close resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 7934] ioctl(4, LOOP_CLR_FD [pid 7932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7934] <... ioctl resumed>) = 0 [pid 7932] <... futex resumed>) = 1 [pid 7931] <... futex resumed>) = 0 [pid 5832] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7934] close(4 [pid 7932] memfd_create("syzkaller", 0 [pid 7931] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7934] <... close resumed>) = 0 [pid 7932] <... memfd_create resumed>) = 4 [pid 7931] <... futex resumed>) = 0 [pid 7934] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7931] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7934] <... futex resumed>) = 1 [pid 7933] <... futex resumed>) = 0 [pid 7932] <... mmap resumed>) = 0x7fb775000000 [pid 7933] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7934] memfd_create("syzkaller", 0 [pid 7933] <... futex resumed>) = 0 [pid 7934] <... memfd_create resumed>) = 4 [pid 7933] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 135.945366][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7930] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7924] <... write resumed>) = 16777216 [pid 7934] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7932] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7924] munmap(0x7fb775000000, 138412032) = 0 [pid 7924] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 7924] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7924] ioctl(5, LOOP_CLR_FD) = 0 [pid 7924] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7924] close(5) = 0 [pid 7924] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./21/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./21") = 0 [pid 5832] mkdir("./22", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 8004 ./strace-static-x86_64: Process 8004 attached [pid 8004] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8004] chdir("./22") = 0 [pid 8004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8004] setpgid(0, 0) = 0 [pid 8004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8004] write(3, "1000", 4) = 4 [pid 8004] close(3) = 0 [pid 8004] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8004] write(1, "executing program\n", 18) = 18 [pid 8004] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8004] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8004] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8006 attached => {parent_tid=[8006]}, 88) = 8006 [pid 8004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8004] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8004] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8006] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8006] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8006] memfd_create("syzkaller", 0) = 3 [pid 8006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7924] <... close resumed>) = 0 [pid 7924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7913] <... futex resumed>) = 0 [pid 7924] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7913] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7924] <... futex resumed>) = 0 [pid 7913] <... futex resumed>) = 1 [pid 7924] rename("./file1", "./file0/file0" [pid 7913] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7924] <... rename resumed>) = 0 [pid 7930] <... write resumed>) = 16777216 [pid 7924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7924] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7913] <... futex resumed>) = 0 [pid 7930] munmap(0x7fb775000000, 138412032 [pid 7913] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7924] <... futex resumed>) = 0 [pid 7924] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7924] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7930] <... munmap resumed>) = 0 [pid 7913] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7930] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7930] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7930] ioctl(5, LOOP_CLR_FD) = 0 [pid 7930] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7930] close(5) = 0 [ 136.755256][ T7924] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 136.806339][ T7924] BTRFS info (device loop1 state M): setting nodatasum [ 136.831857][ T7924] BTRFS info (device loop1 state M): setting nodatasum [ 136.838757][ T7924] BTRFS info (device loop1 state M): turning off barriers [pid 7930] close(4 [ 136.890170][ T7924] BTRFS info (device loop1 state M): turning on flush-on-commit [ 136.901629][ T7924] BTRFS info (device loop1 state M): force clearing of disk cache [pid 8006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7934] <... write resumed>) = 16777216 [pid 7932] <... write resumed>) = 16777216 [pid 7932] munmap(0x7fb775000000, 138412032 [pid 7934] munmap(0x7fb775000000, 138412032) = 0 [pid 7932] <... munmap resumed>) = 0 [pid 7932] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7924] <... mount resumed>) = 0 [pid 7924] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7932] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7932] ioctl(5, LOOP_CLR_FD) = 0 [pid 7934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7934] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7934] ioctl(5, LOOP_CLR_FD) = 0 [pid 7934] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7934] close(5) = 0 [ 136.931833][ T7924] BTRFS info (device loop1 state M): doing ref verification [ 136.939188][ T7924] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7934] close(4 [pid 7924] <... openat resumed>) = 4 [pid 7932] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7932] close(5) = 0 [pid 7932] close(4 [pid 7924] chdir(".") = 0 [pid 7924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7913] <... futex resumed>) = 0 [pid 7913] exit_group(0) = ? [pid 7924] +++ exited with 0 +++ [pid 7913] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7913, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=56 /* 0.56 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 7930] <... close resumed>) = 0 [pid 7930] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7930] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7929] <... futex resumed>) = 0 [pid 7929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... restart_syscall resumed>) = 0 [pid 7929] <... futex resumed>) = 1 [pid 7930] <... futex resumed>) = 0 [pid 5830] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7930] rename("./file1", "./file0/file0" [pid 5830] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7930] <... rename resumed>) = 0 [pid 5830] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7930] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7929] <... futex resumed>) = 0 [pid 7930] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7929] <... futex resumed>) = 0 [pid 7930] mkdir(".", 0777 [pid 7929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7930] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7930] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./21/binderfs") = 0 [ 137.133220][ T7930] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 137.153594][ T5830] BTRFS info (device loop1): last unmount of filesystem c7545a30-7e85-43b9-94b8-e31c6ad2b835 [ 137.183214][ T7930] BTRFS info (device loop2 state M): setting nodatasum [ 137.210489][ T7930] BTRFS info (device loop2 state M): setting nodatasum [ 137.221599][ T7930] BTRFS info (device loop2 state M): turning off barriers [ 137.229085][ T7930] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 5830] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7934] <... close resumed>) = 0 [pid 7932] <... close resumed>) = 0 [pid 7934] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7933] <... futex resumed>) = 0 [pid 7934] rename("./file1", "./file0/file0" [pid 7933] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7933] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7931] <... futex resumed>) = 0 [pid 7932] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7931] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7934] <... rename resumed>) = 0 [pid 7931] <... futex resumed>) = 0 [pid 7932] rename("./file1", "./file0/file0" [pid 7931] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7934] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7933] <... futex resumed>) = 0 [pid 7934] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7933] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7933] <... futex resumed>) = 0 [ 137.267361][ T7930] BTRFS info (device loop2 state M): force clearing of disk cache [ 137.303072][ T7930] BTRFS info (device loop2 state M): doing ref verification [pid 7933] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7934] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7932] <... rename resumed>) = 0 [pid 7930] <... mount resumed>) = 0 [pid 7934] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7930] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7932] <... futex resumed>) = 1 [pid 7931] <... futex resumed>) = 0 [pid 7930] <... openat resumed>) = 4 [pid 7931] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7930] chdir("." [pid 7931] <... futex resumed>) = 0 [pid 7930] <... chdir resumed>) = 0 [pid 7931] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7930] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7930] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7932] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7932] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7929] <... futex resumed>) = 0 [pid 7929] exit_group(0 [pid 7930] <... futex resumed>) = ? [pid 7929] <... exit_group resumed>) = ? [pid 7930] +++ exited with 0 +++ [ 137.349314][ T7930] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 7929] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7929, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=57 /* 0.57 s */} --- [pid 5831] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8006] <... write resumed>) = 16777216 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 137.399309][ T7932] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 137.429583][ T7934] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 5831] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8006] munmap(0x7fb775000000, 138412032 [pid 5831] unlink("./22/binderfs" [pid 8006] <... munmap resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [ 137.461542][ T7932] BTRFS info (device loop4 state M): setting nodatasum [ 137.468726][ T7932] BTRFS info (device loop4 state M): setting nodatasum [ 137.481282][ T7934] BTRFS info (device loop0 state M): setting nodatasum [ 137.493114][ T7932] BTRFS info (device loop4 state M): turning off barriers [ 137.500266][ T7932] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 5831] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8006] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8006] close(3) = 0 [pid 8006] close(4) = 0 [ 137.507558][ T7934] BTRFS info (device loop0 state M): setting nodatasum [ 137.516527][ T8006] loop3: detected capacity change from 0 to 32768 [ 137.523524][ T5831] BTRFS info (device loop2): last unmount of filesystem 538b2452-2983-4e72-a713-42ac3eada1d9 [ 137.538190][ T7934] BTRFS info (device loop0 state M): turning off barriers [ 137.544981][ T7932] BTRFS info (device loop4 state M): force clearing of disk cache [pid 8006] mkdir("./file0", 0777) = 0 [ 137.568669][ T7932] BTRFS info (device loop4 state M): doing ref verification [ 137.571715][ T7934] BTRFS info (device loop0 state M): turning on flush-on-commit [ 137.593674][ T8006] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (8006) [ 137.595765][ T7932] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 8006] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = 0 [pid 7932] <... mount resumed>) = 0 [pid 5830] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./21/file0") = 0 [pid 7932] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(3, [pid 7932] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7932] chdir("." [pid 5830] close(3 [pid 7932] <... chdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 7932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] rmdir("./21" [pid 7932] <... futex resumed>) = 1 [pid 7931] <... futex resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 7931] exit_group(0 [pid 5830] mkdir("./22", 0777 [pid 7931] <... exit_group resumed>) = ? [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 executing program [pid 7932] +++ exited with 0 +++ [pid 7931] +++ exited with 0 +++ [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8010 attached [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7931, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=67 /* 0.67 s */} --- [pid 8010] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8010] chdir("./22") = 0 [pid 8010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8010] setpgid(0, 0) = 0 [pid 8010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 8010 [pid 8010] <... openat resumed>) = 3 [pid 8010] write(3, "1000", 4) = 4 [pid 8010] close(3) = 0 [pid 8010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8010] write(1, "executing program\n", 18) = 18 [pid 8010] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8010] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8010] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8010] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8011]}, 88) = 8011 [pid 5833] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8010] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8010] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8011 attached [pid 5833] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 137.619706][ T7934] BTRFS info (device loop0 state M): force clearing of disk cache [ 137.635557][ T7934] BTRFS info (device loop0 state M): doing ref verification [ 137.643068][ T7934] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 8011] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7934] <... mount resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 8011] <... rseq resumed>) = 0 [pid 8011] set_robust_list(0x7fb77d6019a0, 24 [pid 7934] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8011] <... set_robust_list resumed>) = 0 [pid 8011] rt_sigprocmask(SIG_SETMASK, [], [pid 7934] <... openat resumed>) = 4 [pid 8011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7934] chdir("." [pid 8011] memfd_create("syzkaller", 0 [pid 7934] <... chdir resumed>) = 0 [pid 7934] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7933] <... futex resumed>) = 0 [pid 8011] <... memfd_create resumed>) = 3 [pid 7934] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7933] exit_group(0 [pid 5833] getdents64(3, [pid 8011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7934] <... futex resumed>) = ? [pid 7933] <... exit_group resumed>) = ? [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7934] +++ exited with 0 +++ [ 137.672774][ T8006] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 137.704271][ T8006] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 8011] <... mmap resumed>) = 0x7fb775000000 [pid 7933] +++ exited with 0 +++ [pid 5833] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7933, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=75 /* 0.75 s */} --- [pid 5833] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./22/binderfs") = 0 [pid 5833] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./21/binderfs") = 0 [ 137.726996][ T8006] BTRFS info (device loop3): using free-space-tree [ 137.744325][ T5833] BTRFS info (device loop4): last unmount of filesystem 98a713cb-1e0b-4f30-abb9-12842277faed [ 137.773216][ T5829] BTRFS info (device loop0): last unmount of filesystem f3baa54a-7d99-4c6a-8044-f0e60787596f [pid 5829] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8006] <... mount resumed>) = 0 [pid 8006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8006] chdir("./file0") = 0 [pid 8006] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8006] ioctl(4, LOOP_CLR_FD) = 0 [pid 8006] close(4) = 0 [pid 8006] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8004] <... futex resumed>) = 0 [pid 8006] <... futex resumed>) = 1 [pid 8004] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8004] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8006] memfd_create("syzkaller", 0) = 4 [pid 8006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./22/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./22") = 0 [pid 5831] mkdir("./23", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8029 attached , child_tidptr=0x55558bffa690) = 8029 [pid 8029] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8029] chdir("./23") = 0 [pid 8029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8029] setpgid(0, 0) = 0 [pid 8029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8029] write(3, "1000", 4) = 4 [pid 8029] close(3) = 0 [pid 8029] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8029] write(1, "executing program\n", 18) = 18 [pid 8029] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8029] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8029] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8030 attached => {parent_tid=[8030]}, 88) = 8030 [pid 8029] rt_sigprocmask(SIG_SETMASK, [], [pid 8006] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 8029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8030] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] newfstatat(AT_FDCWD, "./22/file0", [pid 8030] <... rseq resumed>) = 0 [pid 8030] set_robust_list(0x7fb77d6019a0, 24 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8030] <... set_robust_list resumed>) = 0 [pid 8030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8030] memfd_create("syzkaller", 0 [pid 5833] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8030] <... memfd_create resumed>) = 3 [pid 5833] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./21/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./21") = 0 [pid 5829] mkdir("./22", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 5829] <... openat resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./22/file0" [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] getdents64(3, [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 8031 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8031 attached [pid 8031] set_robust_list(0x55558bffa6a0, 24) = 0 executing program [pid 8031] chdir("./22" [pid 5833] close(3 [pid 8031] <... chdir resumed>) = 0 [pid 8031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8031] setpgid(0, 0) = 0 [pid 8031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8031] write(3, "1000", 4) = 4 [pid 8031] close(3) = 0 [pid 8031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8031] write(1, "executing program\n", 18) = 18 [pid 8031] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8031] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8031] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./22" [pid 8031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5833] <... rmdir resumed>) = 0 [pid 8031] <... clone3 resumed> => {parent_tid=[8032]}, 88) = 8032 [pid 8031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8031] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8032 attached ) = 0 [pid 8031] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] mkdir("./23", 0777 [pid 8032] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8032] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8032] memfd_create("syzkaller", 0) = 3 [pid 8032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5833] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8033 attached , child_tidptr=0x55558bffa690) = 8033 [pid 8033] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8033] chdir("./23") = 0 [pid 8033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8033] setpgid(0, 0) = 0 [pid 8033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8033] write(3, "1000", 4) = 4 [pid 8033] close(3) = 0 executing program [pid 8033] symlink("/dev/binderfs", "./binderfs" [pid 8011] <... write resumed>) = 16777216 [pid 8033] <... symlink resumed>) = 0 [pid 8033] write(1, "executing program\n", 18 [pid 8011] munmap(0x7fb775000000, 138412032 [pid 8033] <... write resumed>) = 18 [pid 8033] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8011] <... munmap resumed>) = 0 [pid 8033] <... futex resumed>) = 0 [pid 8011] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8033] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 8011] <... openat resumed>) = 4 [pid 8033] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8011] ioctl(4, LOOP_SET_FD, 3 [pid 8033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8011] <... ioctl resumed>) = 0 [pid 8033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8033] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8034 attached => {parent_tid=[8034]}, 88) = 8034 [pid 8033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8033] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8033] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8034] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8011] close(3 [pid 8034] set_robust_list(0x7fb77d6019a0, 24 [pid 8011] <... close resumed>) = 0 [pid 8034] <... set_robust_list resumed>) = 0 [pid 8011] close(4 [pid 8034] rt_sigprocmask(SIG_SETMASK, [], [pid 8011] <... close resumed>) = 0 [pid 8034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8011] mkdir("./file0", 