./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3760746667 <...> Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts. execve("./syz-executor3760746667", ["./syz-executor3760746667"], 0x7ffe154a2610 /* 10 vars */) = 0 brk(NULL) = 0x5555567e7000 brk(0x5555567e7d00) = 0x5555567e7d00 arch_prctl(ARCH_SET_FS, 0x5555567e7380) = 0 set_tid_address(0x5555567e7650) = 5020 set_robust_list(0x5555567e7660, 24) = 0 rseq(0x5555567e7ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3760746667", 4096) = 28 getrandom("\x22\x35\xf6\x20\xae\x4d\xf3\x3e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555567e7d00 brk(0x555556808d00) = 0x555556808d00 brk(0x555556809000) = 0x555556809000 mprotect(0x7f0a0110a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 [ 77.640474][ T26] audit: type=1400 audit(1691701439.832:83): avc: denied { write } for pid=5017 comm="strace-static-x" path="pipe:[1976]" dev="pipefs" ino=1976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.dCLoIP", 0700) = 0 chmod("./syzkaller.dCLoIP", 0777) = 0 chdir("./syzkaller.dCLoIP") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5021 ./strace-static-x86_64: Process 5021 attached [ 77.686325][ T26] audit: type=1400 audit(1691701439.882:84): avc: denied { execmem } for pid=5020 comm="syz-executor376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 77.711816][ T26] audit: type=1400 audit(1691701439.902:85): avc: denied { read write } for pid=5020 comm="syz-executor376" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5021] set_robust_list(0x5555567e7660, 24) = 0 [pid 5021] chdir("./0") = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 77.737234][ T26] audit: type=1400 audit(1691701439.902:86): avc: denied { open } for pid=5020 comm="syz-executor376" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5021] write(3, "1000", 4) = 4 [pid 5021] close(3) = 0 [pid 5021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5021] memfd_create("syzkaller", 0) = 3 [pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [ 77.763530][ T26] audit: type=1400 audit(1691701439.912:87): avc: denied { ioctl } for pid=5020 comm="syz-executor376" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 77.786667][ T5021] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5021 'syz-executor376' [pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5021] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5021] close(3) = 0 [pid 5021] mkdir("./file0", 0777) = 0 [ 78.034773][ T5021] loop0: detected capacity change from 0 to 32768 [ 78.044049][ T26] audit: type=1400 audit(1691701440.242:88): avc: denied { append } for pid=4450 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.054349][ T5021] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5021) [ 78.066632][ T26] audit: type=1400 audit(1691701440.242:89): avc: denied { open } for pid=4450 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.102422][ T26] audit: type=1400 audit(1691701440.242:90): avc: denied { getattr } for pid=4450 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.126126][ T26] audit: type=1400 audit(1691701440.242:91): avc: denied { mounton } for pid=5021 comm="syz-executor376" path="/root/syzkaller.dCLoIP/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 78.153145][ T5021] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.162369][ T5021] BTRFS info (device loop0): setting nodatacow, compression disabled [ 78.171175][ T5021] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.182081][ T5021] BTRFS info (device loop0): trying to use backup root at mount time [ 78.190270][ T5021] BTRFS info (device loop0): disabling tree log [ 78.196625][ T5021] BTRFS info (device loop0): enabling auto defrag [ 78.203114][ T5021] BTRFS info (device loop0): using free space tree [pid 5021] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5021] chdir("./file0") = 0 [pid 5021] ioctl(4, LOOP_CLR_FD) = 0 [pid 5021] close(4) = 0 [pid 5021] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5021] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [ 78.228369][ T5021] BTRFS info (device loop0): enabling ssd optimizations [ 78.235752][ T5021] BTRFS info (device loop0): auto enabling async discard [ 78.249651][ T26] audit: type=1400 audit(1691701440.442:92): avc: denied { mount } for pid=5021 comm="syz-executor376" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5021] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5021] exit_group(0) = ? [pid 5021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x5555567e7660, 24) = 0 [pid 5050] chdir("./1") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5050] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./file0", 0777) = 0 [ 78.841236][ T5050] loop0: detected capacity change from 0 to 32768 [ 78.853619][ T5050] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5050) [ 78.873274][ T5050] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.882069][ T5050] BTRFS info (device loop0): setting nodatacow, compression disabled [ 78.890245][ T5050] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.900955][ T5050] BTRFS info (device loop0): trying to use backup root at mount time [ 78.909142][ T5050] BTRFS info (device loop0): disabling tree log [ 78.915503][ T5050] BTRFS info (device loop0): enabling auto defrag [ 78.921953][ T5050] BTRFS info (device loop0): using free space tree [pid 5050] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./file0") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5050] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5050] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5050] exit_group(0) = ? [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [ 78.942449][ T5050] BTRFS info (device loop0): enabling ssd optimizations [ 78.949960][ T5050] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x5555567e7660, 24) = 0 [pid 5075] chdir("./2") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5075] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [ 79.470282][ T5075] loop0: detected capacity change from 0 to 32768 [ 79.482227][ T5075] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5075) [ 79.500453][ T5075] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.509399][ T5075] BTRFS info (device loop0): setting nodatacow, compression disabled [ 79.517585][ T5075] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 79.528270][ T5075] BTRFS info (device loop0): trying to use backup root at mount time [ 79.536455][ T5075] BTRFS info (device loop0): disabling tree log [ 79.542745][ T5075] BTRFS info (device loop0): enabling auto defrag [ 79.549280][ T5075] BTRFS info (device loop0): using free space tree [pid 5075] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5075] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5075] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 79.570284][ T5075] BTRFS info (device loop0): enabling ssd optimizations [ 79.577693][ T5075] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x5555567e7660, 24) = 0 [pid 5092] chdir("./3") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5092] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] mkdir("./file0", 0777) = 0 [ 80.089088][ T5092] loop0: detected capacity change from 0 to 32768 [ 80.099611][ T5092] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5092) [ 80.117657][ T5092] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.126556][ T5092] BTRFS info (device loop0): setting nodatacow, compression disabled [ 80.134824][ T5092] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.145568][ T5092] BTRFS info (device loop0): trying to use backup root at mount time [ 80.153939][ T5092] BTRFS info (device loop0): disabling tree log [ 80.160316][ T5092] BTRFS info (device loop0): enabling auto defrag [ 80.166870][ T5092] BTRFS info (device loop0): using free space tree [pid 5092] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file0") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4) = 0 [pid 5092] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5092] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5092] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 80.186591][ T5092] BTRFS info (device loop0): enabling ssd optimizations [ 80.193671][ T5092] BTRFS info (device loop0): auto enabling async discard umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5109 ./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x5555567e7660, 24) = 0 [pid 5109] chdir("./4") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5109] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file0", 0777) = 0 [ 80.700237][ T5109] loop0: detected capacity change from 0 to 32768 [ 80.710352][ T5109] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5109) [ 80.731252][ T5109] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.740829][ T5109] BTRFS info (device loop0): setting nodatacow, compression disabled [ 80.749237][ T5109] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.759991][ T5109] BTRFS info (device loop0): trying to use backup root at mount time [ 80.768703][ T5109] BTRFS info (device loop0): disabling tree log [ 80.775680][ T5109] BTRFS info (device loop0): enabling auto defrag [ 80.782527][ T5109] BTRFS info (device loop0): using free space tree [pid 5109] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file0") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5109] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [ 80.802686][ T5109] BTRFS info (device loop0): enabling ssd optimizations [ 80.809835][ T5109] BTRFS info (device loop0): auto enabling async discard [pid 5109] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5109] exit_group(0) = ? [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=35 /* 0.35 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5126 ./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x5555567e7660, 24) = 0 [pid 5126] chdir("./5") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5126] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [ 81.318922][ T5126] loop0: detected capacity change from 0 to 32768 [ 81.328991][ T5126] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5126) [ 81.349132][ T5126] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.358146][ T5126] BTRFS info (device loop0): setting nodatacow, compression disabled [ 81.366442][ T5126] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 81.377147][ T5126] BTRFS info (device loop0): trying to use backup root at mount time [ 81.385777][ T5126] BTRFS info (device loop0): disabling tree log [ 81.392626][ T5126] BTRFS info (device loop0): enabling auto defrag [ 81.399207][ T5126] BTRFS info (device loop0): using free space tree [pid 5126] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5126] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5126] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5126] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 81.419639][ T5126] BTRFS info (device loop0): enabling ssd optimizations [ 81.426768][ T5126] BTRFS info (device loop0): auto enabling async discard umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x5555567e7660, 24) = 0 [pid 5143] chdir("./6") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5143] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file0", 0777) = 0 [ 81.916609][ T5143] loop0: detected capacity change from 0 to 32768 [ 81.926740][ T5143] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5143) [ 81.942761][ T5143] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.952004][ T5143] BTRFS info (device loop0): setting nodatacow, compression disabled [ 81.961161][ T5143] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 81.972551][ T5143] BTRFS info (device loop0): trying to use backup root at mount time [ 81.981442][ T5143] BTRFS info (device loop0): disabling tree log [ 81.988174][ T5143] BTRFS info (device loop0): enabling auto defrag [ 81.994982][ T5143] BTRFS info (device loop0): using free space tree [pid 5143] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file0") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5143] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5143] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.015710][ T5143] BTRFS info (device loop0): enabling ssd optimizations [ 82.022714][ T5143] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5161 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x5555567e7660, 24) = 0 [pid 5161] chdir("./7") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5161] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./file0", 0777) = 0 [ 82.546786][ T5161] loop0: detected capacity change from 0 to 32768 [ 82.557217][ T5161] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5161) [ 82.575750][ T5161] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.584713][ T5161] BTRFS info (device loop0): setting nodatacow, compression disabled [ 82.593099][ T5161] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 82.603936][ T5161] BTRFS info (device loop0): trying to use backup root at mount time [ 82.612048][ T5161] BTRFS info (device loop0): disabling tree log [ 82.618456][ T5161] BTRFS info (device loop0): enabling auto defrag [ 82.624956][ T5161] BTRFS info (device loop0): using free space tree [pid 5161] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./file0") = 0 [pid 5161] ioctl(4, LOOP_CLR_FD) = 0 [pid 5161] close(4) = 0 [pid 5161] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5161] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5161] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [ 82.645296][ T5161] BTRFS info (device loop0): enabling ssd optimizations [ 82.652435][ T5161] BTRFS info (device loop0): auto enabling async discard [pid 5161] exit_group(0) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5178 ./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x5555567e7660, 24) = 0 [pid 