0777 [pid 8034] memfd_create("syzkaller", 0 [pid 8011] <... mkdir resumed>) = 0 [pid 8034] <... memfd_create resumed>) = 3 [pid 8011] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 8034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 138.483772][ T8011] loop1: detected capacity change from 0 to 32768 [ 138.515924][ T8011] BTRFS: device /dev/loop1 (7:1) using temp-fsid 56348860-0389-4730-8d23-0606a78e9eda [ 138.552033][ T8011] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (8011) [pid 8030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8006] <... write resumed>) = 16777216 [pid 8006] munmap(0x7fb775000000, 138412032) = 0 [pid 8006] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 8006] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8006] ioctl(5, LOOP_CLR_FD) = 0 [pid 8032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8006] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8006] close(5) = 0 [ 138.690073][ T8011] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 138.713874][ T8011] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 138.751682][ T8011] BTRFS info (device loop1): using free-space-tree [pid 8006] close(4 [pid 8034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8006] <... close resumed>) = 0 [pid 8006] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8004] <... futex resumed>) = 0 [pid 8006] rename("./file1", "./file0/file0" [pid 8004] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8004] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8006] <... rename resumed>) = 0 [pid 8006] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8004] <... futex resumed>) = 0 [pid 8006] mkdir(".", 0777 [pid 8004] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8011] <... mount resumed>) = 0 [pid 8004] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8006] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8011] <... openat resumed>) = 3 [pid 8006] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8011] chdir("./file0") = 0 [pid 8011] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8011] ioctl(4, LOOP_CLR_FD) = 0 [pid 8011] close(4) = 0 [pid 8011] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8010] <... futex resumed>) = 0 [pid 8011] memfd_create("syzkaller", 0 [pid 8010] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8011] <... memfd_create resumed>) = 4 [pid 8010] <... futex resumed>) = 0 [pid 8011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8010] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8011] <... mmap resumed>) = 0x7fb775000000 [ 139.113664][ T8006] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 8034] <... write resumed>) = 16777216 [ 139.171817][ T8006] BTRFS info (device loop3 state M): setting nodatasum [ 139.200437][ T8006] BTRFS info (device loop3 state M): setting nodatasum [pid 8034] munmap(0x7fb775000000, 138412032) = 0 [pid 8034] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8034] ioctl(4, LOOP_SET_FD, 3) = 0 [ 139.241926][ T8006] BTRFS info (device loop3 state M): turning off barriers [ 139.265158][ T8006] BTRFS info (device loop3 state M): turning on flush-on-commit [ 139.273692][ T8034] loop4: detected capacity change from 0 to 32768 [pid 8034] close(3) = 0 [pid 8034] close(4) = 0 [pid 8030] <... write resumed>) = 16777216 [pid 8030] munmap(0x7fb775000000, 138412032 [pid 8034] mkdir("./file0", 0777 [pid 8030] <... munmap resumed>) = 0 [pid 8034] <... mkdir resumed>) = 0 [pid 8034] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 8030] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 139.292602][ T8006] BTRFS info (device loop3 state M): force clearing of disk cache [ 139.330021][ T8006] BTRFS info (device loop3 state M): doing ref verification [pid 8030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8032] <... write resumed>) = 16777216 [pid 8030] close(3 [pid 8032] munmap(0x7fb775000000, 138412032 [pid 8030] <... close resumed>) = 0 [pid 8030] close(4) = 0 [pid 8030] mkdir("./file0", 0777) = 0 [pid 8030] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 8006] <... mount resumed>) = 0 [pid 8006] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8006] chdir(".") = 0 [pid 8006] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8004] <... futex resumed>) = 0 [pid 8006] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8004] exit_group(0 [pid 8006] <... futex resumed>) = ? [pid 8004] <... exit_group resumed>) = ? [pid 8006] +++ exited with 0 +++ [pid 8004] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8004, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=63 /* 0.63 s */} --- [ 139.343975][ T8030] loop2: detected capacity change from 0 to 32768 [ 139.353571][ T8034] BTRFS: device /dev/loop4 (7:4) using temp-fsid 3263c23a-8af4-47fd-9ea7-a30710bf56bb [ 139.368477][ T8006] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./22/binderfs") = 0 [pid 8032] <... munmap resumed>) = 0 [pid 8032] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8032] <... openat resumed>) = 4 [pid 8032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8032] close(3) = 0 [pid 8032] close(4) = 0 [pid 8011] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8032] mkdir("./file0", 0777) = 0 [ 139.398774][ T8034] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (8034) [ 139.424222][ T8032] loop0: detected capacity change from 0 to 32768 [ 139.437069][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 139.501885][ T8030] BTRFS: device /dev/loop2 (7:2) using temp-fsid aa7b6925-16e5-4a91-8baa-449bb7df7b63 [ 139.523295][ T8034] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 139.527008][ T8030] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (8030) [ 139.541626][ T8034] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 139.594128][ T8034] BTRFS info (device loop4): using free-space-tree [ 139.598372][ T8032] BTRFS: device /dev/loop0 (7:0) using temp-fsid 50f56db8-2af6-462f-a158-6a756b6668c7 [ 139.618708][ T8030] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 139.646284][ T8032] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (8032) [ 139.660090][ T8030] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 8032] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 8011] <... write resumed>) = 16777216 [pid 8011] munmap(0x7fb775000000, 138412032) = 0 [pid 8011] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 8011] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 139.690478][ T8030] BTRFS info (device loop2): using free-space-tree [ 139.727519][ T8032] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8011] ioctl(5, LOOP_CLR_FD) = 0 [pid 8011] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8011] close(5) = 0 [pid 8011] close(4 [pid 8034] <... mount resumed>) = 0 [pid 8034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8034] chdir("./file0") = 0 [pid 8034] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8034] ioctl(4, LOOP_CLR_FD) = 0 [pid 8034] close(4) = 0 [ 139.795905][ T8032] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 8034] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8033] <... futex resumed>) = 0 [pid 8034] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8033] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8033] <... futex resumed>) = 0 [pid 8033] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8034] memfd_create("syzkaller", 0) = 4 [pid 8034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 139.869011][ T8032] BTRFS info (device loop0): using free-space-tree [pid 5832] <... umount2 resumed>) = 0 [pid 8030] <... mount resumed>) = 0 [pid 8030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8030] chdir("./file0") = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8030] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] newfstatat(AT_FDCWD, "./22/file0", [pid 8030] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8030] ioctl(4, LOOP_CLR_FD) = 0 [pid 5832] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8030] close(4) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8029] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8030] memfd_create("syzkaller", 0 [pid 8029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 4 [pid 8030] <... memfd_create resumed>) = 4 [pid 8029] <... futex resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 8030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8030] <... mmap resumed>) = 0x7fb775000000 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./22/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./22") = 0 [pid 8032] <... mount resumed>) = 0 [pid 8032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5832] mkdir("./23", 0777) = 0 [pid 8032] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8032] chdir("./file0" [pid 5832] <... openat resumed>) = 3 [pid 8032] <... chdir resumed>) = 0 [pid 8032] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8032] <... openat resumed>) = 4 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8032] ioctl(4, LOOP_CLR_FD [pid 5832] close(3 [pid 8032] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 8032] close(4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8032] <... close resumed>) = 0 ./strace-static-x86_64: Process 8101 attached [pid 8032] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8031] <... futex resumed>) = 0 [pid 8032] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8031] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8031] <... futex resumed>) = 0 [pid 8032] memfd_create("syzkaller", 0 [pid 8031] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 8101 [pid 8101] set_robust_list(0x55558bffa6a0, 24 [pid 8032] <... memfd_create resumed>) = 4 [pid 8101] <... set_robust_list resumed>) = 0 [pid 8032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8101] chdir("./23") = 0 [pid 8101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8101] setpgid(0, 0 [pid 8032] <... mmap resumed>) = 0x7fb775000000 [pid 8101] <... setpgid resumed>) = 0 [pid 8101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8101] write(3, "1000", 4) = 4 [pid 8101] close(3) = 0 [pid 8101] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8101] write(1, "executing program\n", 18) = 18 [pid 8101] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8101] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8101] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8102]}, 88) = 8102 [pid 8101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8101] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8101] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8102 attached [pid 8102] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8102] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8102] memfd_create("syzkaller", 0) = 3 [pid 8011] <... close resumed>) = 0 [pid 8102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8011] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8010] <... futex resumed>) = 0 [pid 8011] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8010] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8010] <... futex resumed>) = 0 [pid 8011] rename("./file1", "./file0/file0" [pid 8010] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8011] <... rename resumed>) = 0 [pid 8011] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8010] <... futex resumed>) = 0 [pid 8010] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8010] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8011] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 8011] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 140.257613][ T8011] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 140.297164][ T8011] BTRFS info (device loop1 state M): setting nodatasum [ 140.316975][ T8011] BTRFS info (device loop1 state M): setting nodatasum [ 140.351659][ T8011] BTRFS info (device loop1 state M): turning off barriers [ 140.358837][ T8011] BTRFS info (device loop1 state M): turning on flush-on-commit [pid 8034] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8032] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 140.391620][ T8011] BTRFS info (device loop1 state M): force clearing of disk cache [ 140.412879][ T8011] BTRFS info (device loop1 state M): doing ref verification [ 140.420212][ T8011] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 8030] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8011] <... mount resumed>) = 0 [pid 8011] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8011] chdir(".") = 0 [pid 8011] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8011] <... futex resumed>) = 1 [pid 8010] <... futex resumed>) = 0 [pid 8011] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8010] exit_group(0 [pid 8011] <... futex resumed>) = ? [pid 8010] <... exit_group resumed>) = ? [pid 8011] +++ exited with 0 +++ [pid 8010] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8010, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=58 /* 0.58 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./22/binderfs") = 0 [ 140.559230][ T5830] BTRFS info (device loop1): last unmount of filesystem 56348860-0389-4730-8d23-0606a78e9eda [pid 5830] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8034] <... write resumed>) = 16777216 [pid 8034] munmap(0x7fb775000000, 138412032) = 0 [pid 8034] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 8034] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8034] ioctl(5, LOOP_CLR_FD) = 0 [pid 8034] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8034] close(5) = 0 [pid 8034] close(4 [pid 8032] <... write resumed>) = 16777216 [pid 8032] munmap(0x7fb775000000, 138412032 [pid 8030] <... write resumed>) = 16777216 [pid 8032] <... munmap resumed>) = 0 [pid 8032] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8030] munmap(0x7fb775000000, 138412032 [pid 8032] <... openat resumed>) = 5 [pid 8030] <... munmap resumed>) = 0 [pid 8032] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8032] ioctl(5, LOOP_CLR_FD [pid 8102] <... write resumed>) = 16777216 [pid 8032] <... ioctl resumed>) = 0 [pid 8030] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 5830] <... umount2 resumed>) = 0 [pid 8032] ioctl(5, LOOP_SET_FD, 4 [pid 8030] ioctl(5, LOOP_SET_FD, 4 [pid 8032] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8030] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8032] close(5 [pid 8034] <... close resumed>) = 0 [pid 8032] <... close resumed>) = 0 [pid 5830] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8102] munmap(0x7fb775000000, 138412032 [pid 8034] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8032] close(4 [pid 8030] ioctl(5, LOOP_CLR_FD [pid 5830] newfstatat(AT_FDCWD, "./22/file0", [pid 8102] <... munmap resumed>) = 0 [pid 8034] <... futex resumed>) = 1 [pid 8033] <... futex resumed>) = 0 [pid 8034] rename("./file1", "./file0/file0" [pid 8033] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8030] <... ioctl resumed>) = 0 [pid 8033] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8102] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8102] ioctl(4, LOOP_SET_FD, 3 [pid 8033] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8030] ioctl(5, LOOP_SET_FD, 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8030] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8030] close(5) = 0 [pid 8030] close(4 [pid 5830] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 8034] <... rename resumed>) = 0 [pid 8102] <... ioctl resumed>) = 0 [pid 8102] close(3) = 0 [pid 8102] close(4) = 0 [pid 8102] mkdir("./file0", 0777 [pid 5830] rmdir("./22/file0" [pid 8102] <... mkdir resumed>) = 0 [ 140.994740][ T8102] loop3: detected capacity change from 0 to 32768 [pid 8102] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 8034] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] getdents64(3, [pid 8034] <... futex resumed>) = 1 [pid 8033] <... futex resumed>) = 0 [pid 8033] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 8033] <... futex resumed>) = 0 [pid 8034] mkdir(".", 0777 [pid 8033] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] close(3) = 0 [pid 8034] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5830] rmdir("./22" [pid 8034] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./23", 0777) = 0 [ 141.034607][ T8102] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (8102) [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 8106 ./strace-static-x86_64: Process 8106 attached [pid 8106] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8106] chdir("./23") = 0 [pid 8106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8106] setpgid(0, 0) = 0 [pid 8106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8106] write(3, "1000", 4) = 4 [pid 8106] close(3) = 0 [pid 8106] symlink("/dev/binderfs", "./binderfs") = 0 executing program [ 141.102089][ T8034] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 141.139638][ T8034] BTRFS info (device loop4 state M): setting nodatasum [pid 8106] write(1, "executing program\n", 18) = 18 [pid 8106] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8106] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8106] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [ 141.161631][ T8102] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 141.172427][ T8034] BTRFS info (device loop4 state M): setting nodatasum [ 141.179453][ T8034] BTRFS info (device loop4 state M): turning off barriers [pid 8106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8108]}, 88) = 8108 [pid 8106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8106] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8106] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8108 attached [pid 8108] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8108] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8108] memfd_create("syzkaller", 0) = 3 [ 141.211651][ T8034] BTRFS info (device loop4 state M): turning on flush-on-commit [ 141.219527][ T8102] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 141.236007][ T8034] BTRFS info (device loop4 state M): force clearing of disk cache [ 141.246137][ T8102] BTRFS info (device loop3): using free-space-tree [pid 8108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8030] <... close resumed>) = 0 [pid 8034] <... mount resumed>) = 0 [pid 8032] <... close resumed>) = 0 [pid 8034] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 8032] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8034] <... openat resumed>) = 4 [pid 8032] <... futex resumed>) = 1 [pid 8031] <... futex resumed>) = 0 [pid 8034] chdir("." [pid 8032] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8031] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8034] <... chdir resumed>) = 0 [pid 8032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8031] <... futex resumed>) = 0 [pid 8034] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8032] rename("./file1", "./file0/file0" [pid 8031] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8034] <... futex resumed>) = 1 [pid 8033] <... futex resumed>) = 0 [pid 8034] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8033] exit_group(0 [pid 8034] <... futex resumed>) = ? [pid 8033] <... exit_group resumed>) = ? [pid 8034] +++ exited with 0 +++ [pid 8033] +++ exited with 0 +++ [pid 8030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8033, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=59 /* 0.59 s */} --- [pid 8030] <... futex resumed>) = 1 [pid 8029] <... futex resumed>) = 0 [pid 8029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 141.269794][ T8034] BTRFS info (device loop4 state M): doing ref verification [ 141.302468][ T8034] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 8029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8030] rename("./file1", "./file0/file0" [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8032] <... rename resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8032] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(AT_FDCWD, "./23/binderfs", [pid 8032] <... futex resumed>) = 1 [pid 8031] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8031] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] unlink("./23/binderfs" [pid 8031] <... futex resumed>) = 0 [pid 8032] mkdir(".", 0777 [pid 8031] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... unlink resumed>) = 0 [pid 8032] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8032] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8029] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8030] <... rename resumed>) = 0 [pid 8029] <... mmap resumed>) = 0x7fb77d5c0000 [pid 8029] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8030] <... futex resumed>) = 0 [pid 8030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} => {parent_tid=[8123]}, 88) = 8123 [pid 8029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8029] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8029] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8123 attached [pid 8123] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 8123] set_robust_list(0x7fb77d5e09a0, 24) = 0 [ 141.392380][ T5833] BTRFS info (device loop4): last unmount of filesystem 3263c23a-8af4-47fd-9ea7-a30710bf56bb [ 141.414135][ T8032] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 8123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8123] mkdir(".", 0777) = -1 EEXIST (File exists) [ 141.462160][ T8032] BTRFS info (device loop0 state M): setting nodatasum [ 141.469635][ T8032] BTRFS info (device loop0 state M): setting nodatasum [ 141.476635][ T8032] BTRFS info (device loop0 state M): turning off barriers [ 141.492511][ T8123] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 141.494905][ T8032] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 8123] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8102] <... mount resumed>) = 0 [pid 8102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8102] chdir("./file0") = 0 [pid 8102] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 141.540611][ T8032] BTRFS info (device loop0 state M): force clearing of disk cache [ 141.562246][ T8123] BTRFS info (device loop2 state M): setting nodatasum [pid 8102] ioctl(4, LOOP_CLR_FD) = 0 [pid 8102] close(4) = 0 [ 141.584531][ T8032] BTRFS info (device loop0 state M): doing ref verification [pid 8102] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8101] <... futex resumed>) = 0 [pid 8102] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 8101] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8102] memfd_create("syzkaller", 0 [pid 8101] <... futex resumed>) = 0 [pid 8102] <... memfd_create resumed>) = 4 [pid 8101] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 141.612546][ T8123] BTRFS info (device loop2 state M): setting nodatasum [ 141.619460][ T8123] BTRFS info (device loop2 state M): turning off barriers [ 141.627801][ T8032] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 8032] <... mount resumed>) = 0 [pid 8032] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8032] chdir(".") = 0 [pid 8032] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8032] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8031] <... futex resumed>) = 0 [pid 8031] exit_group(0) = ? [pid 8032] <... futex resumed>) = ? [pid 8032] +++ exited with 0 +++ [pid 8031] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8031, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=68 /* 0.68 s */} --- [ 141.662808][ T8123] BTRFS info (device loop2 state M): turning on flush-on-commit [ 141.685089][ T8123] BTRFS info (device loop2 state M): force clearing of disk cache [pid 5829] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./22/binderfs" [pid 8123] <... mount resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 8123] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8123] chdir("." [pid 5829] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8123] <... chdir resumed>) = 0 [pid 8123] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8029] <... futex resumed>) = 0 [pid 8123] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8029] exit_group(0 [pid 8123] <... futex resumed>) = ? [pid 8030] <... futex resumed>) = ? [pid 8029] <... exit_group resumed>) = ? [pid 8123] +++ exited with 0 +++ [pid 8030] +++ exited with 0 +++ [pid 8029] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8029, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=58 /* 0.58 s */} --- [ 141.711800][ T8123] BTRFS info (device loop2 state M): doing ref verification [ 141.743783][ T8123] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./23/binderfs") = 0 [ 141.778662][ T5829] BTRFS info (device loop0): last unmount of filesystem 50f56db8-2af6-462f-a158-6a756b6668c7 [ 141.817126][ T5831] BTRFS info (device loop2): last unmount of filesystem aa7b6925-16e5-4a91-8baa-449bb7df7b63 [pid 5831] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./23/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./23") = 0 [pid 5833] mkdir("./24", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8126 attached , child_tidptr=0x55558bffa690) = 8126 [pid 8126] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8126] chdir("./24") = 0 [pid 8126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8126] setpgid(0, 0) = 0 [pid 8126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8126] write(3, "1000", 4) = 4 [pid 8126] close(3) = 0 [pid 8126] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8126] write(1, "executing program\n", 18) = 18 [pid 8126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8108] <... write resumed>) = 16777216 [pid 8126] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8126] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8127 attached => {parent_tid=[8127]}, 88) = 8127 [pid 8126] rt_sigprocmask(SIG_SETMASK, [], [pid 8127] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8126] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8127] <... rseq resumed>) = 0 [pid 8126] <... futex resumed>) = 0 [pid 8126] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8127] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8108] munmap(0x7fb775000000, 138412032 [pid 8127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8127] memfd_create("syzkaller", 0) = 3 [pid 8127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8108] <... munmap resumed>) = 0 [pid 8108] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8108] ioctl(4, LOOP_SET_FD, 3 [pid 8102] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8108] <... ioctl resumed>) = 0 [pid 8108] close(3) = 0 [pid 8108] close(4) = 0 [ 142.023314][ T8108] loop1: detected capacity change from 0 to 32768 [pid 8108] mkdir("./file0", 0777) = 0 [pid 8108] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5829] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [ 142.091855][ T8108] BTRFS: device /dev/loop1 (7:1) using temp-fsid 41943773-b009-4f78-867b-87195ad7730d [pid 5831] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./23/file0", [pid 5829] newfstatat(AT_FDCWD, "./22/file0", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(4, "", [pid 5831] getdents64(4, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] close(4 [pid 5829] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] rmdir("./23/file0" [pid 5829] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5829] rmdir("./22/file0" [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./23" [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./24", 0777 [pid 5829] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./22" [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... rmdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 5829] mkdir("./23", 0777 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... mkdir resumed>) = 0 [ 142.134098][ T8108] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (8108) [ 142.169555][ T8108] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 ./strace-static-x86_64: Process 8128 attached [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 8128 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8128] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... openat resumed>) = 3 [pid 8128] <... set_robust_list resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 8128] chdir("./24" [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 8128] <... chdir resumed>) = 0 [pid 8128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8128] setpgid(0, 0) = 0 [pid 8128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8128] write(3, "1000", 4 [pid 8127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8128] <... write resumed>) = 4 [pid 8128] close(3./strace-static-x86_64: Process 8130 attached ) = 0 [pid 8130] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 8130 [pid 8128] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8128] write(1, "executing program\n", 18 [pid 8130] <... set_robust_list resumed>) = 0 [pid 8128] <... write resumed>) = 18 [pid 8130] chdir("./23" [pid 8128] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8130] <... chdir resumed>) = 0 [pid 8130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8128] <... futex resumed>) = 0 [pid 8130] setpgid(0, 0 [pid 8128] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8130] <... setpgid resumed>) = 0 [pid 8128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8128] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8128] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8128] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8131 attached [pid 8130] <... openat resumed>) = 3 [ 142.211860][ T8108] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 8128] <... clone3 resumed> => {parent_tid=[8131]}, 88) = 8131 [pid 8130] write(3, "1000", 4 [pid 8128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8131] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8128] <... futex resumed>) = 0 [pid 8131] <... rseq resumed>) = 0 [pid 8130] <... write resumed>) = 4 [pid 8128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8131] set_robust_list(0x7fb77d6019a0, 24 [pid 8130] close(3 [pid 8131] <... set_robust_list resumed>) = 0 [pid 8131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8131] memfd_create("syzkaller", 0) = 3 [pid 8130] <... close resumed>) = 0 [pid 8131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 executing program [pid 8130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8130] write(1, "executing program\n", 18) = 18 [pid 8130] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8130] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8130] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8130] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8135]}, 88) = 8135 [pid 8130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8135 attached [ 142.262562][ T8108] BTRFS info (device loop1): using free-space-tree [pid 8135] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8135] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8135] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8130] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8135] <... futex resumed>) = 0 [pid 8130] <... futex resumed>) = 1 [pid 8130] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8135] memfd_create("syzkaller", 0) = 3 [pid 8135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8108] <... mount resumed>) = 0 [pid 8108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8108] chdir("./file0") = 0 [pid 8108] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8108] ioctl(4, LOOP_CLR_FD) = 0 [pid 8108] close(4) = 0 [pid 8108] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8106] <... futex resumed>) = 0 [pid 8108] memfd_create("syzkaller", 0 [pid 8106] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8108] <... memfd_create resumed>) = 4 [pid 8106] <... futex resumed>) = 0 [pid 8108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8106] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8108] <... mmap resumed>) = 0x7fb775000000 [pid 8102] <... write resumed>) = 16777216 [pid 8102] munmap(0x7fb775000000, 138412032) = 0 [pid 8102] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 8102] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8102] ioctl(5, LOOP_CLR_FD) = 0 [pid 8102] ioctl(5, LOOP_SET_FD, 4 [pid 8127] <... write resumed>) = 16777216 [pid 8127] munmap(0x7fb775000000, 138412032) = 0 [pid 8102] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8102] close(5 [pid 8127] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8102] <... close resumed>) = 0 [pid 8102] close(4 [pid 8127] close(3) = 0 [pid 8127] close(4) = 0 [pid 8127] mkdir("./file0", 0777) = 0 [pid 8127] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 8131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 142.604916][ T8127] loop4: detected capacity change from 0 to 32768 [ 142.631955][ T8127] BTRFS: device /dev/loop4 (7:4) using temp-fsid 7a3fc546-e94e-49b8-8dfe-d7b430e3cdd1 [ 142.662110][ T8127] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (8127) [pid 8108] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 142.746641][ T8127] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 142.791921][ T8127] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 142.821953][ T8127] BTRFS info (device loop4): using free-space-tree [pid 8135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8102] <... close resumed>) = 0 [pid 8102] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8101] <... futex resumed>) = 0 [pid 8102] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8101] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8101] <... futex resumed>) = 0 [pid 8102] rename("./file1", "./file0/file0" [pid 8101] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8102] <... rename resumed>) = 0 [pid 8102] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8101] <... futex resumed>) = 0 [pid 8101] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8101] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8102] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 8102] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8127] <... mount resumed>) = 0 [pid 8127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8127] chdir("./file0") = 0 [pid 8127] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8127] ioctl(4, LOOP_CLR_FD) = 0 [pid 8127] close(4) = 0 [pid 8127] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8127] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8126] <... futex resumed>) = 0 [pid 8126] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8127] <... futex resumed>) = 0 [pid 8126] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8127] memfd_create("syzkaller", 0) = 4 [pid 8127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 142.965415][ T8102] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 142.986961][ T8102] BTRFS info (device loop3 state M): setting nodatasum [ 143.012989][ T8102] BTRFS info (device loop3 state M): setting nodatasum [ 143.036914][ T8102] BTRFS info (device loop3 state M): turning off barriers [ 143.071572][ T8102] BTRFS info (device loop3 state M): turning on flush-on-commit [ 143.079273][ T8102] BTRFS info (device loop3 state M): force clearing of disk cache [pid 8131] <... write resumed>) = 16777216 [pid 8131] munmap(0x7fb775000000, 138412032) = 0 [pid 8131] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8108] <... write resumed>) = 16777216 [pid 8102] <... mount resumed>) = 0 [pid 8131] ioctl(4, LOOP_SET_FD, 3 [pid 8108] munmap(0x7fb775000000, 138412032 [pid 8102] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 8131] <... ioctl resumed>) = 0 [pid 8102] <... openat resumed>) = 4 [pid 8108] <... munmap resumed>) = 0 [pid 8102] chdir("." [pid 8131] close(3 [pid 8108] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8102] <... chdir resumed>) = 0 [pid 8131] <... close resumed>) = 0 [pid 8108] <... openat resumed>) = 5 [pid 8102] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8131] close(4 [pid 8108] ioctl(5, LOOP_SET_FD, 4 [pid 8102] <... futex resumed>) = 1 [pid 8101] <... futex resumed>) = 0 [pid 8102] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8101] exit_group(0 [pid 8108] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8102] <... futex resumed>) = ? [pid 8101] <... exit_group resumed>) = ? [pid 8102] +++ exited with 0 +++ [pid 8101] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8101, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=61 /* 0.61 s */} --- [pid 5832] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./23/binderfs") = 0 [ 143.139726][ T8102] BTRFS info (device loop3 state M): doing ref verification [ 143.161676][ T8102] BTRFS info (device loop3 state M): max_inline set to 26856 [ 143.172785][ T8131] loop2: detected capacity change from 0 to 32768 [pid 5832] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8135] <... write resumed>) = 16777216 [pid 8131] <... close resumed>) = 0 [pid 8108] ioctl(5, LOOP_CLR_FD [pid 8131] mkdir("./file0", 0777 [pid 8108] <... ioctl resumed>) = 0 [pid 8131] <... mkdir resumed>) = 0 [pid 8131] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 8108] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8108] close(5) = 0 [pid 8108] close(4 [pid 8135] munmap(0x7fb775000000, 138412032 [ 143.206904][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 143.234047][ T8131] BTRFS: device /dev/loop2 (7:2) using temp-fsid f097ef5c-5337-496f-ab14-7cd095256209 [pid 8127] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8135] <... munmap resumed>) = 0 [pid 8135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8135] ioctl(4, LOOP_SET_FD, 3) = 0 [ 143.280514][ T8131] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (8131) [ 143.313707][ T8135] loop0: detected capacity change from 0 to 32768 [pid 8135] close(3) = 0 [pid 8135] close(4) = 0 [pid 8135] mkdir("./file0", 0777) = 0 [pid 8135] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 8108] <... close resumed>) = 0 [pid 8108] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8108] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8106] <... futex resumed>) = 0 [pid 8106] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8108] <... futex resumed>) = 0 [pid 8108] rename("./file1", "./file0/file0" [ 143.371745][ T8131] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 143.388754][ T8135] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (8135) [ 143.402882][ T8131] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 8106] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8108] <... rename resumed>) = 0 [pid 8106] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8108] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8106] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8108] <... futex resumed>) = 0 [pid 8106] <... futex resumed>) = 0 [pid 8108] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 8106] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 8167 attached => {parent_tid=[8167]}, 88) = 8167 [pid 8106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8167] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 8106] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8167] <... rseq resumed>) = 0 [pid 8106] <... futex resumed>) = 0 [pid 8167] set_robust_list(0x7fb77d5e09a0, 24 [pid 8106] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8167] <... set_robust_list resumed>) = 0 [pid 8167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 143.436543][ T8131] BTRFS info (device loop2): using free-space-tree [ 143.447843][ T8135] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8167] mkdir(".", 0777) = -1 EEXIST (File exists) [ 143.490747][ T8135] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 143.524324][ T8167] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 143.572325][ T8135] BTRFS info (device loop0): using free-space-tree [ 143.612209][ T8167] BTRFS info (device loop1 state M): setting nodatasum [pid 8167] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8127] <... write resumed>) = 16777216 [ 143.619124][ T8167] BTRFS info (device loop1 state M): setting nodatasum [pid 8127] munmap(0x7fb775000000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 8127] <... munmap resumed>) = 0 [pid 5832] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8127] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8127] <... openat resumed>) = 5 [pid 5832] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8127] ioctl(5, LOOP_SET_FD, 4 [pid 5832] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8127] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8127] ioctl(5, LOOP_CLR_FD [ 143.672009][ T8167] BTRFS info (device loop1 state M): turning off barriers [ 143.702795][ T8167] BTRFS info (device loop1 state M): turning on flush-on-commit [ 143.710491][ T8167] BTRFS info (device loop1 state M): force clearing of disk cache [pid 5832] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8127] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 8127] ioctl(5, LOOP_SET_FD, 4 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 8127] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] getdents64(4, [pid 8131] <... mount resumed>) = 0 [pid 8127] close(5 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 8131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5832] close(4 [pid 8127] <... close resumed>) = 0 [pid 8127] close(4 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./23/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 8131] <... openat resumed>) = 3 [pid 5832] close(3) = 0 [pid 5832] rmdir("./23") = 0 [pid 5832] mkdir("./24", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8131] chdir("./file0" [pid 5832] <... openat resumed>) = 3 [pid 8131] <... chdir resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 8131] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 143.757398][ T8167] BTRFS info (device loop1 state M): doing ref verification [pid 8131] <... openat resumed>) = 4 [pid 5832] close(3 [pid 8135] <... mount resumed>) = 0 [pid 8131] ioctl(4, LOOP_CLR_FD [pid 5832] <... close resumed>) = 0 [pid 8135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8131] <... ioctl resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8135] <... openat resumed>) = 3 [pid 8135] chdir("./file0" [pid 8131] close(4 [pid 8135] <... chdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 8199 [pid 8135] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8131] <... close resumed>) = 0 [pid 8135] <... openat resumed>) = 4 [pid 8131] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8135] ioctl(4, LOOP_CLR_FD [pid 8131] <... futex resumed>) = 1 [pid 8128] <... futex resumed>) = 0 [pid 8135] <... ioctl resumed>) = 0 [pid 8131] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8135] close(4 [pid 8131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8128] <... futex resumed>) = 0 [pid 8135] <... close resumed>) = 0 [pid 8135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8131] memfd_create("syzkaller", 0 [pid 8128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8135] <... futex resumed>) = 1 ./strace-static-x86_64: Process 8199 attached [pid 8135] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8131] <... memfd_create resumed>) = 4 [pid 8130] <... futex resumed>) = 0 [pid 8131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8167] <... mount resumed>) = 0 [pid 8131] <... mmap resumed>) = 0x7fb775000000 [pid 8130] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8167] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 8135] <... futex resumed>) = 0 [pid 8130] <... futex resumed>) = 1 [pid 8199] set_robust_list(0x55558bffa6a0, 24 [pid 8167] <... openat resumed>) = 4 [pid 8135] memfd_create("syzkaller", 0 [pid 8130] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8135] <... memfd_create resumed>) = 4 [ 143.808916][ T8167] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 8199] <... set_robust_list resumed>) = 0 [pid 8167] chdir("." [pid 8135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8199] chdir("./24" [pid 8167] <... chdir resumed>) = 0 [pid 8199] <... chdir resumed>) = 0 [pid 8167] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8199] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8167] <... futex resumed>) = 1 [pid 8106] <... futex resumed>) = 0 [pid 8199] <... prctl resumed>) = 0 [pid 8167] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8106] exit_group(0 [pid 8199] setpgid(0, 0 [pid 8167] <... futex resumed>) = ? [pid 8108] <... futex resumed>) = ? [pid 8106] <... exit_group resumed>) = ? [pid 8199] <... setpgid resumed>) = 0 [pid 8167] +++ exited with 0 +++ [pid 8108] +++ exited with 0 +++ [pid 8199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8199] write(3, "1000", 4) = 4 [pid 8106] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8106, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=55 /* 0.55 s */} --- [pid 8199] close(3 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 8199] <... close resumed>) = 0 [pid 8199] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... restart_syscall resumed>) = 0 [pid 8199] <... symlink resumed>) = 0 [pid 5830] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8199] write(1, "executing program\n", 18 [pid 5830] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 8199] <... write resumed>) = 18 [pid 5830] <... openat resumed>) = 3 [pid 8199] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8199] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8199] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8201]}, 88) = 8201 [pid 8199] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8201 attached NULL, 8) = 0 [pid 5830] newfstatat(3, "", [pid 8199] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 8201] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8199] <... futex resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 8199] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8201] <... rseq resumed>) = 0 [pid 8201] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8201] memfd_create("syzkaller", 0) = 3 [pid 8201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./23/binderfs") = 0 [ 143.982232][ T5830] BTRFS info (device loop1): last unmount of filesystem 41943773-b009-4f78-867b-87195ad7730d [pid 5830] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8127] <... close resumed>) = 0 [pid 8127] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8126] <... futex resumed>) = 0 [pid 8127] rename("./file1", "./file0/file0" [pid 8126] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8126] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8127] <... rename resumed>) = 0 [pid 8131] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8127] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8126] <... futex resumed>) = 0 [pid 8127] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8126] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8126] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8127] <... futex resumed>) = 0 [pid 8127] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 8127] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 144.217577][ T8127] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 144.271771][ T8127] BTRFS info (device loop4 state M): setting nodatasum [ 144.278694][ T8127] BTRFS info (device loop4 state M): setting nodatasum [pid 8135] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 144.331959][ T8127] BTRFS info (device loop4 state M): turning off barriers [ 144.350296][ T8127] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 8201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = 0 [ 144.381568][ T8127] BTRFS info (device loop4 state M): force clearing of disk cache [ 144.389651][ T8127] BTRFS info (device loop4 state M): doing ref verification [pid 5830] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8127] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8127] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5830] newfstatat(AT_FDCWD, "./23/file0", [pid 8127] chdir("." [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8127] <... chdir resumed>) = 0 [pid 8127] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8126] <... futex resumed>) = 0 [pid 8127] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8126] exit_group(0 [pid 8127] <... futex resumed>) = ? [pid 8126] <... exit_group resumed>) = ? [pid 5830] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 8127] +++ exited with 0 +++ [pid 8126] +++ exited with 0 +++ [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./23/file0" [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8126, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=61 /* 0.61 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... rmdir resumed>) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./23" [pid 5833] <... restart_syscall resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5833] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] mkdir("./24", 0777 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] close(3 [pid 5833] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8203 attached [pid 5833] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 8203 [ 144.431609][ T8127] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 8203] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8203] chdir("./24" [pid 5833] unlink("./24/binderfs" [pid 8203] <... chdir resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5833] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8203] setpgid(0, 0) = 0 [pid 8203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8203] write(3, "1000", 4) = 4 [pid 8203] close(3) = 0 [pid 8203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8203] write(1, "executing program\n", 18executing program ) = 18 [pid 8203] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8203] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8203] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8203] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8204 attached => {parent_tid=[8204]}, 88) = 8204 [pid 8204] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8203] rt_sigprocmask(SIG_SETMASK, [], [pid 8204] <... rseq resumed>) = 0 [pid 8203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8204] set_robust_list(0x7fb77d6019a0, 24 [pid 8203] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8204] <... set_robust_list resumed>) = 0 [pid 8203] <... futex resumed>) = 0 [pid 8203] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 144.505629][ T5833] BTRFS info (device loop4): last unmount of filesystem 7a3fc546-e94e-49b8-8dfe-d7b430e3cdd1 [pid 8204] memfd_create("syzkaller", 0) = 3 [pid 8204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8131] <... write resumed>) = 16777216 [pid 8131] munmap(0x7fb775000000, 138412032) = 0 [pid 8131] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 8131] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8131] ioctl(5, LOOP_CLR_FD) = 0 [pid 8135] <... write resumed>) = 16777216 [pid 8135] munmap(0x7fb775000000, 138412032 [pid 8131] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8131] close(5) = 0 [pid 8131] close(4 [pid 8135] <... munmap resumed>) = 0 [pid 8201] <... write resumed>) = 16777216 [pid 8135] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8201] munmap(0x7fb775000000, 138412032 [pid 8135] <... openat resumed>) = 5 [pid 8135] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8135] ioctl(5, LOOP_CLR_FD) = 0 [pid 8135] ioctl(5, LOOP_SET_FD, 4 [pid 8201] <... munmap resumed>) = 0 [pid 8135] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8135] close(5 [pid 8201] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8201] ioctl(4, LOOP_SET_FD, 3 [pid 8135] <... close resumed>) = 0 [pid 8201] <... ioctl resumed>) = 0 [pid 8135] close(4 [pid 8201] close(3) = 0 [pid 8201] close(4) = 0 [pid 8201] mkdir("./file0", 0777) = 0 [ 144.771618][ T8201] loop3: detected capacity change from 0 to 32768 [ 144.809763][ T8201] BTRFS: device /dev/loop3 (7:3) using temp-fsid c506ca74-fc0d-46b2-a8a8-4e6c3c347b97 [pid 8201] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5833] <... umount2 resumed>) = 0 [ 144.851599][ T8201] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (8201) [pid 5833] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 8204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8131] <... close resumed>) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./24/file0") = 0 [ 144.921060][ T8201] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] getdents64(3, [pid 8131] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 8131] <... futex resumed>) = 1 [pid 8128] <... futex resumed>) = 0 [pid 5833] close(3 [pid 8131] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8128] <... futex resumed>) = 0 [pid 5833] rmdir("./24" [pid 8128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8131] rename("./file1", "./file0/file0" [pid 5833] <... rmdir resumed>) = 0 [pid 5833] mkdir("./25", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 8131] <... rename resumed>) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 144.963468][ T8201] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 144.994143][ T8201] BTRFS info (device loop3): using free-space-tree [pid 8131] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8128] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] close(3 [pid 8131] <... futex resumed>) = 0 [pid 8131] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 8131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8128] <... futex resumed>) = 0 [pid 8131] mkdir(".", 0777./strace-static-x86_64: Process 8212 attached [pid 8212] set_robust_list(0x55558bffa6a0, 24 [pid 8131] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 8212 [pid 8212] <... set_robust_list resumed>) = 0 [pid 8131] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8212] chdir("./25" [pid 8135] <... close resumed>) = 0 [pid 8212] <... chdir resumed>) = 0 [pid 8212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8212] setpgid(0, 0) = 0 [pid 8212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8212] write(3, "1000", 4 [pid 8135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8212] <... write resumed>) = 4 [pid 8212] close(3 [pid 8135] <... futex resumed>) = 1 [pid 8130] <... futex resumed>) = 0 [pid 8212] <... close resumed>) = 0 [pid 8130] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8212] symlink("/dev/binderfs", "./binderfs" [pid 8130] <... futex resumed>) = 0 [pid 8212] <... symlink resumed>) = 0 [pid 8135] rename("./file1", "./file0/file0" [pid 8130] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 8212] write(1, "executing program\n", 18) = 18 [ 145.090228][ T8131] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 145.122001][ T8131] BTRFS info (device loop2 state M): setting nodatasum [ 145.128911][ T8131] BTRFS info (device loop2 state M): setting nodatasum [pid 8212] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8135] <... rename resumed>) = 0 [pid 8212] <... futex resumed>) = 0 [pid 8135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8130] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8212] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 8135] <... futex resumed>) = 0 [pid 8212] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8135] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8130] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8135] mkdir(".", 0777 [pid 8130] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 145.139841][ T8131] BTRFS info (device loop2 state M): turning off barriers [ 145.149184][ T8131] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 8212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8135] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8212] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 8135] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8212] <... mprotect resumed>) = 0 [pid 8212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8223 attached => {parent_tid=[8223]}, 88) = 8223 [pid 8212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8212] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8212] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8223] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8131] <... mount resumed>) = 0 [pid 8223] <... rseq resumed>) = 0 [pid 8131] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 8201] <... mount resumed>) = 0 [pid 8201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8201] chdir("./file0") = 0 [pid 8201] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8201] ioctl(4, LOOP_CLR_FD) = 0 [pid 8201] close(4) = 0 [pid 8201] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8223] set_robust_list(0x7fb77d6019a0, 24 [pid 8201] <... futex resumed>) = 1 [pid 8199] <... futex resumed>) = 0 [pid 8131] <... openat resumed>) = 4 [pid 8223] <... set_robust_list resumed>) = 0 [pid 8223] rt_sigprocmask(SIG_SETMASK, [], [pid 8201] memfd_create("syzkaller", 0 [pid 8199] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8131] chdir("." [pid 8199] <... futex resumed>) = 0 [pid 8199] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8201] <... memfd_create resumed>) = 4 [pid 8201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 145.186387][ T8131] BTRFS info (device loop2 state M): force clearing of disk cache [ 145.187196][ T8135] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 145.194351][ T8131] BTRFS info (device loop2 state M): doing ref verification [ 145.194373][ T8131] BTRFS info (device loop2 state M): max_inline set to 26856 [ 145.221760][ T8135] BTRFS info (device loop0 state M): setting nodatasum [ 145.229256][ T8135] BTRFS info (device loop0 state M): setting nodatasum [pid 8223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8131] <... chdir resumed>) = 0 [pid 8223] memfd_create("syzkaller", 0 [pid 8131] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8128] <... futex resumed>) = 0 [pid 8128] exit_group(0 [pid 8223] <... memfd_create resumed>) = 3 [pid 8128] <... exit_group resumed>) = ? [pid 8131] +++ exited with 0 +++ [pid 8128] +++ exited with 0 +++ [pid 8223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8128, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=70 /* 0.70 s */} --- [pid 8223] <... mmap resumed>) = 0x7fb775000000 [pid 5831] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 145.261588][ T8135] BTRFS info (device loop0 state M): turning off barriers [ 145.269133][ T8135] BTRFS info (device loop0 state M): turning on flush-on-commit [ 145.281612][ T8135] BTRFS info (device loop0 state M): force clearing of disk cache [pid 5831] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./24/binderfs") = 0 [pid 5831] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8135] <... mount resumed>) = 0 [pid 8135] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8135] chdir(".") = 0 [pid 8135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8130] <... futex resumed>) = 0 [pid 8130] exit_group(0) = ? [pid 8135] +++ exited with 0 +++ [pid 8130] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8130, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=58 /* 0.58 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 145.321762][ T8135] BTRFS info (device loop0 state M): doing ref verification [ 145.347534][ T5831] BTRFS info (device loop2): last unmount of filesystem f097ef5c-5337-496f-ab14-7cd095256209 [ 145.361574][ T8135] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 5829] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./23/binderfs") = 0 [ 145.416446][ T5829] BTRFS info (device loop0): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5829] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8204] <... write resumed>) = 16777216 [pid 8204] munmap(0x7fb775000000, 138412032) = 0 [pid 8204] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8204] ioctl(4, LOOP_SET_FD, 3 [pid 8201] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8204] <... ioctl resumed>) = 0 [pid 8204] close(3) = 0 [pid 8204] close(4) = 0 [pid 8204] mkdir("./file0", 0777) = 0 [ 145.536043][ T8204] loop1: detected capacity change from 0 to 32768 [pid 8204] mount("/dev/loop1", "./file0", "btrfs", 0, "" [ 145.592731][ T8204] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (8204) [ 145.671293][ T8204] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./24/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./24") = 0 [pid 5831] mkdir("./25", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] <... umount2 resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 8226 ./strace-static-x86_64: Process 8226 attached [pid 5829] newfstatat(AT_FDCWD, "./23/file0", [pid 8226] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8226] <... set_robust_list resumed>) = 0 [pid 5829] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8226] chdir("./25" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 8226] <... chdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 8226] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] close(4 [pid 8226] <... prctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 8226] setpgid(0, 0 [pid 5829] rmdir("./23/file0" [pid 8226] <... setpgid resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, [pid 8226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./23") = 0 [pid 5829] mkdir("./24", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 145.721151][ T8204] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 145.755235][ T8204] BTRFS info (device loop1): using free-space-tree [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8226] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8231 attached [pid 8226] write(3, "1000", 4) = 4 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 8231 [pid 8231] set_robust_list(0x55558bffa6a0, 24 [pid 8226] close(3 [pid 8231] <... set_robust_list resumed>) = 0 [pid 8226] <... close resumed>) = 0 [pid 8231] chdir("./24" [pid 8226] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8231] <... chdir resumed>) = 0 [pid 8226] write(1, "executing program\n", 18 [pid 8231] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8226] <... write resumed>) = 18 [pid 8231] <... prctl resumed>) = 0 [pid 8226] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8231] setpgid(0, 0 [pid 8226] <... futex resumed>) = 0 [pid 8231] <... setpgid resumed>) = 0 [pid 8226] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 8231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8226] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8231] <... openat resumed>) = 3 [pid 8226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8231] write(3, "1000", 4 [pid 8226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8231] <... write resumed>) = 4 [pid 8226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8231] close(3 [pid 8226] <... mmap resumed>) = 0x7fb77d5e1000 [pid 8231] <... close resumed>) = 0 [pid 8226] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 8231] symlink("/dev/binderfs", "./binderfs"executing program [pid 8226] <... mprotect resumed>) = 0 [pid 8231] <... symlink resumed>) = 0 [pid 8231] write(1, "executing program\n", 18 [pid 8226] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8231] <... write resumed>) = 18 [pid 8226] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8231] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8235 attached [pid 8231] <... futex resumed>) = 0 [pid 8231] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 8226] <... clone3 resumed> => {parent_tid=[8235]}, 88) = 8235 [pid 8235] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8231] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8235] <... rseq resumed>) = 0 [pid 8231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8226] rt_sigprocmask(SIG_SETMASK, [], [pid 8235] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8235] rt_sigprocmask(SIG_SETMASK, [], [pid 8231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8226] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8226] <... futex resumed>) = 0 [pid 8231] <... mmap resumed>) = 0x7fb77d5e1000 [pid 8226] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8231] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8239 attached [pid 8235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8235] memfd_create("syzkaller", 0 [pid 8231] <... clone3 