5178] chdir("./8") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5178] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./file0", 0777) = 0 [ 83.175415][ T5178] loop0: detected capacity change from 0 to 32768 [ 83.186046][ T5178] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5178) [ 83.208194][ T5178] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.217011][ T5178] BTRFS info (device loop0): setting nodatacow, compression disabled [ 83.225238][ T5178] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.235891][ T5178] BTRFS info (device loop0): trying to use backup root at mount time [ 83.244446][ T5178] BTRFS info (device loop0): disabling tree log [ 83.250935][ T5178] BTRFS info (device loop0): enabling auto defrag [ 83.257671][ T5178] BTRFS info (device loop0): using free space tree [pid 5178] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file0") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [pid 5178] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5178] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5178] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5178] exit_group(0) = ? [ 83.277981][ T5178] BTRFS info (device loop0): enabling ssd optimizations [ 83.285431][ T5178] BTRFS info (device loop0): auto enabling async discard [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5195 ./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x5555567e7660, 24) = 0 [pid 5195] chdir("./9") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5195] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file0", 0777) = 0 [ 83.799928][ T5195] loop0: detected capacity change from 0 to 32768 [ 83.809557][ T5195] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5195) [ 83.829792][ T5195] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.838984][ T5195] BTRFS info (device loop0): setting nodatacow, compression disabled [ 83.847718][ T5195] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.858827][ T5195] BTRFS info (device loop0): trying to use backup root at mount time [ 83.867273][ T5195] BTRFS info (device loop0): disabling tree log [ 83.875107][ T5195] BTRFS info (device loop0): enabling auto defrag [ 83.881970][ T5195] BTRFS info (device loop0): using free space tree [pid 5195] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file0") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5195] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5195] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [ 83.900713][ T5195] BTRFS info (device loop0): enabling ssd optimizations [ 83.908056][ T5195] BTRFS info (device loop0): auto enabling async discard [pid 5195] exit_group(0) = ? [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x5555567e7660, 24) = 0 [pid 5212] chdir("./10") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5212] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file0", 0777) = 0 [ 84.423588][ T5212] loop0: detected capacity change from 0 to 32768 [ 84.434376][ T5212] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5212) [ 84.450525][ T5212] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.459947][ T5212] BTRFS info (device loop0): setting nodatacow, compression disabled [ 84.469329][ T5212] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 84.480343][ T5212] BTRFS info (device loop0): trying to use backup root at mount time [ 84.488844][ T5212] BTRFS info (device loop0): disabling tree log [ 84.495395][ T5212] BTRFS info (device loop0): enabling auto defrag [ 84.501842][ T5212] BTRFS info (device loop0): using free space tree [pid 5212] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file0") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5212] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5212] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5212] exit_group(0) = ? [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.522641][ T5212] BTRFS info (device loop0): enabling ssd optimizations [ 84.529967][ T5212] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x5555567e7660, 24) = 0 [pid 5229] chdir("./11") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] memfd_create("syzkaller", 0) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5229] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] mkdir("./file0", 0777) = 0 [ 85.029922][ T5229] loop0: detected capacity change from 0 to 32768 [ 85.041097][ T5229] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5229) [ 85.059014][ T5229] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.068236][ T5229] BTRFS info (device loop0): setting nodatacow, compression disabled [ 85.076673][ T5229] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 85.087574][ T5229] BTRFS info (device loop0): trying to use backup root at mount time [ 85.096023][ T5229] BTRFS info (device loop0): disabling tree log [ 85.102294][ T5229] BTRFS info (device loop0): enabling auto defrag [ 85.109369][ T5229] BTRFS info (device loop0): using free space tree [pid 5229] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./file0") = 0 [pid 5229] ioctl(4, LOOP_CLR_FD) = 0 [pid 5229] close(4) = 0 [pid 5229] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5229] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5229] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5229] exit_group(0) = ? [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [ 85.128862][ T5229] BTRFS info (device loop0): enabling ssd optimizations [ 85.136204][ T5229] BTRFS info (device loop0): auto enabling async discard umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5246 ./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x5555567e7660, 24) = 0 [pid 5246] chdir("./12") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5246] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file0", 0777) = 0 [ 85.627708][ T5246] loop0: detected capacity change from 0 to 32768 [ 85.641672][ T5246] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5246) [ 85.656712][ T5246] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.665549][ T5246] BTRFS info (device loop0): setting nodatacow, compression disabled [ 85.673876][ T5246] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 85.684569][ T5246] BTRFS info (device loop0): trying to use backup root at mount time [ 85.692696][ T5246] BTRFS info (device loop0): disabling tree log [ 85.699083][ T5246] BTRFS info (device loop0): enabling auto defrag [ 85.705574][ T5246] BTRFS info (device loop0): using free space tree [pid 5246] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file0") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5246] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5246] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5246] exit_group(0) = ? [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 85.724073][ T5246] BTRFS info (device loop0): enabling ssd optimizations [ 85.731071][ T5246] BTRFS info (device loop0): auto enabling async discard unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x5555567e7660, 24) = 0 [pid 5263] chdir("./13") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5263] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./file0", 0777) = 0 [ 86.263585][ T5263] loop0: detected capacity change from 0 to 32768 [ 86.274573][ T5263] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5263) [ 86.292810][ T5263] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.301921][ T5263] BTRFS info (device loop0): setting nodatacow, compression disabled [ 86.310234][ T5263] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 86.320988][ T5263] BTRFS info (device loop0): trying to use backup root at mount time [ 86.329184][ T5263] BTRFS info (device loop0): disabling tree log [ 86.335806][ T5263] BTRFS info (device loop0): enabling auto defrag [ 86.342625][ T5263] BTRFS info (device loop0): using free space tree [pid 5263] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file0") = 0 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5263] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [ 86.361945][ T5263] BTRFS info (device loop0): enabling ssd optimizations [ 86.369473][ T5263] BTRFS info (device loop0): auto enabling async discard [pid 5263] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5263] exit_group(0) = ? [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5280 ./strace-static-x86_64: Process 5280 attached [pid 5280] set_robust_list(0x5555567e7660, 24) = 0 [pid 5280] chdir("./14") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] memfd_create("syzkaller", 0) = 3 [pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5280] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5280] close(3) = 0 [pid 5280] mkdir("./file0", 0777) = 0 [ 86.953590][ T5280] loop0: detected capacity change from 0 to 32768 [ 86.966935][ T5280] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5280) [ 86.997468][ T5280] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.006616][ T5280] BTRFS info (device loop0): setting nodatacow, compression disabled [ 87.015406][ T5280] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 87.026655][ T5280] BTRFS info (device loop0): trying to use backup root at mount time [ 87.035260][ T5280] BTRFS info (device loop0): disabling tree log [ 87.041626][ T5280] BTRFS info (device loop0): enabling auto defrag [pid 5280] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5280] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5280] chdir("./file0") = 0 [pid 5280] ioctl(4, LOOP_CLR_FD) = 0 [pid 5280] close(4) = 0 [pid 5280] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5280] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [ 87.048597][ T5280] BTRFS info (device loop0): using free space tree [ 87.070653][ T5280] BTRFS info (device loop0): enabling ssd optimizations [ 87.078126][ T5280] BTRFS info (device loop0): auto enabling async discard [pid 5280] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5280] exit_group(0) = ? [pid 5280] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=36 /* 0.36 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5297 ./strace-static-x86_64: Process 5297 attached [pid 5297] set_robust_list(0x5555567e7660, 24) = 0 [pid 5297] chdir("./15") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5297] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] mkdir("./file0", 0777) = 0 [ 87.742919][ T5297] loop0: detected capacity change from 0 to 32768 [ 87.753920][ T5297] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5297) [ 87.770919][ T5297] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.780248][ T5297] BTRFS info (device loop0): setting nodatacow, compression disabled [ 87.788846][ T5297] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 87.799828][ T5297] BTRFS info (device loop0): trying to use backup root at mount time [ 87.808867][ T5297] BTRFS info (device loop0): disabling tree log [ 87.817621][ T5297] BTRFS info (device loop0): enabling auto defrag [ 87.824582][ T5297] BTRFS info (device loop0): using free space tree [pid 5297] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./file0") = 0 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5297] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5297] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5297] exit_group(0) = ? [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 87.843376][ T5297] BTRFS info (device loop0): enabling ssd optimizations [ 87.850457][ T5297] BTRFS info (device loop0): auto enabling async discard umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5314 ./strace-static-x86_64: Process 5314 attached [pid 5314] set_robust_list(0x5555567e7660, 24) = 0 [pid 5314] chdir("./16") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] memfd_create("syzkaller", 0) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5314] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] mkdir("./file0", 0777) = 0 [ 88.354805][ T5314] loop0: detected capacity change from 0 to 32768 [ 88.364829][ T5314] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5314) [ 88.382691][ T5314] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.391581][ T5314] BTRFS info (device loop0): setting nodatacow, compression disabled [ 88.399744][ T5314] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 88.410416][ T5314] BTRFS info (device loop0): trying to use backup root at mount time [ 88.418609][ T5314] BTRFS info (device loop0): disabling tree log [ 88.424940][ T5314] BTRFS info (device loop0): enabling auto defrag [ 88.431393][ T5314] BTRFS info (device loop0): using free space tree [pid 5314] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file0") = 0 [pid 5314] ioctl(4, LOOP_CLR_FD) = 0 [pid 5314] close(4) = 0 [pid 5314] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5314] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5314] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5314] exit_group(0) = ? [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 88.459965][ T5314] BTRFS info (device loop0): enabling ssd optimizations [ 88.467028][ T5314] BTRFS info (device loop0): auto enabling async discard getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x5555567e7660, 24) = 0 [pid 5331] chdir("./17") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] memfd_create("syzkaller", 0) = 3 [pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5331] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5331] close(3) = 0 [pid 5331] mkdir("./file0", 0777) = 0 [ 88.983469][ T5331] loop0: detected capacity change from 0 to 32768 [ 88.993213][ T5331] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5331) [ 89.010927][ T5331] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.019816][ T5331] BTRFS info (device loop0): setting nodatacow, compression disabled [ 89.028235][ T5331] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 89.038980][ T5331] BTRFS info (device loop0): trying to use