resumed> => {parent_tid=[8239]}, 88) = 8239 [pid 8239] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8231] rt_sigprocmask(SIG_SETMASK, [], [pid 8239] set_robust_list(0x7fb77d6019a0, 24 [pid 8231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8239] <... set_robust_list resumed>) = 0 [pid 8239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8235] <... memfd_create resumed>) = 3 [pid 8231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8239] memfd_create("syzkaller", 0 [pid 8235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8239] <... memfd_create resumed>) = 3 [pid 8235] <... mmap resumed>) = 0x7fb775000000 [pid 8239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8201] <... write resumed>) = 16777216 [pid 8201] munmap(0x7fb775000000, 138412032) = 0 [pid 8204] <... mount resumed>) = 0 [pid 8204] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8204] chdir("./file0") = 0 [pid 8204] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8204] ioctl(4, LOOP_CLR_FD) = 0 [pid 8204] close(4) = 0 [pid 8204] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8201] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8204] <... futex resumed>) = 1 [pid 8203] <... futex resumed>) = 0 [pid 8201] <... openat resumed>) = 5 [pid 8204] memfd_create("syzkaller", 0 [pid 8203] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8201] ioctl(5, LOOP_SET_FD, 4 [pid 8204] <... memfd_create resumed>) = 4 [pid 8203] <... futex resumed>) = 0 [pid 8201] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8203] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8201] ioctl(5, LOOP_CLR_FD [pid 8204] <... mmap resumed>) = 0x7fb775000000 [pid 8201] <... ioctl resumed>) = 0 [pid 8201] ioctl(5, LOOP_SET_FD, 4 [pid 8239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8201] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8201] close(5) = 0 [pid 8201] close(4 [pid 8204] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8223] <... write resumed>) = 16777216 [pid 8223] munmap(0x7fb775000000, 138412032) = 0 [pid 8223] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8223] close(3) = 0 [pid 8223] close(4) = 0 [pid 8223] mkdir("./file0", 0777) = 0 [ 146.223206][ T8223] loop4: detected capacity change from 0 to 32768 [pid 8223] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 8201] <... close resumed>) = 0 [pid 8235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8201] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8199] <... futex resumed>) = 0 [pid 8201] rename("./file1", "./file0/file0" [pid 8199] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.301878][ T8223] BTRFS: device /dev/loop4 (7:4) using temp-fsid b274c8ef-89d1-4764-a5f0-ca62d4d4df3b [ 146.311860][ T8223] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (8223) [pid 8199] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8201] <... rename resumed>) = 0 [pid 8201] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8199] <... futex resumed>) = 0 [pid 8201] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8199] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8199] <... futex resumed>) = 0 [pid 8201] mkdir(".", 0777 [pid 8199] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8201] <... mkdir resumed>) = -1 EEXIST (File exists) [ 146.379354][ T8223] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 146.419169][ T8201] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 146.430208][ T8223] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 146.461769][ T8223] BTRFS info (device loop4): using free-space-tree [ 146.468715][ T8201] BTRFS info (device loop3 state M): setting nodatasum [pid 8201] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8239] <... write resumed>) = 16777216 [ 146.491566][ T8201] BTRFS info (device loop3 state M): setting nodatasum [ 146.498481][ T8201] BTRFS info (device loop3 state M): turning off barriers [pid 8239] munmap(0x7fb775000000, 138412032) = 0 [pid 8239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 146.551560][ T8201] BTRFS info (device loop3 state M): turning on flush-on-commit [ 146.559253][ T8201] BTRFS info (device loop3 state M): force clearing of disk cache [pid 8239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8204] <... write resumed>) = 16777216 [pid 8239] close(3 [pid 8223] <... mount resumed>) = 0 [pid 8204] munmap(0x7fb775000000, 138412032 [pid 8239] <... close resumed>) = 0 [pid 8223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8201] <... mount resumed>) = 0 [pid 8239] close(4) = 0 [pid 8223] <... openat resumed>) = 3 [pid 8239] mkdir("./file0", 0777 [pid 8223] chdir("./file0" [pid 8204] <... munmap resumed>) = 0 [pid 8201] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 8239] <... mkdir resumed>) = 0 [pid 8223] <... chdir resumed>) = 0 [pid 8204] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8201] <... openat resumed>) = 4 [pid 8239] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 8223] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8204] <... openat resumed>) = 5 [pid 8201] chdir("." [pid 8204] ioctl(5, LOOP_SET_FD, 4 [pid 8223] <... openat resumed>) = 4 [pid 8201] <... chdir resumed>) = 0 [pid 8204] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8223] ioctl(4, LOOP_CLR_FD [pid 8201] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8204] ioctl(5, LOOP_CLR_FD [pid 8201] <... futex resumed>) = 1 [pid 8199] <... futex resumed>) = 0 [pid 8223] <... ioctl resumed>) = 0 [pid 8204] <... ioctl resumed>) = 0 [ 146.613465][ T8239] loop0: detected capacity change from 0 to 32768 [ 146.621888][ T8201] BTRFS info (device loop3 state M): doing ref verification [ 146.635206][ T8201] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 8223] close(4 [pid 8201] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8199] exit_group(0) = ? [pid 8201] <... futex resumed>) = ? [pid 8223] <... close resumed>) = 0 [pid 8223] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8212] <... futex resumed>) = 0 [pid 8204] ioctl(5, LOOP_SET_FD, 4 [pid 8201] +++ exited with 0 +++ [pid 8199] +++ exited with 0 +++ [pid 8212] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8204] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8223] memfd_create("syzkaller", 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8199, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=63 /* 0.63 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 8204] close(5 [pid 8223] <... memfd_create resumed>) = 4 [pid 8204] <... close resumed>) = 0 [pid 8223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8212] <... futex resumed>) = 0 [pid 8204] close(4 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./24/binderfs") = 0 [pid 5832] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8212] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8223] <... mmap resumed>) = 0x7fb775000000 [ 146.673478][ T8239] BTRFS: device /dev/loop0 (7:0) using temp-fsid e77e3809-2840-49e7-9eda-5e9ea7456e2d [pid 8235] <... write resumed>) = 16777216 [pid 8235] munmap(0x7fb775000000, 138412032) = 0 [pid 8235] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8235] ioctl(4, LOOP_SET_FD, 3) = 0 [ 146.722051][ T8239] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (8239) [ 146.750768][ T8235] loop2: detected capacity change from 0 to 32768 [pid 8235] close(3) = 0 [pid 8235] close(4) = 0 [pid 8235] mkdir("./file0", 0777) = 0 [ 146.762815][ T5832] BTRFS info (device loop3): last unmount of filesystem c506ca74-fc0d-46b2-a8a8-4e6c3c347b97 [ 146.773686][ T8239] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 146.796410][ T8235] BTRFS: device /dev/loop2 (7:2) using temp-fsid b6401c20-8a30-4f6b-b18e-fc1dfd8a4db4 [ 146.815873][ T8239] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 146.843404][ T8235] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (8235) [ 146.864308][ T8239] BTRFS info (device loop0): using free-space-tree [ 146.942263][ T8235] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8235] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 8204] <... close resumed>) = 0 [pid 8204] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8203] <... futex resumed>) = 0 [pid 8203] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8204] rename("./file1", "./file0/file0" [ 147.014331][ T8235] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 147.051597][ T8235] BTRFS info (device loop2): using free-space-tree [pid 8203] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8203] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 8203] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8203] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8204] <... rename resumed>) = 0 [pid 8203] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 8203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 5832] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8203] <... clone3 resumed> => {parent_tid=[8281]}, 88) = 8281 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] newfstatat(AT_FDCWD, "./24/file0", [pid 8203] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8203] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8281 attached [pid 8204] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8204] <... futex resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 8204] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] newfstatat(4, "", [pid 8281] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 8239] <... mount resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 8239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5832] close(4 [pid 8239] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./24/file0" [pid 8239] chdir("./file0" [pid 5832] <... rmdir resumed>) = 0 [pid 8239] <... chdir resumed>) = 0 [pid 5832] getdents64(3, [pid 8239] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 8239] <... openat resumed>) = 4 [pid 5832] close(3 [pid 8281] <... rseq resumed>) = 0 [pid 8239] ioctl(4, LOOP_CLR_FD [pid 5832] <... close resumed>) = 0 [pid 8281] set_robust_list(0x7fb77d5e09a0, 24 [pid 8239] <... ioctl resumed>) = 0 [pid 8281] <... set_robust_list resumed>) = 0 [pid 8239] close(4 [pid 8281] rt_sigprocmask(SIG_SETMASK, [], [pid 8239] <... close resumed>) = 0 [pid 8281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8239] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rmdir("./24" [pid 8281] mkdir(".", 0777 [pid 8239] <... futex resumed>) = 1 [pid 8231] <... futex resumed>) = 0 [pid 8281] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8239] memfd_create("syzkaller", 0 [pid 8231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rmdir resumed>) = 0 [pid 8281] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8239] <... memfd_create resumed>) = 4 [pid 8231] <... futex resumed>) = 0 [pid 5832] mkdir("./25", 0777 [pid 8239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... mkdir resumed>) = 0 [pid 8239] <... mmap resumed>) = 0x7fb775000000 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 8293 ./strace-static-x86_64: Process 8293 attached [pid 8293] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8223] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8293] chdir("./25") = 0 [pid 8293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8293] setpgid(0, 0) = 0 [pid 8293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 147.178585][ T8281] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [pid 8293] write(3, "1000", 4) = 4 [pid 8293] close(3) = 0 [pid 8293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8293] write(1, "executing program\n", 18executing program ) = 18 [pid 8293] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8293] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8293] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8298]}, 88) = 8298 [pid 8293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 147.237280][ T8281] BTRFS info (device loop1 state M): setting nodatasum [ 147.244325][ T8281] BTRFS info (device loop1 state M): setting nodatasum [ 147.251312][ T8281] BTRFS info (device loop1 state M): turning off barriers [ 147.258565][ T8281] BTRFS info (device loop1 state M): turning on flush-on-commit [ 147.268131][ T8281] BTRFS info (device loop1 state M): force clearing of disk cache [ 147.276080][ T8281] BTRFS info (device loop1 state M): doing ref verification [pid 8293] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8293] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8298 attached [pid 8281] <... mount resumed>) = 0 [pid 8235] <... mount resumed>) = 0 [pid 8298] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8281] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 8235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8298] <... rseq resumed>) = 0 [pid 8281] <... openat resumed>) = 4 [pid 8235] <... openat resumed>) = 3 [pid 8298] set_robust_list(0x7fb77d6019a0, 24 [pid 8281] chdir("." [pid 8235] chdir("./file0" [pid 8298] <... set_robust_list resumed>) = 0 [pid 8281] <... chdir resumed>) = 0 [pid 8235] <... chdir resumed>) = 0 [pid 8298] rt_sigprocmask(SIG_SETMASK, [], [pid 8281] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8281] <... futex resumed>) = 1 [pid 8203] <... futex resumed>) = 0 [ 147.283560][ T8281] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 8298] memfd_create("syzkaller", 0 [pid 8281] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8235] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8203] exit_group(0) = ? [pid 8298] <... memfd_create resumed>) = 3 [pid 8281] <... futex resumed>) = ? [pid 8235] <... openat resumed>) = 4 [pid 8204] <... futex resumed>) = ? [pid 8298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8281] +++ exited with 0 +++ [pid 8235] ioctl(4, LOOP_CLR_FD [pid 8204] +++ exited with 0 +++ [pid 8203] +++ exited with 0 +++ [pid 8298] <... mmap resumed>) = 0x7fb775000000 [pid 8235] <... ioctl resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8203, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=68 /* 0.68 s */} --- [pid 8235] close(4) = 0 [pid 8235] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8226] <... futex resumed>) = 0 [pid 8235] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8226] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8226] <... futex resumed>) = 0 [pid 8235] memfd_create("syzkaller", 0 [pid 8226] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8235] <... memfd_create resumed>) = 4 [pid 8235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8239] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./24/binderfs") = 0 [ 147.492243][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5830] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./24/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./24") = 0 [pid 5830] mkdir("./25", 0777 [pid 8235] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8223] <... write resumed>) = 16777216 [pid 5830] <... openat resumed>) = 3 [pid 8223] munmap(0x7fb775000000, 138412032 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8299 attached [pid 8299] set_robust_list(0x55558bffa6a0, 24 [pid 8223] <... munmap resumed>) = 0 [pid 8299] <... set_robust_list resumed>) = 0 [pid 8223] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 8299 [pid 8299] chdir("./25" [pid 8223] <... openat resumed>) = 5 [pid 8299] <... chdir resumed>) = 0 [pid 8223] ioctl(5, LOOP_SET_FD, 4 [pid 8299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8223] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8299] <... prctl resumed>) = 0 [pid 8223] ioctl(5, LOOP_CLR_FD) = 0 [pid 8299] setpgid(0, 0) = 0 [pid 8299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8299] write(3, "1000", 4 [pid 8223] ioctl(5, LOOP_SET_FD, 4 [pid 8299] <... write resumed>) = 4 [pid 8223] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8299] close(3 [pid 8223] close(5 [pid 8299] <... close resumed>) = 0 [pid 8223] <... close resumed>) = 0 [pid 8299] symlink("/dev/binderfs", "./binderfs" [pid 8223] close(4 [pid 8299] <... symlink resumed>) = 0 executing program [pid 8299] write(1, "executing program\n", 18) = 18 [pid 8299] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8299] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8299] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8300]}, 88) = 8300 ./strace-static-x86_64: Process 8300 attached [pid 8299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8300] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8299] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8299] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8300] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8300] memfd_create("syzkaller", 0) = 3 [pid 8300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8239] <... write resumed>) = 16777216 [pid 8239] munmap(0x7fb775000000, 138412032) = 0 [pid 8239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 8239] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8239] ioctl(5, LOOP_CLR_FD) = 0 [pid 8239] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8239] close(5) = 0 [pid 8239] close(4 [pid 8223] <... close resumed>) = 0 [pid 8223] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8212] <... futex resumed>) = 0 [pid 8223] rename("./file1", "./file0/file0" [pid 8212] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8212] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8223] <... rename resumed>) = 0 [pid 8223] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8223] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8212] <... futex resumed>) = 0 [pid 8223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8212] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8223] mkdir(".", 0777 [pid 8212] <... futex resumed>) = 0 [pid 8223] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8212] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8223] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8298] <... write resumed>) = 16777216 [pid 8298] munmap(0x7fb775000000, 138412032) = 0 [pid 8300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8298] close(3) = 0 [pid 8235] <... write resumed>) = 16777216 [ 148.162340][ T8223] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 148.183445][ T8298] loop3: detected capacity change from 0 to 32768 [ 148.204849][ T8223] BTRFS info (device loop4 state M): setting nodatasum [pid 8298] close(4) = 0 [pid 8235] munmap(0x7fb775000000, 138412032 [pid 8298] mkdir("./file0", 0777) = 0 [pid 8298] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 8239] <... close resumed>) = 0 [pid 8235] <... munmap resumed>) = 0 [pid 8239] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8235] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8239] <... futex resumed>) = 1 [pid 8235] <... openat resumed>) = 5 [pid 8231] <... futex resumed>) = 0 [pid 8235] ioctl(5, LOOP_SET_FD, 4 [pid 8231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8235] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8231] <... futex resumed>) = 0 [pid 8235] ioctl(5, LOOP_CLR_FD [pid 8231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8235] <... ioctl resumed>) = 0 [pid 8239] rename("./file1", "./file0/file0" [pid 8235] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8235] close(5) = 0 [ 148.230563][ T8223] BTRFS info (device loop4 state M): setting nodatasum [ 148.244564][ T8298] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (8298) [ 148.272929][ T8223] BTRFS info (device loop4 state M): turning off barriers [ 148.280245][ T8223] BTRFS info (device loop4 state M): turning on flush-on-commit [ 148.307209][ T8298] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 148.321606][ T8223] BTRFS info (device loop4 state M): force clearing of disk cache [pid 8235] close(4 [pid 8239] <... rename resumed>) = 0 [pid 8231] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8231] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 8239] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8231] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE [pid 8239] <... futex resumed>) = 0 [pid 8231] <... mprotect resumed>) = 0 [pid 8239] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} => {parent_tid=[8303]}, 88) = 8303 [pid 8231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8303 attached [pid 8231] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8231] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8303] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 8303] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 8303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8303] mkdir(".", 0777) = -1 EEXIST (File exists) [ 148.329457][ T8223] BTRFS info (device loop4 state M): doing ref verification [ 148.361662][ T8298] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 8303] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8223] <... mount resumed>) = 0 [ 148.372730][ T8303] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 148.385048][ T8298] BTRFS info (device loop3): using free-space-tree [ 148.396169][ T8223] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 8223] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8223] chdir(".") = 0 [ 148.431935][ T8303] BTRFS info (device loop0 state M): setting nodatasum [ 148.471839][ T8303] BTRFS info (device loop0 state M): setting nodatasum [pid 8223] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8212] <... futex resumed>) = 0 [pid 8212] exit_group(0) = ? [pid 8223] +++ exited with 0 +++ [pid 8212] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8212, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=55 /* 0.55 s */} --- [pid 5833] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./25/binderfs") = 0 [ 148.478834][ T8303] BTRFS info (device loop0 state M): turning off barriers [ 148.511901][ T5833] BTRFS info (device loop4): last unmount of filesystem b274c8ef-89d1-4764-a5f0-ca62d4d4df3b [ 148.512009][ T8303] BTRFS info (device loop0 state M): turning on flush-on-commit [ 148.532414][ T8303] BTRFS info (device loop0 state M): force clearing of disk cache [ 148.540261][ T8303] BTRFS info (device loop0 state M): doing ref verification [pid 5833] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8303] <... mount resumed>) = 0 [pid 8303] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8303] chdir(".") = 0 [pid 8303] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8231] <... futex resumed>) = 0 [pid 8303] <... futex resumed>) = 1 [pid 8298] <... mount resumed>) = 0 [pid 8231] exit_group(0 [pid 8303] exit_group(0 [pid 8298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8231] <... exit_group resumed>) = ? [pid 8303] <... exit_group resumed>) = ? [pid 8303] +++ exited with 0 +++ [pid 8298] <... openat resumed>) = 3 [pid 8239] <... futex resumed>) = ? [pid 8298] chdir("./file0" [pid 8239] +++ exited with 0 +++ [pid 8231] +++ exited with 0 +++ [pid 8298] <... chdir resumed>) = 0 [pid 8298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8231, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=66 /* 0.66 s */} --- [pid 5829] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 8298] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8298] ioctl(4, LOOP_CLR_FD) = 0 [pid 5829] getdents64(3, [pid 8298] close(4) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 8298] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8293] <... futex resumed>) = 0 [pid 5829] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8298] memfd_create("syzkaller", 0 [pid 8293] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8298] <... memfd_create resumed>) = 4 [pid 8293] <... futex resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./24/binderfs", [pid 8298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 148.571589][ T8303] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 8293] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8298] <... mmap resumed>) = 0x7fb775000000 [pid 5829] unlink("./24/binderfs") = 0 [pid 5829] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8235] <... close resumed>) = 0 [pid 8300] <... write resumed>) = 16777216 [pid 8300] munmap(0x7fb775000000, 138412032 [pid 8235] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8226] <... futex resumed>) = 0 [pid 8235] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8226] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8300] <... munmap resumed>) = 0 [pid 8235] <... futex resumed>) = 0 [pid 8226] <... futex resumed>) = 1 [pid 8235] rename("./file1", "./file0/file0" [pid 8300] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 148.647946][ T5829] BTRFS info (device loop0): last unmount of filesystem e77e3809-2840-49e7-9eda-5e9ea7456e2d [pid 8226] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8300] <... openat resumed>) = 4 [pid 8235] <... rename resumed>) = 0 [pid 8300] ioctl(4, LOOP_SET_FD, 3 [pid 8235] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8226] <... futex resumed>) = 0 [pid 8235] mkdir(".", 0777 [pid 8226] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8235] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8226] <... futex resumed>) = 0 [pid 8235] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8226] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8300] <... ioctl resumed>) = 0 [pid 8300] close(3) = 0 [pid 8300] close(4) = 0 [ 148.725982][ T8300] loop1: detected capacity change from 0 to 32768 [pid 8300] mkdir("./file0", 0777) = 0 [ 148.799483][ T8235] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 148.801620][ T8300] BTRFS: device /dev/loop1 (7:1) using temp-fsid 68b34176-459c-4c5a-a801-a652e55fb6b5 [ 148.853859][ T8235] BTRFS info (device loop2 state M): setting nodatasum [ 148.882065][ T8235] BTRFS info (device loop2 state M): setting nodatasum [ 148.889687][ T8300] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (8300) [pid 8300] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5833] <... umount2 resumed>) = 0 [ 148.903653][ T8235] BTRFS info (device loop2 state M): turning off barriers [ 148.935788][ T8235] BTRFS info (device loop2 state M): turning on flush-on-commit [ 148.936822][ T8300] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8298] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [ 148.972595][ T8235] BTRFS info (device loop2 state M): force clearing of disk cache [ 148.981168][ T8300] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 149.000211][ T8300] BTRFS info (device loop1): using free-space-tree [ 149.002163][ T8235] BTRFS info (device loop2 state M): doing ref verification [pid 5833] rmdir("./25/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./25" [pid 8235] <... mount resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 8235] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5829] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8235] <... openat resumed>) = 4 [pid 5833] mkdir("./26", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8235] chdir("." [pid 5829] newfstatat(AT_FDCWD, "./24/file0", [pid 8235] <... chdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8235] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... mkdir resumed>) = 0 [pid 5829] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8235] <... futex resumed>) = 1 [pid 8226] <... futex resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8226] exit_group(0 [pid 5829] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8226] <... exit_group resumed>) = ? [pid 5829] <... openat resumed>) = 4 [pid 8235] +++ exited with 0 +++ [pid 8226] +++ exited with 0 +++ [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] newfstatat(4, "", [pid 5833] <... openat resumed>) = 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8226, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=64 /* 0.64 s */} --- [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] getdents64(4, [pid 5833] close(3 [pid 5831] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] getdents64(4, [pid 5831] newfstatat(3, "", [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [ 149.040606][ T8235] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] close(4 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] <... close resumed>) = 0 [pid 5831] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] rmdir("./24/file0" [pid 5831] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5829] <... rmdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./25/binderfs") = 0 [pid 5831] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... close resumed>) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./24" [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./25", 0777./strace-static-x86_64: Process 8336 attached ) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 8336 [pid 8336] set_robust_list(0x55558bffa6a0, 24 [pid 8300] <... mount resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8336] <... set_robust_list resumed>) = 0 [pid 8300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5829] <... openat resumed>) = 3 [pid 8336] chdir("./26" [pid 5829] ioctl(3, LOOP_CLR_FD [pid 8336] <... chdir resumed>) = 0 [pid 8300] <... openat resumed>) = 3 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8300] chdir("./file0" [pid 5829] close(3 [pid 8336] <... prctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 8336] setpgid(0, 0 [pid 8300] <... chdir resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8300] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8336] <... setpgid resumed>) = 0 [pid 8300] <... openat resumed>) = 4 [pid 8336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8300] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 8338 attached [pid 8336] <... openat resumed>) = 3 [pid 8300] <... ioctl resumed>) = 0 [ 149.127502][ T5831] BTRFS info (device loop2): last unmount of filesystem b6401c20-8a30-4f6b-b18e-fc1dfd8a4db4 [pid 8338] set_robust_list(0x55558bffa6a0, 24 [pid 8336] write(3, "1000", 4 [pid 8300] close(4 [pid 8338] <... set_robust_list resumed>) = 0 [pid 8336] <... write resumed>) = 4 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 8338 [pid 8300] <... close resumed>) = 0 [pid 8338] chdir("./25" [pid 8336] close(3 [pid 8300] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8338] <... chdir resumed>) = 0 [pid 8300] <... futex resumed>) = 1 [pid 8338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8300] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8338] <... prctl resumed>) = 0 [pid 8338] setpgid(0, 0 [pid 8336] <... close resumed>) = 0 [pid 8299] <... futex resumed>) = 0 [pid 8338] <... setpgid resumed>) = 0 [pid 8336] symlink("/dev/binderfs", "./binderfs" [pid 8299] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8336] <... symlink resumed>) = 0 [pid 8300] <... futex resumed>) = 0 [pid 8299] <... futex resumed>) = 1 executing program [pid 8338] <... openat resumed>) = 3 [pid 8336] write(1, "executing program\n", 18 [pid 8300] memfd_create("syzkaller", 0 [pid 8299] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8338] write(3, "1000", 4 [pid 8300] <... memfd_create resumed>) = 4 [pid 8338] <... write resumed>) = 4 [pid 8300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8338] close(3) = 0 [pid 8336] <... write resumed>) = 18 [pid 8300] <... mmap resumed>) = 0x7fb775000000 [pid 8338] symlink("/dev/binderfs", "./binderfs" [pid 8336] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8338] <... symlink resumed>) = 0 [pid 8338] write(1, "executing program\n", 18 [pid 8336] <... futex resumed>) = 0 [pid 8336] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 executing program [pid 8338] <... write resumed>) = 18 [pid 8336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 8338] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8338] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 8336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 8338] <... rt_sigaction resumed>NULL, 8) = 0 [pid 8338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8336] <... mmap resumed>) = 0x7fb77d5e1000 [pid 8338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8336] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 8338] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8336] <... mprotect resumed>) = 0 [pid 8338] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8336] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8338] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 8336] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 8339 attached [pid 8339] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8338] <... clone3 resumed> => {parent_tid=[8339]}, 88) = 8339 [pid 8336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 8339] <... rseq resumed>) = 0 [pid 8338] rt_sigprocmask(SIG_SETMASK, [], [pid 8339] set_robust_list(0x7fb77d6019a0, 24 [pid 8338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8339] <... set_robust_list resumed>) = 0 [pid 8338] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8338] <... futex resumed>) = 0 [pid 8339] memfd_create("syzkaller", 0 [pid 8338] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8336] <... clone3 resumed> => {parent_tid=[8340]}, 88) = 8340 ./strace-static-x86_64: Process 8340 attached [pid 8336] rt_sigprocmask(SIG_SETMASK, [], [pid 8340] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8340] <... rseq resumed>) = 0 [pid 8336] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8340] set_robust_list(0x7fb77d6019a0, 24 [pid 8336] <... futex resumed>) = 0 [pid 8340] <... set_robust_list resumed>) = 0 [pid 8336] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8340] memfd_create("syzkaller", 0 [pid 8339] <... memfd_create resumed>) = 3 [pid 8340] <... memfd_create resumed>) = 3 [pid 8340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8340] <... mmap resumed>) = 0x7fb775000000 [pid 8339] <... mmap resumed>) = 0x7fb775000000 [pid 8298] <... write resumed>) = 16777216 [pid 8298] munmap(0x7fb775000000, 138412032 [pid 8300] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8298] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./25/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 8298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] close(3) = 0 [pid 5831] rmdir("./25") = 0 [pid 5831] mkdir("./26", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 8298] <... openat resumed>) = 5 [pid 5831] <... close resumed>) = 0 [pid 8298] ioctl(5, LOOP_SET_FD, 4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8298] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8298] ioctl(5, LOOP_CLR_FD) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 8342 ./strace-static-x86_64: Process 8342 attached [pid 8298] ioctl(5, LOOP_SET_FD, 4 [pid 8342] set_robust_list(0x55558bffa6a0, 24 [pid 8298] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 8342] <... set_robust_list resumed>) = 0 [pid 8298] close(5 [pid 8342] chdir("./26" [pid 8298] <... close resumed>) = 0 [pid 8342] <... chdir resumed>) = 0 [pid 8298] close(4 [pid 8342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8342] setpgid(0, 0) = 0 [pid 8342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8342] write(3, "1000", 4) = 4 [pid 8342] close(3) = 0 [pid 8342] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8342] write(1, "executing program\n", 18) = 18 [pid 8342] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8342] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8342] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8343]}, 88) = 8343 [pid 8342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8343 attached [pid 8342] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8342] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8343] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8343] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8343] memfd_create("syzkaller", 0) = 3 [pid 8343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8298] <... close resumed>) = 0 [pid 8298] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8293] <... futex resumed>) = 0 [pid 8298] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8293] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8293] <... futex resumed>) = 0 [pid 8298] rename("./file1", "./file0/file0" [pid 8293] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8298] <... rename resumed>) = 0 [pid 8298] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8293] <... futex resumed>) = 0 [pid 8293] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8293] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8298] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 8298] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 149.928078][ T8298] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 149.961823][ T8298] BTRFS info (device loop3 state M): setting nodatasum [pid 8343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8300] <... write resumed>) = 16777216 [pid 8300] munmap(0x7fb775000000, 138412032 [pid 8340] <... write resumed>) = 16777216 [pid 8300] <... munmap resumed>) = 0 [pid 8300] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 8300] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8300] ioctl(5, LOOP_CLR_FD) = 0 [pid 8340] munmap(0x7fb775000000, 138412032 [pid 8300] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8300] close(5) = 0 [ 149.980497][ T8298] BTRFS info (device loop3 state M): setting nodatasum [ 149.994912][ T8298] BTRFS info (device loop3 state M): turning off barriers [ 150.009347][ T8298] BTRFS info (device loop3 state M): turning on flush-on-commit [ 150.017602][ T8298] BTRFS info (device loop3 state M): force clearing of disk cache [pid 8300] close(4 [pid 8340] <... munmap resumed>) = 0 [pid 8340] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8340] close(3) = 0 [pid 8340] close(4) = 0 [pid 8340] mkdir("./file0", 0777) = 0 [ 150.039177][ T8298] BTRFS info (device loop3 state M): doing ref verification [ 150.052523][ T8340] loop4: detected capacity change from 0 to 32768 [ 150.071189][ T8298] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 8340] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 8298] <... mount resumed>) = 0 [pid 8339] <... write resumed>) = 16777216 [pid 8339] munmap(0x7fb775000000, 138412032 [pid 8298] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8298] chdir(".") = 0 [pid 8298] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8293] <... futex resumed>) = 0 [pid 8293] exit_group(0) = ? [pid 8298] +++ exited with 0 +++ [pid 8293] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8293, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=57 /* 0.57 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./25/binderfs") = 0 [ 150.081719][ T8340] BTRFS: device /dev/loop4 (7:4) using temp-fsid 7034085f-4ae0-495a-b925-aef123c87bc3 [ 150.095658][ T8340] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (8340) [pid 5832] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8339] <... munmap resumed>) = 0 [pid 8339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 150.136322][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 150.161808][ T8340] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8339] close(3) = 0 [pid 8339] close(4) = 0 [pid 8339] mkdir("./file0", 0777) = 0 [ 150.188572][ T8339] loop0: detected capacity change from 0 to 32768 [ 150.195884][ T8340] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 8339] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 8300] <... close resumed>) = 0 [ 150.234544][ T8339] BTRFS: device /dev/loop0 (7:0) using temp-fsid d4ab5608-2efe-463a-bab0-1983d77c3632 [ 150.271684][ T8340] BTRFS info (device loop4): using free-space-tree [pid 8300] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8300] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8299] <... futex resumed>) = 0 [pid 8299] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8300] <... futex resumed>) = 0 [pid 8299] <... futex resumed>) = 1 [pid 8300] rename("./file1", "./file0/file0" [ 150.293509][ T8339] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (8339) [pid 8299] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8300] <... rename resumed>) = 0 [pid 8300] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8299] <... futex resumed>) = 0 [pid 8299] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8300] mkdir(".", 0777 [pid 8299] <... futex resumed>) = 0 [pid 8300] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8299] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8300] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8343] <... write resumed>) = 16777216 [ 150.407579][ T8339] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 150.433430][ T8339] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 150.442551][ T8339] BTRFS info (device loop0): using free-space-tree [pid 8343] munmap(0x7fb775000000, 138412032) = 0 [pid 8340] <... mount resumed>) = 0 [pid 8340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8343] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8340] <... openat resumed>) = 3 [pid 8340] chdir("./file0") = 0 [pid 8340] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8340] ioctl(4, LOOP_CLR_FD) = 0 [ 150.463861][ T8300] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 150.500702][ T8343] loop2: detected capacity change from 0 to 32768 [ 150.507533][ T8300] BTRFS info (device loop1 state M): setting nodatasum [pid 8340] close(4) = 0 [pid 8343] close(3 [pid 8340] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8336] <... futex resumed>) = 0 [pid 8343] <... close resumed>) = 0 [pid 8340] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8336] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8336] <... futex resumed>) = 0 [pid 8340] memfd_create("syzkaller", 0 [pid 8336] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8340] <... memfd_create resumed>) = 4 [pid 8340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8343] close(4) = 0 [ 150.515209][ T8300] BTRFS info (device loop1 state M): setting nodatasum [ 150.522647][ T8300] BTRFS info (device loop1 state M): turning off barriers [ 150.529898][ T8300] BTRFS info (device loop1 state M): turning on flush-on-commit [ 150.538002][ T8300] BTRFS info (device loop1 state M): force clearing of disk cache [ 150.555472][ T8300] BTRFS info (device loop1 state M): doing ref verification [pid 8343] mkdir("./file0", 0777) = 0 [pid 8300] <... mount resumed>) = 0 [pid 8343] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 8300] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8300] chdir(".") = 0 [pid 8300] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8300] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8299] <... futex resumed>) = 0 [pid 8299] exit_group(0 [pid 8300] <... futex resumed>) = ? [pid 8299] <... exit_group resumed>) = ? [pid 8300] +++ exited with 0 +++ [pid 8299] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8299, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=68 /* 0.68 s */} --- [ 150.563234][ T8300] BTRFS info (device loop1 