backup root at mount time [ 89.047208][ T5331] BTRFS info (device loop0): disabling tree log [ 89.053559][ T5331] BTRFS info (device loop0): enabling auto defrag [ 89.060922][ T5331] BTRFS info (device loop0): using free space tree [pid 5331] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5331] chdir("./file0") = 0 [pid 5331] ioctl(4, LOOP_CLR_FD) = 0 [pid 5331] close(4) = 0 [pid 5331] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5331] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5331] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5331] exit_group(0) = ? [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 89.079699][ T5331] BTRFS info (device loop0): enabling ssd optimizations [ 89.086794][ T5331] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5348 ./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x5555567e7660, 24) = 0 [pid 5348] chdir("./18") = 0 [pid 5348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5348] setpgid(0, 0) = 0 [pid 5348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5348] write(3, "1000", 4) = 4 [pid 5348] close(3) = 0 [pid 5348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5348] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] mkdir("./file0", 0777) = 0 [ 89.600067][ T5348] loop0: detected capacity change from 0 to 32768 [ 89.609959][ T5348] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5348) [ 89.630245][ T5348] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.639361][ T5348] BTRFS info (device loop0): setting nodatacow, compression disabled [ 89.647638][ T5348] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 89.658744][ T5348] BTRFS info (device loop0): trying to use backup root at mount time [ 89.667097][ T5348] BTRFS info (device loop0): disabling tree log [ 89.673541][ T5348] BTRFS info (device loop0): enabling auto defrag [ 89.680017][ T5348] BTRFS info (device loop0): using free space tree [pid 5348] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file0") = 0 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5348] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5348] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5348] exit_group(0) = ? [pid 5348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5348, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [ 89.699712][ T5348] BTRFS info (device loop0): enabling ssd optimizations [ 89.706855][ T5348] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x5555567e7660, 24) = 0 [pid 5365] chdir("./19") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] memfd_create("syzkaller", 0) = 3 [pid 5365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5365] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5365] close(3) = 0 [pid 5365] mkdir("./file0", 0777) = 0 [ 90.204417][ T5365] loop0: detected capacity change from 0 to 32768 [ 90.215501][ T5365] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5365) [ 90.233210][ T5365] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.241964][ T5365] BTRFS info (device loop0): setting nodatacow, compression disabled [ 90.250392][ T5365] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 90.261194][ T5365] BTRFS info (device loop0): trying to use backup root at mount time [ 90.269590][ T5365] BTRFS info (device loop0): disabling tree log [ 90.276340][ T5365] BTRFS info (device loop0): enabling auto defrag [ 90.282799][ T5365] BTRFS info (device loop0): using free space tree [pid 5365] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5365] chdir("./file0") = 0 [pid 5365] ioctl(4, LOOP_CLR_FD) = 0 [pid 5365] close(4) = 0 [pid 5365] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5365] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5365] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5365] exit_group(0) = ? [ 90.302038][ T5365] BTRFS info (device loop0): enabling ssd optimizations [ 90.309184][ T5365] BTRFS info (device loop0): auto enabling async discard [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5382 ./strace-static-x86_64: Process 5382 attached [pid 5382] set_robust_list(0x5555567e7660, 24) = 0 [pid 5382] chdir("./20") = 0 [pid 5382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5382] setpgid(0, 0) = 0 [pid 5382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5382] write(3, "1000", 4) = 4 [pid 5382] close(3) = 0 [pid 5382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5382] memfd_create("syzkaller", 0) = 3 [pid 5382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5382] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5382] close(3) = 0 [pid 5382] mkdir("./file0", 0777) = 0 [ 90.821538][ T5382] loop0: detected capacity change from 0 to 32768 [ 90.843162][ T5382] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5382) [ 90.860958][ T5382] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.869943][ T5382] BTRFS info (device loop0): setting nodatacow, compression disabled [ 90.878228][ T5382] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 90.888968][ T5382] BTRFS info (device loop0): trying to use backup root at mount time [ 90.897372][ T5382] BTRFS info (device loop0): disabling tree log [ 90.903768][ T5382] BTRFS info (device loop0): enabling auto defrag [ 90.910220][ T5382] BTRFS info (device loop0): using free space tree [pid 5382] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5382] chdir("./file0") = 0 [pid 5382] ioctl(4, LOOP_CLR_FD) = 0 [pid 5382] close(4) = 0 [pid 5382] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5382] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5382] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5382] exit_group(0) = ? [pid 5382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5382, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.929591][ T5382] BTRFS info (device loop0): enabling ssd optimizations [ 90.937606][ T5382] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5399 ./strace-static-x86_64: Process 5399 attached [pid 5399] set_robust_list(0x5555567e7660, 24) = 0 [pid 5399] chdir("./21") = 0 [pid 5399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5399] setpgid(0, 0) = 0 [pid 5399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5399] write(3, "1000", 4) = 4 [pid 5399] close(3) = 0 [pid 5399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5399] memfd_create("syzkaller", 0) = 3 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5399] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] close(3) = 0 [pid 5399] mkdir("./file0", 0777) = 0 [ 91.437741][ T5399] loop0: detected capacity change from 0 to 32768 [ 91.448868][ T5399] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5399) [ 91.466696][ T5399] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.475530][ T5399] BTRFS info (device loop0): setting nodatacow, compression disabled [ 91.483763][ T5399] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 91.494444][ T5399] BTRFS info (device loop0): trying to use backup root