state M): max_inline set to 26856 [ 150.585358][ T8343] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (8343) [pid 5830] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./25/binderfs") = 0 [pid 5830] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 150.672381][ T8343] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8340] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8339] <... mount resumed>) = 0 [pid 8339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8339] chdir("./file0") = 0 [pid 8339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8339] ioctl(4, LOOP_CLR_FD) = 0 [ 150.717880][ T5830] BTRFS info (device loop1): last unmount of filesystem 68b34176-459c-4c5a-a801-a652e55fb6b5 [ 150.742232][ T8343] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 8339] close(4) = 0 [pid 8339] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8339] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8338] <... futex resumed>) = 0 [pid 8338] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8339] <... futex resumed>) = 0 [pid 8338] <... futex resumed>) = 1 [pid 8339] memfd_create("syzkaller", 0) = 4 [pid 8339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8338] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./25/file0") = 0 [ 150.794240][ T8343] BTRFS info (device loop2): using free-space-tree [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./25") = 0 [pid 5832] mkdir("./26", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8390 attached , child_tidptr=0x55558bffa690) = 8390 [pid 8390] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8390] chdir("./26") = 0 [pid 8390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8390] setpgid(0, 0) = 0 [pid 8390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8390] write(3, "1000", 4) = 4 [pid 8390] close(3) = 0 [pid 8390] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8390] write(1, "executing program\n", 18) = 18 [pid 8390] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8390] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8390] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8395]}, 88) = 8395 [pid 8390] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8395 attached [pid 8395] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8390] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8390] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8395] <... rseq resumed>) = 0 [pid 8395] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8395] memfd_create("syzkaller", 0) = 3 [pid 8395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8343] <... mount resumed>) = 0 [pid 8343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8343] chdir("./file0") = 0 [pid 8343] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8343] ioctl(4, LOOP_CLR_FD) = 0 [pid 8343] close(4) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 8343] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8342] <... futex resumed>) = 0 [pid 8343] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8342] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8342] <... futex resumed>) = 0 [pid 5830] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8343] memfd_create("syzkaller", 0 [pid 8342] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8343] <... memfd_create resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] newfstatat(AT_FDCWD, "./25/file0", [pid 8343] <... mmap resumed>) = 0x7fb775000000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./25/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./25") = 0 [pid 5830] mkdir("./26", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8339] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8397 attached [pid 8397] set_robust_list(0x55558bffa6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 8397 [pid 8397] <... set_robust_list resumed>) = 0 [pid 8397] chdir("./26") = 0 [pid 8397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8397] setpgid(0, 0) = 0 [pid 8397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8397] write(3, "1000", 4) = 4 [pid 8397] close(3) = 0 [pid 8397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8397] write(1, "executing program\n", 18executing program ) = 18 [pid 8397] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8397] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8397] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 8343] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 8397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 8398 attached [pid 8398] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8398] set_robust_list(0x7fb77d6019a0, 24 [pid 8397] <... clone3 resumed> => {parent_tid=[8398]}, 88) = 8398 [pid 8398] <... set_robust_list resumed>) = 0 [pid 8397] rt_sigprocmask(SIG_SETMASK, [], [pid 8398] rt_sigprocmask(SIG_SETMASK, [], [pid 8397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8397] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8398] memfd_create("syzkaller", 0 [pid 8397] <... futex resumed>) = 0 [pid 8398] <... memfd_create resumed>) = 3 [pid 8397] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8340] <... write resumed>) = 16777216 [pid 8340] munmap(0x7fb775000000, 138412032) = 0 [pid 8340] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 8340] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8340] ioctl(5, LOOP_CLR_FD) = 0 [pid 8340] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8340] close(5) = 0 [pid 8340] close(4 [pid 8339] <... write resumed>) = 16777216 [pid 8339] munmap(0x7fb775000000, 138412032) = 0 [pid 8339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 8339] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8339] ioctl(5, LOOP_CLR_FD) = 0 [pid 8339] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8339] close(5) = 0 [pid 8398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8339] close(4 [pid 8340] <... close resumed>) = 0 [pid 8340] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8336] <... futex resumed>) = 0 [pid 8340] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8336] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8336] <... futex resumed>) = 0 [pid 8340] rename("./file1", "./file0/file0" [pid 8336] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8340] <... rename resumed>) = 0 [pid 8340] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8336] <... futex resumed>) = 0 [pid 8340] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8336] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8336] <... futex resumed>) = 0 [pid 8340] mkdir(".", 0777 [pid 8336] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8340] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8340] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8343] <... write resumed>) = 16777216 [ 151.703287][ T8340] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 8343] munmap(0x7fb775000000, 138412032) = 0 [pid 8343] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 8343] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8343] ioctl(5, LOOP_CLR_FD) = 0 [pid 8343] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8343] close(5) = 0 [pid 8343] close(4 [pid 8395] <... write resumed>) = 16777216 [ 151.751586][ T8340] BTRFS info (device loop4 state M): setting nodatasum [ 151.781662][ T8340] BTRFS info (device loop4 state M): setting nodatasum [pid 8395] munmap(0x7fb775000000, 138412032) = 0 [pid 8395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8339] <... close resumed>) = 0 [ 151.832228][ T8340] BTRFS info (device loop4 state M): turning off barriers [ 151.839392][ T8340] BTRFS info (device loop4 state M): turning on flush-on-commit [ 151.852861][ T8395] loop3: detected capacity change from 0 to 32768 [pid 8395] close(3) = 0 [pid 8395] close(4) = 0 [pid 8395] mkdir("./file0", 0777) = 0 [pid 8395] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 8339] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8338] <... futex resumed>) = 0 [pid 8338] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8339] rename("./file1", "./file0/file0" [pid 8338] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8340] <... mount resumed>) = 0 [pid 8340] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8340] chdir("." [pid 8339] <... rename resumed>) = 0 [pid 8339] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8340] <... chdir resumed>) = 0 [pid 8339] <... futex resumed>) = 1 [ 151.891656][ T8340] BTRFS info (device loop4 state M): force clearing of disk cache [ 151.899955][ T8340] BTRFS info (device loop4 state M): doing ref verification [ 151.907133][ T8395] BTRFS: device /dev/loop3 (7:3) using temp-fsid 9baafbaf-cd3d-4ee9-9c44-e2e7197b21e7 [ 151.931577][ T8340] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 8338] <... futex resumed>) = 0 [pid 8340] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8339] mkdir(".", 0777 [pid 8338] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8339] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 8340] <... futex resumed>) = 1 [pid 8339] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8338] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8340] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8336] <... futex resumed>) = 0 [pid 8336] exit_group(0 [pid 8340] <... futex resumed>) = ? [pid 8336] <... exit_group resumed>) = ? [pid 8340] +++ exited with 0 +++ [pid 8336] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8336, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=60 /* 0.60 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 8343] <... close resumed>) = 0 [ 151.985013][ T8395] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (8395) [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./26/binderfs") = 0 [pid 5833] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8343] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8342] <... futex resumed>) = 0 [pid 8343] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8342] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8342] <... futex resumed>) = 0 [pid 8342] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 152.028434][ T8339] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 152.041479][ T5833] BTRFS info (device loop4): last unmount of filesystem 7034085f-4ae0-495a-b925-aef123c87bc3 [ 152.051648][ T8339] BTRFS info (device loop0 state M): setting nodatasum [ 152.060178][ T8339] BTRFS info (device loop0 state M): setting nodatasum [pid 8343] rename("./file1", "./file0/file0") = 0 [pid 8398] <... write resumed>) = 16777216 [pid 8343] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8342] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8398] munmap(0x7fb775000000, 138412032 [pid 8343] <... futex resumed>) = 0 [pid 8342] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8343] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 8342] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 152.084912][ T8395] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 152.095877][ T8339] BTRFS info (device loop0 state M): turning off barriers [ 152.117556][ T8395] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 152.127554][ T8339] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 8343] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8398] <... munmap resumed>) = 0 [pid 8398] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 152.161702][ T8395] BTRFS info (device loop3): using free-space-tree [ 152.169024][ T8339] BTRFS info (device loop0 state M): force clearing of disk cache [ 152.183463][ T8339] BTRFS info (device loop0 state M): doing ref verification [ 152.185036][ T8343] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 8398] ioctl(4, LOOP_SET_FD, 3 [pid 8339] <... mount resumed>) = 0 [pid 8339] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8339] chdir(".") = 0 [pid 8339] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8339] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8338] <... futex resumed>) = 0 [pid 8338] exit_group(0) = ? [pid 8339] <... futex resumed>) = ? [pid 8339] +++ exited with 0 +++ [pid 8338] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8338, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=63 /* 0.63 s */} --- [pid 5829] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8398] <... ioctl resumed>) = 0 [pid 5829] getdents64(3, [pid 8398] close(3 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 8398] <... close resumed>) = 0 [pid 5829] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8398] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8398] <... close resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./25/binderfs", [pid 8398] mkdir("./file0", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8398] <... mkdir resumed>) = 0 [pid 5829] unlink("./25/binderfs" [pid 8398] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5829] <... unlink resumed>) = 0 [ 152.213852][ T8339] BTRFS info (device loop0 state M): max_inline set to 26856 [ 152.228186][ T8343] BTRFS info (device loop2 state M): setting nodatasum [ 152.228453][ T8398] loop1: detected capacity change from 0 to 32768 [ 152.293597][ T8398] BTRFS: device /dev/loop1 (7:1) using temp-fsid b65e5074-7275-4634-a025-a4403a9281c2 [ 152.316990][ T5829] BTRFS info (device loop0): last unmount of filesystem d4ab5608-2efe-463a-bab0-1983d77c3632 [ 152.327602][ T8343] BTRFS info (device loop2 state M): setting nodatasum [ 152.345200][ T8398] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (8398) [ 152.373706][ T8343] BTRFS info (device loop2 state M): turning off barriers [ 152.380949][ T8343] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 5829] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8343] <... mount resumed>) = 0 [ 152.389270][ T8343] BTRFS info (device loop2 state M): force clearing of disk cache [ 152.397410][ T8398] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 152.397511][ T8343] BTRFS info (device loop2 state M): doing ref verification [ 152.429240][ T8343] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 8343] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8343] chdir(".") = 0 [pid 8343] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 8395] <... mount resumed>) = 0 [pid 8343] <... futex resumed>) = 1 [pid 8342] <... futex resumed>) = 0 [pid 8395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8342] exit_group(0 [pid 8395] <... openat resumed>) = 3 [pid 8342] <... exit_group resumed>) = ? [pid 8395] chdir("./file0") = 0 [pid 8395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8395] ioctl(4, LOOP_CLR_FD) = 0 [pid 8395] close(4) = 0 [pid 8395] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8395] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8390] <... futex resumed>) = 0 [pid 8390] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8395] <... futex resumed>) = 0 [pid 8390] <... futex resumed>) = 1 [pid 8395] memfd_create("syzkaller", 0) = 4 [pid 8395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8390] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8343] +++ exited with 0 +++ [pid 8342] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8342, si_uid=0, si_status=0, si_utime=17 /* 0.17 s */, si_stime=54 /* 0.54 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 152.438369][ T8398] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 152.448046][ T8398] BTRFS info (device loop1): using free-space-tree [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./26/binderfs") = 0 [pid 5831] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./26/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./26") = 0 [ 152.551119][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] mkdir("./27", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 8434 ./strace-static-x86_64: Process 8434 attached [pid 8398] <... mount resumed>) = 0 [pid 8398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8398] chdir("./file0") = 0 [pid 8398] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8398] ioctl(4, LOOP_CLR_FD) = 0 [pid 8398] close(4) = 0 [pid 8398] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8398] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8397] <... futex resumed>) = 0 [pid 8397] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8397] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8398] memfd_create("syzkaller", 0 [pid 8434] set_robust_list(0x55558bffa6a0, 24 [pid 8398] <... memfd_create resumed>) = 4 [pid 8434] <... set_robust_list resumed>) = 0 [pid 8398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8434] chdir("./27" [pid 8398] <... mmap resumed>) = 0x7fb775000000 [pid 8434] <... chdir resumed>) = 0 [pid 8434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8434] setpgid(0, 0) = 0 [pid 8434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8434] write(3, "1000", 4) = 4 executing program [pid 8434] close(3) = 0 [pid 8434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8434] write(1, "executing program\n", 18) = 18 [pid 8434] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8434] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8434] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8435]}, 88) = 8435 [pid 8434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8435 attached [pid 8434] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8435] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8434] <... futex resumed>) = 0 [pid 8434] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8435] <... rseq resumed>) = 0 [pid 8435] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8435] memfd_create("syzkaller", 0) = 3 [pid 8435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./25/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./25") = 0 [pid 5829] mkdir("./26", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 8436 ./strace-static-x86_64: Process 8436 attached [pid 8436] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8436] chdir("./26") = 0 [pid 8436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8436] setpgid(0, 0) = 0 [pid 8436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 8436] write(3, "1000", 4) = 4 [pid 8436] close(3) = 0 [pid 8436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8436] write(1, "executing program\n", 18) = 18 [pid 8436] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8436] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8436] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8437]}, 88) = 8437 [pid 8436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8436] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8436] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 8437 attached [pid 8437] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8437] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8437] memfd_create("syzkaller", 0) = 3 [pid 8437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8395] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8398] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 8435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./26/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 8437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] rmdir("./26") = 0 [pid 5831] mkdir("./27", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8438 attached , child_tidptr=0x55558bffa690) = 8438 [pid 8438] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 8438] chdir("./27") = 0 [pid 8438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8438] setpgid(0, 0) = 0 [pid 8438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8438] write(3, "1000", 4) = 4 [pid 8438] close(3) = 0 [pid 8438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8438] write(1, "executing program\n", 18executing program ) = 18 [pid 8438] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8438] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8438] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[8439]}, 88) = 8439 ./strace-static-x86_64: Process 8439 attached [pid 8439] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 8439] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8438] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8438] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8439] memfd_create("syzkaller", 0) = 3 [pid 8439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8395] <... write resumed>) = 16777216 [pid 8439] <... mmap resumed>) = 0x7fb775000000 [pid 8395] munmap(0x7fb775000000, 138412032) = 0 [pid 8395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 8395] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8395] ioctl(5, LOOP_CLR_FD [pid 8435] <... write resumed>) = 16777216 [pid 8395] <... ioctl resumed>) = 0 [pid 8435] munmap(0x7fb775000000, 138412032) = 0 [pid 8395] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8395] close(5) = 0 [pid 8435] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8437] <... write resumed>) = 16777216 [pid 8395] close(4 [pid 8435] close(3) = 0 [pid 8435] close(4) = 0 [pid 8435] mkdir("./file0", 0777) = 0 [pid 8435] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 8437] munmap(0x7fb775000000, 138412032) = 0 [pid 8437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 153.334096][ T8435] loop4: detected capacity change from 0 to 32768 [ 153.366731][ T8435] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (8435) [pid 8437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8437] close(3) = 0 [pid 8437] close(4) = 0 [pid 8437] mkdir("./file0", 0777) = 0 [pid 8437] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 8398] <... write resumed>) = 16777216 [ 153.403724][ T8437] loop0: detected capacity change from 0 to 32768 [ 153.425462][ T8435] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 153.441693][ T8437] BTRFS: device /dev/loop0 (7:0) using temp-fsid 2cbf0de7-4a0d-4dc0-a5dd-e76745b70533 [pid 8398] munmap(0x7fb775000000, 138412032) = 0 [pid 8398] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 8398] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8398] ioctl(5, LOOP_CLR_FD) = 0 [pid 8398] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8398] close(5) = 0 [ 153.461692][ T8437] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (8437) [ 153.476251][ T8435] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 153.499639][ T8435] BTRFS info (device loop4): using free-space-tree [pid 8398] close(4 [pid 8439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8395] <... close resumed>) = 0 [ 153.528638][ T8437] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8395] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8390] <... futex resumed>) = 0 [pid 8395] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8390] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8395] <... futex resumed>) = 0 [pid 8395] rename("./file1", "./file0/file0" [pid 8390] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8395] <... rename resumed>) = 0 [pid 8395] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8395] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8390] <... futex resumed>) = 0 [pid 8390] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8395] <... futex resumed>) = 0 [pid 8390] <... futex resumed>) = 1 [pid 8395] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 8395] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 153.585303][ T8437] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 153.650984][ T8437] BTRFS info (device loop0): using free-space-tree [ 153.672725][ T8395] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 153.759887][ T8395] BTRFS info (device loop3 state M): setting nodatasum [pid 8390] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8439] <... write resumed>) = 16777216 [pid 8439] munmap(0x7fb775000000, 138412032) = 0 [pid 8435] <... mount resumed>) = 0 [pid 8435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8439] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8435] chdir("./file0") = 0 [pid 8439] ioctl(4, LOOP_SET_FD, 3 [ 153.811823][ T8395] BTRFS info (device loop3 state M): setting nodatasum [ 153.832650][ T8395] BTRFS info (device loop3 state M): turning off barriers [ 153.839841][ T8395] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 8435] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8439] <... ioctl resumed>) = 0 [pid 8435] <... openat resumed>) = 4 [pid 8398] <... close resumed>) = 0 [pid 8435] ioctl(4, LOOP_CLR_FD) = 0 [pid 8435] close(4) = 0 [pid 8435] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8435] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8437] <... mount resumed>) = 0 [pid 8437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8434] <... futex resumed>) = 0 [pid 8434] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8437] <... openat resumed>) = 3 [pid 8434] <... futex resumed>) = 1 [pid 8437] chdir("./file0" [pid 8434] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8439] close(3 [pid 8435] <... futex resumed>) = 0 [pid 8439] <... close resumed>) = 0 [pid 8437] <... chdir resumed>) = 0 [ 153.884254][ T8439] loop2: detected capacity change from 0 to 32768 [ 153.905429][ T8395] BTRFS info (device loop3 state M): force clearing of disk cache [pid 8435] memfd_create("syzkaller", 0 [pid 8439] close(4 [pid 8437] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8435] <... memfd_create resumed>) = 4 [pid 8437] <... openat resumed>) = 4 [pid 8439] <... close resumed>) = 0 [pid 8437] ioctl(4, LOOP_CLR_FD [pid 8435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8437] <... ioctl resumed>) = 0 [pid 8439] mkdir("./file0", 0777 [pid 8437] close(4 [pid 8439] <... mkdir resumed>) = 0 [pid 8437] <... close resumed>) = 0 [pid 8439] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 8437] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8437] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8436] <... futex resumed>) = 0 [pid 8436] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8437] <... futex resumed>) = 0 [pid 8436] <... futex resumed>) = 1 [pid 8436] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8437] memfd_create("syzkaller", 0) = 4 [pid 8437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 8398] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8397] <... futex resumed>) = 0 [pid 8397] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 153.927953][ T8439] BTRFS: device /dev/loop2 (7:2) using temp-fsid fe0aee65-f6f2-4962-a8ba-a6627e74e3ff [pid 8397] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8398] rename("./file1", "./file0/file0" [pid 8397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8397] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 8397] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 8474 attached => {parent_tid=[8474]}, 88) = 8474 [pid 8474] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 8397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8397] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8397] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8474] <... rseq resumed>) = 0 [pid 8474] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 8474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8474] mkdir(".", 0777) = -1 EEXIST (File exists) [ 153.984951][ T8395] BTRFS info (device loop3 state M): doing ref verification [ 154.009270][ T8439] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (8439) [ 154.011616][ T8395] BTRFS info (device loop3 state M): max_inline set to 26856 [ 154.063666][ T8474] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 154.076386][ T70] BTRFS error (device loop1 state M): trying to do action 2 to bytenr 1052672 num_bytes 4096 but there is no existing entry! [ 154.089719][ T70] BTRFS error (device loop1 state M): Ref action 2, root 3, ref_root 3, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 154.103563][ T70] btrfs_force_cow_block+0xf44/0x1da0 [ 154.109152][ T70] btrfs_cow_block+0x35e/0xa40 [ 154.114260][ T70] btrfs_search_slot+0xbdd/0x30d0 [ 154.119445][ T70] btrfs_update_device+0x1b0/0x580 [ 154.124881][ T70] btrfs_chunk_alloc_add_chunk_item+0x2cb/0x1100 [ 154.131371][ T70] btrfs_chunk_alloc+0x7ca/0xf80 [ 154.136624][ T70] flush_space+0x4c0/0xd00 [ 154.141230][ T70] btrfs_async_reclaim_metadata_space+0x28e/0x350 [ 154.148051][ T70] process_scheduled_works+0xa63/0x1850 [ 154.153851][ T70] worker_thread+0x870/0xd30 [ 154.158608][ T70] kthread+0x2f0/0x390 [ 154.162885][ T70] ret_from_fork+0x4b/0x80 [ 154.167468][ T70] ret_from_fork_asm+0x1a/0x30 [ 154.193352][ T8474] BTRFS info (device loop1 state M): setting nodatasum [ 154.200245][ T8474] BTRFS info (device loop1 state M): setting nodatasum [ 154.229564][ T8439] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 8474] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 8395] <... mount resumed>) = 0 [pid 8395] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8395] chdir("." [pid 8435] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8395] <... chdir resumed>) = 0 [pid 8395] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8390] <... futex resumed>) = 0 [pid 8395] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8390] exit_group(0 [pid 8395] <... futex resumed>) = ? [pid 8390] <... exit_group resumed>) = ? [pid 8395] +++ exited with 0 +++ [pid 8390] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8390, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=68 /* 0.68 s */} --- [pid 5832] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./26/binderfs") = 0 [ 154.271939][ T8474] BTRFS info (device loop1 state M): turning off barriers [ 154.279113][ T8474] BTRFS info (device loop1 state M): turning on flush-on-commit [ 154.287420][ T8439] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 154.306365][ T8439] BTRFS info (device loop2): using free-space-tree [pid 5832] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8398] <... rename resumed>) = 0 [pid 8398] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8398] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 154.314375][ T5832] BTRFS info (device loop3): last unmount of filesystem 9baafbaf-cd3d-4ee9-9c44-e2e7197b21e7 [ 154.325744][ T8474] BTRFS info (device loop1 state M): force clearing of disk cache [ 154.356513][ T8474] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 8437] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8474] <... mount resumed>) = 0 [pid 8474] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 8474] chdir(".") = 0 [pid 8474] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8397] <... futex resumed>) = 0 [pid 8474] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8397] exit_group(0 [pid 8474] <... futex resumed>) = ? [pid 8398] <... futex resumed>) = ? [pid 8397] <... exit_group resumed>) = ? [pid 8474] +++ exited with 0 +++ [pid 8398] +++ exited with 0 +++ [pid 8397] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8397, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=73 /* 0.73 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./26/binderfs") = 0 [pid 5830] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 8439] <... mount resumed>) = 0 [pid 8439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8439] chdir("./file0") = 0 [pid 8439] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8439] ioctl(4, LOOP_CLR_FD) = 0 [pid 8439] close(4) = 0 [pid 8439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8438] <... futex resumed>) = 0 [pid 8438] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8439] memfd_create("syzkaller", 0 [pid 8438] <... futex resumed>) = 0 [pid 8439] <... memfd_create resumed>) = 4 [pid 8438] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 154.550508][ T5830] BTRFS info (device loop1): last unmount of filesystem b65e5074-7275-4634-a025-a4403a9281c2 [ 154.663403][ T5830] ------------[ cut here ]------------ [ 154.669360][ T5830] WARNING: CPU: 1 PID: 5830 at fs/btrfs/block-rsv.c:459 btrfs_release_global_block_rsv+0x261/0x270 [ 154.680547][ T5830] Modules linked in: [ 154.684805][ T5830] CPU: 1 UID: 0 PID: 5830 Comm: syz-executor323 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 154.696372][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 154.706504][ T5830] RIP: 0010:btrfs_release_global_block_rsv+0x261/0x270 [ 154.713425][ T5830] Code: 0f 0b 90 e9 0c ff ff ff e8 2c 0d bd fd 90 0f 0b 90 e9 36 ff ff ff e8 1e 0d bd fd 90 0f 0b 90 e9 67 ff ff ff e8 10 0d bd fd 90 <0f> 0b 90 eb 89 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 154.733221][ T5830] RSP: 0018:ffffc90003baf9b8 EFLAGS: 00010293 [ 154.739316][ T5830] RAX: ffffffff83d7dca0 RBX: ffffffffffff0000 RCX: ffff888035a31e00 [ 154.747401][ T5830] RDX: 0000000000000000 RSI: ffffffffffff0000 RDI: 0000000000000000 [ 154.755436][ T5830] RBP: 0000000000000001 R08: ffffffff83d7dc25 R09: 1ffff1100540de01 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 154.763464][ T5830] R10: dffffc0000000000 R11: ffffed100540de02 R12: ffff88802a06a000 [ 154.771466][ T5830] R13: 1ffff1100540d42e R14: ffff8880336f4400 R15: dffffc0000000000 [ 154.779523][ T5830] FS: 000055558bffa3c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 154.788525][ T5830] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 154.795211][ T5830] CR2: 00007fb775400000 CR3: 000000007e426000 CR4: 00000000003526f0 [ 154.803261][ T5830] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 5832] newfstatat(AT_FDCWD, "./26/file0", [pid 8437] <... write resumed>) = 16777216 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./26/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./26") = 0 [pid 5832] mkdir("./27", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8493 attached [pid 8493] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 8493 [pid 8493] <... set_robust_list resumed>) = 0 [ 154.811304][ T5830] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 154.819356][ T5830] Call Trace: [ 154.822704][ T5830] [ 154.825660][ T5830] ? __warn+0x168/0x4e0 [ 154.830847][ T5830] ? btrfs_release_global_block_rsv+0x261/0x270 [ 154.837229][ T5830] ? report_bug+0x2b3/0x500 [ 154.841891][ T5830] ? btrfs_release_global_block_rsv+0x261/0x270 [ 154.848168][ T5830] ? handle_bug+0x60/0x90 [ 154.852563][ T5830] ? exc_invalid_op+0x1a/0x50 [ 154.857279][ T5830] ? asm_exc_invalid_op+0x1a/0x20 [pid 8437] munmap(0x7fb775000000, 138412032 [pid 8493] chdir("./27") = 0 [pid 8493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8493] setpgid(0, 0) = 0 [pid 8493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8493] write(3, "1000", 4) = 4 [pid 8493] close(3) = 0 [pid 8493] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 8493] write(1, "executing program\n", 18) = 18 [pid 8493] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8493] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 8493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 8493] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [ 154.862384][ T5830] ? btrfs_release_global_block_rsv+0x1e5/0x270 [ 154.868654][ T5830] ? btrfs_release_global_block_rsv+0x260/0x270 [ 154.874964][ T5830] ? btrfs_release_global_block_rsv+0x261/0x270 [ 154.881233][ T5830] ? btrfs_release_global_block_rsv+0x260/0x270 [ 154.887587][ T5830] btrfs_free_block_groups+0xc3c/0x1080 [ 154.893257][ T5830] close_ctree+0x772/0xd60 [ 154.897708][ T5830] ? hook_sb_delete+0x888/0xbd0 [ 154.902617][ T5830] ? __pfx_close_ctree+0x10/0x10 [ 154.907581][ T5830] ? f2fs_allocate_pinning_section+0x11/0x4e0 [pid 8493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8437] <... munmap resumed>) = 0 [pid 8437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 8493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 8437] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8493] <... clone3 resumed> => {parent_tid=[8494]}, 88) = 8494 [pid 8437] ioctl(5, LOOP_CLR_FD [pid 8493] rt_sigprocmask(SIG_SETMASK, [], [pid 8437] <... ioctl resumed>) = 0 [pid 8493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8493] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8494 attached ) = 0 [pid 8493] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8437] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 8437] close(5 [pid 8494] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 8437] <... close resumed>) = 0 [pid 8494] <... rseq resumed>) = 0 [ 154.913712][ T5830] ? __pfx_hook_sb_delete+0x10/0x10 [ 154.918963][ T5830] ? __pfx_evict_inodes+0x10/0x10 [ 154.924050][ T5830] ? btrfs_attach_transaction_barrier+0x34/0xa0 [ 154.930329][ T5830] ? btrfs_sync_fs+0x1d4/0x700 [ 154.935258][ T5830] ? __pfx_btrfs_put_super+0x10/0x10 [ 154.940583][ T5830] generic_shutdown_super+0x139/0x2d0 [ 154.946075][ T5830] kill_anon_super+0x3b/0x70 [ 154.950699][ T5830] btrfs_kill_super+0x41/0x50 [ 154.955448][ T5830] deactivate_locked_super+0xc4/0x130 [pid 8437] close(4 [pid 8494] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 8494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 154.960855][ T5830] cleanup_mnt+0x41f/0x4b0 [ 154.965358][ T5830] ? lockdep_hardirqs_on+0x99/0x150 [ 154.970586][ T5830] task_work_run+0x24f/0x310 [ 154.975258][ T5830] ? __pfx_task_work_run+0x10/0x10 [ 154.980392][ T5830] ? path_umount+0x284/0xf70 [ 154.985078][ T5830] ptrace_notify+0x2d2/0x380 [ 154.989801][ T5830] ? __pfx_path_umount+0x10/0x10 [ 154.994807][ T5830] ? __pfx_ptrace_notify+0x10/0x10 [ 154.999963][ T5830] ? __x64_sys_umount+0x123/0x170 [ 155.005076][ T5830] ? __pfx___x64_sys_umount+0x10/0x10 [pid 8494] memfd_create("syzkaller", 0) = 3 [pid 8494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 155.010492][ T5830] syscall_exit_work+0xc6/0x190 [ 155.015450][ T5830] syscall_exit_to_user_mode+0x279/0x370 [ 155.021117][ T5830] do_syscall_64+0x100/0x230 [ 155.025781][ T5830] ? clear_bhb_loop+0x35/0x90 [ 155.030506][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.036488][ T5830] RIP: 0033:0x7fb77d64c1e7 [ 155.040931][ T5830] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 155.060614][ T5830] RSP: 002b:00007ffe158a5b88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 155.069133][ T5830] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb77d64c1e7 [ 155.077163][ T5830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe158a5c40 [ 155.085212][ T5830] RBP: 00007ffe158a5c40 R08: 0000000000000000 R09: 0000000000000000 [ 155.093245][ T5830] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe158a6cf0 [ 155.101242][ T5830] R13: 000055558bffb700 R14: 431bde82d7b634db R15: 00007ffe158a6c94 [ 155.109330][ T5830] [pid 8435] <... write resumed>) = 16777216 [ 155.112428][ T5830] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 155.119721][ T5830] CPU: 1 UID: 0 PID: 5830 Comm: syz-executor323 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 [ 155.130849][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 155.140930][ T5830] Call Trace: [ 155.144233][ T5830] [ 155.147188][ T5830] dump_stack_lvl+0x241/0x360 [ 155.151908][ T5830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.157133][ T5830] ? __pfx__printk+0x10/0x10 [ 155.161749][ T5830] ? _printk+0xd5/0x120 [ 155.165945][ T5830] ? __init_begin+0x41000/0x41000 [ 155.171003][ T5830] ? vscnprintf+0x5d/0x90 [ 155.175362][ T5830] panic+0x349/0x880 [ 155.179283][ T5830] ? __warn+0x177/0x4e0 [ 155.183463][ T5830] ? __pfx_panic+0x10/0x10 [ 155.187933][ T5830] ? show_trace_log_lvl+0x3b2/0x410 [ 155.193167][ T5830] __warn+0x34b/0x4e0 [ 155.197168][ T5830] ? btrfs_release_global_block_rsv+0x261/0x270 [ 155.203435][ T5830] report_bug+0x2b3/0x500 [ 155.207766][ T5830] ? btrfs_release_global_block_rsv+0x261/0x270 [ 155.214005][ T5830] handle_bug+0x60/0x90 [ 155.218162][ T5830] exc_invalid_op+0x1a/0x50 [ 155.222669][ T5830] asm_exc_invalid_op+0x1a/0x20 [ 155.227521][ T5830] RIP: 0010:btrfs_release_global_block_rsv+0x261/0x270 [ 155.234374][ T5830] Code: 0f 0b 90 e9 0c ff ff ff e8 2c 0d bd fd 90 0f 0b 90 e9 36 ff ff ff e8 1e 0d bd fd 90 0f 0b 90 e9 67 ff ff ff e8 10 0d bd fd 90 <0f> 0b 90 eb 89 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 155.253978][ T5830] RSP: 0018:ffffc90003baf9b8 EFLAGS: 00010293 [ 155.260043][ T5830] RAX: ffffffff83d7dca0 RBX: ffffffffffff0000 RCX: ffff888035a31e00 [ 155.268009][ T5830] RDX: 0000000000000000 RSI: ffffffffffff0000 RDI: 0000000000000000 [ 155.275986][ T5830] RBP: 0000000000000001 R08: ffffffff83d7dc25 R09: 1ffff1100540de01 [ 155.283951][ T5830] R10: dffffc0000000000 R11: ffffed100540de02 R12: ffff88802a06a000 [ 155.291967][ T5830] R13: 1ffff1100540d42e R14: ffff8880336f4400 R15: dffffc0000000000 [ 155.299938][ T5830] ? btrfs_release_global_block_rsv+0x1e5/0x270 [ 155.306176][ T5830] ? btrfs_release_global_block_rsv+0x260/0x270 [ 155.312434][ T5830] ? btrfs_release_global_block_rsv+0x260/0x270 [ 155.318673][ T5830] btrfs_free_block_groups+0xc3c/0x1080 [ 155.324224][ T5830] close_ctree+0x772/0xd60 [ 155.328644][ T5830] ? hook_sb_delete+0x888/0xbd0 [ 155.333513][ T5830] ? __pfx_close_ctree+0x10/0x10 [ 155.338449][ T5830] ? f2fs_allocate_pinning_section+0x11/0x4e0 [ 155.344529][ T5830] ? __pfx_hook_sb_delete+0x10/0x10 [ 155.349727][ T5830] ? __pfx_evict_inodes+0x10/0x10 [ 155.354754][ T5830] ? btrfs_attach_transaction_barrier+0x34/0xa0 [ 155.361025][ T5830] ? btrfs_sync_fs+0x1d4/0x700 [ 155.365808][ T5830] ? __pfx_btrfs_put_super+0x10/0x10 [ 155.371103][ T5830] generic_shutdown_super+0x139/0x2d0 [ 155.376486][ T5830] kill_anon_super+0x3b/0x70 [ 155.381082][ T5830] btrfs_kill_super+0x41/0x50 [ 155.385767][ T5830] deactivate_locked_super+0xc4/0x130 [ 155.391140][ T5830] cleanup_mnt+0x41f/0x4b0 [ 155.395562][ T5830] ? lockdep_hardirqs_on+0x99/0x150 [ 155.400770][ T5830] task_work_run+0x24f/0x310 [ 155.405362][ T5830] ? __pfx_task_work_run+0x10/0x10 [ 155.410472][ T5830] ? path_umount+0x284/0xf70 [ 155.415105][ T5830] ptrace_notify+0x2d2/0x380 [ 155.419701][ T5830] ? __pfx_path_umount+0x10/0x10 [ 155.424811][ T5830] ? __pfx_ptrace_notify+0x10/0x10 [ 155.429934][ T5830] ? __x64_sys_umount+0x123/0x170 [ 155.434958][ T5830] ? __pfx___x64_sys_umount+0x10/0x10 [ 155.440330][ T5830] syscall_exit_work+0xc6/0x190 [ 155.445186][ T5830] syscall_exit_to_user_mode+0x279/0x370 [ 155.450824][ T5830] do_syscall_64+0x100/0x230 [ 155.455419][ T5830] ? clear_bhb_loop+0x35/0x90 [ 155.460113][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.466002][ T5830] RIP: 0033:0x7fb77d64c1e7 [ 155.470411][ T5830] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 155.490027][ T5830] RSP: 002b:00007ffe158a5b88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 155.498449][ T5830] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb77d64c1e7 [ 155.506418][ T5830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe158a5c40 [ 155.514386][ T5830] RBP: 00007ffe158a5c40 R08: 0000000000000000 R09: 0000000000000000 [ 155.522350][ T5830] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe158a6cf0 [ 155.530314][ T5830] R13: 000055558bffb700 R14: 431bde82d7b634db R15: 00007ffe158a6c94 [ 155.538562][ T5830] [ 155.541719][ T5830] Kernel Offset: disabled [ 155.546086][ T5830] Rebooting in 86400 seconds..