at mount time [ 91.502568][ T5399] BTRFS info (device loop0): disabling tree log [ 91.508937][ T5399] BTRFS info (device loop0): enabling auto defrag [ 91.515442][ T5399] BTRFS info (device loop0): using free space tree [pid 5399] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5399] chdir("./file0") = 0 [pid 5399] ioctl(4, LOOP_CLR_FD) = 0 [pid 5399] close(4) = 0 [pid 5399] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5399] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5399] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5399] exit_group(0) = ? [pid 5399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5399, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 91.533198][ T5399] BTRFS info (device loop0): enabling ssd optimizations [ 91.540493][ T5399] BTRFS info (device loop0): auto enabling async discard umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5416 ./strace-static-x86_64: Process 5416 attached [pid 5416] set_robust_list(0x5555567e7660, 24) = 0 [pid 5416] chdir("./22") = 0 [pid 5416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5416] setpgid(0, 0) = 0 [pid 5416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5416] write(3, "1000", 4) = 4 [pid 5416] close(3) = 0 [pid 5416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5416] memfd_create("syzkaller", 0) = 3 [pid 5416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [ 91.896066][ T916] cfg80211: failed to load regulatory.db [pid 5416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5416] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5416] close(3) = 0 [pid 5416] mkdir("./file0", 0777) = 0 [ 92.030434][ T5416] loop0: detected capacity change from 0 to 32768 [ 92.041092][ T5416] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5416) [ 92.059085][ T5416] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.068130][ T5416] BTRFS info (device loop0): setting nodatacow, compression disabled [ 92.076558][ T5416] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 92.087452][ T5416] BTRFS info (device loop0): trying to use backup root at mount time [ 92.096026][ T5416] BTRFS info (device loop0): disabling tree log [ 92.102315][ T5416] BTRFS info (device loop0): enabling auto defrag [ 92.109239][ T5416] BTRFS info (device loop0): using free space tree [pid 5416] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5416] chdir("./file0") = 0 [pid 5416] ioctl(4, LOOP_CLR_FD) = 0 [pid 5416] close(4) = 0 [pid 5416] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5416] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5416] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5416] exit_group(0) = ? [pid 5416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5416, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=25 /* 0.25 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 92.126578][ T5416] BTRFS info (device loop0): enabling ssd optimizations [ 92.133667][ T5416] BTRFS info (device loop0): auto enabling async discard umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5433 ./strace-static-x86_64: Process 5433 attached [pid 5433] set_robust_list(0x5555567e7660, 24) = 0 [pid 5433] chdir("./23") = 0 [pid 5433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5433] setpgid(0, 0) = 0 [pid 5433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5433] write(3, "1000", 4) = 4 [pid 5433] close(3) = 0 [pid 5433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5433] memfd_create("syzkaller", 0) = 3 [pid 5433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5433] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5433] close(3) = 0 [pid 5433] mkdir("./file0", 0777) = 0 [ 92.634036][ T5433] loop0: detected capacity change from 0 to 32768 [ 92.643671][ T5433] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5433) [ 92.661135][ T5433] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.670419][ T5433] BTRFS info (device loop0): setting nodatacow, compression disabled [ 92.679090][ T5433] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 92.690082][ T5433] BTRFS info (device loop0): trying to use backup root at mount time [ 92.698464][ T5433] BTRFS info (device loop0): disabling tree log [ 92.705020][ T5433] BTRFS info (device loop0): enabling auto defrag [ 92.711514][ T5433] BTRFS info (device loop0): using free space tree [pid 5433] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5433] chdir("./file0") = 0 [pid 5433] ioctl(4, LOOP_CLR_FD) = 0 [pid 5433] close(4) = 0 [pid 5433] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5433] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5433] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5433] exit_group(0) = ? [pid 5433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5433, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 92.730614][ T5433] BTRFS info (device loop0): enabling ssd optimizations [ 92.737777][ T5433] BTRFS info (device loop0): auto enabling async discard umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5450 ./strace-static-x86_64: Process 5450 attached [pid 5450] set_robust_list(0x5555567e7660, 24) = 0 [pid 5450] chdir("./24") = 0 [pid 5450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5450] setpgid(0, 0) = 0 [pid 5450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5450] write(3, "1000", 4) = 4 [pid 5450] close(3) = 0 [pid 5450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5450] memfd_create("syzkaller", 0) = 3 [pid 5450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5450] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5450] close(3) = 0 [pid 5450] mkdir("./file0", 0777) = 0 [ 93.244770][ T5450] loop0: detected capacity change from 0 to 32768 [ 93.257674][ T5450] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5450) [ 93.275564][ T5450] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.284374][ T5450] BTRFS info (device loop0): setting nodatacow, compression disabled [ 93.292516][ T5450] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 93.303675][ T5450] BTRFS info (device loop0): trying to use backup root at mount time [ 93.311789][ T5450] BTRFS info (device loop0): disabling tree log [ 93.318441][ T5450] BTRFS info (device loop0): enabling auto defrag [ 93.325384][ T5450] BTRFS info (device loop0): using free space tree [pid 5450] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5450] chdir("./file0") = 0 [pid 5450] ioctl(4, LOOP_CLR_FD) = 0 [pid 5450] close(4) = 0 [pid 5450] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5450] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5450] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5450] exit_group(0) = ? [pid 5450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5450, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 93.343613][ T5450] BTRFS info (device loop0): enabling ssd optimizations [ 93.350734][ T5450] BTRFS info (device loop0): auto enabling async discard umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5467 ./strace-static-x86_64: Process 5467 attached [pid 5467] set_robust_list(0x5555567e7660, 24) = 0 [pid 5467] chdir("./25") = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5467] memfd_create("syzkaller", 0) = 3 [pid 5467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5467] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5467] close(3) = 0 [pid 5467] mkdir("./file0", 0777) = 0 [ 93.850474][ T5467] loop0: detected capacity change from 0 to 32768 [ 93.860861][ T5467] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5467) [ 93.879118][ T5467] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.888009][ T5467] BTRFS info (device loop0): setting nodatacow, compression disabled [ 93.896494][ T5467] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 93.907986][ T5467] BTRFS info (device loop0): trying to use backup root at mount time [ 93.916588][ T5467] BTRFS info (device loop0): disabling tree log [ 93.923113][ T5467] BTRFS info (device loop0): enabling auto defrag [ 93.929595][ T5467] BTRFS info (device loop0): using free space tree [pid 5467] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5467] chdir("./file0") = 0 [pid 5467] ioctl(4, LOOP_CLR_FD) = 0 [pid 5467] close(4) = 0 [pid 5467] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5467] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5467] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [ 93.949201][ T5467] BTRFS info (device loop0): enabling ssd optimizations [ 93.956368][ T5467] BTRFS info (device loop0): auto enabling async discard [pid 5467] exit_group(0) = ? [pid 5467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5484 ./strace-static-x86_64: Process 5484 attached [pid 5484] set_robust_list(0x5555567e7660, 24) = 0 [pid 5484] chdir("./26") = 0 [pid 5484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5484] setpgid(0, 0) = 0 [pid 5484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5484] write(3, "1000", 4) = 4 [pid 5484] close(3) = 0 [pid 5484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5484] memfd_create("syzkaller", 0) = 3 [pid 5484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5484] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5484] close(3) = 0 [pid 5484] mkdir("./file0", 0777) = 0 [ 94.462439][ T5484] loop0: detected capacity change from 0 to 32768 [ 94.472861][ T5484] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5484) [ 94.490636][ T5484] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.499520][ T5484] BTRFS info (device loop0): setting nodatacow, compression disabled [ 94.507988][ T5484] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 94.518730][ T5484] BTRFS info (device loop0): trying to use backup root at mount time [ 94.527366][ T5484] BTRFS info (device loop0): disabling tree log [ 94.534026][ T5484] BTRFS info (device loop0): enabling auto defrag [ 94.540497][ T5484] BTRFS info (device loop0): using free space tree [pid 5484] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5484] chdir("./file0") = 0 [pid 5484] ioctl(4, LOOP_CLR_FD) = 0 [pid 5484] close(4) = 0 [pid 5484] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5484] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5484] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [ 94.560843][ T5484] BTRFS info (device loop0): enabling ssd optimizations [ 94.568059][ T5484] BTRFS info (device loop0): auto enabling async discard [pid 5484] exit_group(0) = ? [pid 5484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5484, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5501 ./strace-static-x86_64: Process 5501 attached [pid 5501] set_robust_list(0x5555567e7660, 24) = 0 [pid 5501] chdir("./27") = 0 [pid 5501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5501] setpgid(0, 0) = 0 [pid 5501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5501] write(3, "1000", 4) = 4 [pid 5501] close(3) = 0 [pid 5501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5501] memfd_create("syzkaller", 0) = 3 [pid 5501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5501] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5501] close(3) = 0 [pid 5501] mkdir("./file0", 0777) = 0 [ 95.091516][ T5501] loop0: detected capacity change from 0 to 32768 [ 95.105697][ T5501] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5501) [ 95.124727][ T5501] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.133559][ T5501] BTRFS info (device loop0): setting nodatacow, compression disabled [ 95.141672][ T5501] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 95.152561][ T5501] BTRFS info (device loop0): trying to use backup root at mount time [ 95.160742][ T5501] BTRFS info (device loop0): disabling tree log [ 95.167573][ T5501] BTRFS info (device loop0): enabling auto defrag [ 95.174316][ T5501] BTRFS info (device loop0): using free space tree [pid 5501] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5501] chdir("./file0") = 0 [pid 5501] ioctl(4, LOOP_CLR_FD) = 0 [pid 5501] close(4) = 0 [pid 5501] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5501] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5501] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5501] exit_group(0) = ? [ 95.193551][ T5501] BTRFS info (device loop0): enabling ssd optimizations [ 95.200577][ T5501] BTRFS info (device loop0): auto enabling async discard [pid 5501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5501, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5518 ./strace-static-x86_64: Process 5518 attached [pid 5518] set_robust_list(0x5555567e7660, 24) = 0 [pid 5518] chdir("./28") = 0 [pid 5518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5518] setpgid(0, 0) = 0 [pid 5518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5518] write(3, "1000", 4) = 4 [pid 5518] close(3) = 0 [pid 5518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5518] memfd_create("syzkaller", 0) = 3 [pid 5518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5518] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5518] close(3) = 0 [pid 5518] mkdir("./file0", 0777) = 0 [ 95.695838][ T5518] loop0: detected capacity change from 0 to 32768 [ 95.705750][ T5518] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5518) [ 95.723589][ T5518] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.732356][ T5518] BTRFS info (device loop0): setting nodatacow, compression disabled [ 95.740831][ T5518] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 95.751807][ T5518] BTRFS info (device loop0): trying to use backup root at mount time [ 95.760247][ T5518] BTRFS info (device loop0): disabling tree log [ 95.766807][ T5518] BTRFS info (device loop0): enabling auto defrag [ 95.773471][ T5518] BTRFS info (device loop0): using free space tree [pid 5518] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5518] chdir("./file0") = 0 [pid 5518] ioctl(4, LOOP_CLR_FD) = 0 [pid 5518] close(4) = 0 [pid 5518] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5518] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5518] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5518] exit_group(0) = ? [pid 5518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5518, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 95.793023][ T5518] BTRFS info (device loop0): enabling ssd optimizations [ 95.800035][ T5518] BTRFS info (device loop0): auto enabling async discard unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5535 ./strace-static-x86_64: Process 5535 attached [pid 5535] set_robust_list(0x5555567e7660, 24) = 0 [pid 5535] chdir("./29") = 0 [pid 5535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5535] setpgid(0, 0) = 0 [pid 5535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5535] write(3, "1000", 4) = 4 [pid 5535] close(3) = 0 [pid 5535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5535] memfd_create("syzkaller", 0) = 3 [pid 5535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5535] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5535] close(3) = 0 [pid 5535] mkdir("./file0", 0777) = 0 [ 96.296221][ T5535] loop0: detected capacity change from 0 to 32768 [ 96.307640][ T5535] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5535) [ 96.326902][ T5535] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.335830][ T5535] BTRFS info (device loop0): setting nodatacow, compression disabled [ 96.344216][ T5535] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 96.354960][ T5535] BTRFS info (device loop0): trying to use backup root at mount time [ 96.363140][ T5535] BTRFS info (device loop0): disabling tree log [ 96.369479][ T5535] BTRFS info (device loop0): enabling auto defrag [ 96.376021][ T5535] BTRFS info (device loop0): using free space tree [pid 5535] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5535] chdir("./file0") = 0 [pid 5535] ioctl(4, LOOP_CLR_FD) = 0 [pid 5535] close(4) = 0 [pid 5535] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5535] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [ 96.392826][ T5535] BTRFS info (device loop0): enabling ssd optimizations [ 96.400279][ T5535] BTRFS info (device loop0): auto enabling async discard [pid 5535] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5535] exit_group(0) = ? [pid 5535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5535, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5553 ./strace-static-x86_64: Process 5553 attached [pid 5553] set_robust_list(0x5555567e7660, 24) = 0 [pid 5553] chdir("./30") = 0 [pid 5553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5553] setpgid(0, 0) = 0 [pid 5553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5553] write(3, "1000", 4) = 4 [pid 5553] close(3) = 0 [pid 5553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5553] memfd_create("syzkaller", 0) = 3 [pid 5553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5553] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5553] close(3) = 0 [pid 5553] mkdir("./file0", 0777) = 0 [ 96.944241][ T5553] loop0: detected capacity change from 0 to 32768 [ 96.957296][ T5553] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5553) [ 96.976842][ T5553] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.986818][ T5553] BTRFS info (device loop0): setting nodatacow, compression disabled [ 96.995603][ T5553] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 97.008292][ T5553] BTRFS info (device loop0): trying to use backup root at mount time [ 97.016659][ T5553] BTRFS info (device loop0): disabling tree log [ 97.023035][ T5553] BTRFS info (device loop0): enabling auto defrag [ 97.033004][ T5553] BTRFS info (device loop0): using free space tree [pid 5553] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5553] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5553] chdir("./file0") = 0 [pid 5553] ioctl(4, LOOP_CLR_FD) = 0 [pid 5553] close(4) = 0 [pid 5553] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5553] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5553] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5553] exit_group(0) = ? [pid 5553] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5553, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 97.118792][ T5553] BTRFS info (device loop0): enabling ssd optimizations [ 97.125912][ T5553] BTRFS info (device loop0): auto enabling async discard umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5570 ./strace-static-x86_64: Process 5570 attached [pid 5570] set_robust_list(0x5555567e7660, 24) = 0 [pid 5570] chdir("./31") = 0 [pid 5570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5570] setpgid(0, 0) = 0 [pid 5570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5570] write(3, "1000", 4) = 4 [pid 5570] close(3) = 0 [pid 5570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5570] memfd_create("syzkaller", 0) = 3 [pid 5570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5570] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5570] close(3) = 0 [pid 5570] mkdir("./file0", 0777) = 0 [ 97.604819][ T5570] loop0: detected capacity change from 0 to 32768 [ 97.616006][ T5570] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5570) [ 97.631581][ T5570] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.640434][ T5570] BTRFS info (device loop0): setting nodatacow, compression disabled [ 97.648864][ T5570] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 97.659735][ T5570] BTRFS info (device loop0): trying to use backup root at mount time [ 97.668069][ T5570] BTRFS info (device loop0): disabling tree log [ 97.674710][ T5570] BTRFS info (device loop0): enabling auto defrag [ 97.681171][ T5570] BTRFS info (device loop0): using free space tree [pid 5570] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5570] chdir("./file0") = 0 [pid 5570] ioctl(4, LOOP_CLR_FD) = 0 [pid 5570] close(4) = 0 [pid 5570] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5570] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5570] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5570] exit_group(0) = ? [pid 5570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5570, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 97.699771][ T5570] BTRFS info (device loop0): enabling ssd optimizations [ 97.706848][ T5570] BTRFS info (device loop0): auto enabling async discard umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5588 ./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x5555567e7660, 24) = 0 [pid 5588] chdir("./32") = 0 [pid 5588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5588] setpgid(0, 0) = 0 [pid 5588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5588] write(3, "1000", 4) = 4 [pid 5588] close(3) = 0 [pid 5588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5588] memfd_create("syzkaller", 0) = 3 [pid 5588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5588] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5588] close(3) = 0 [pid 5588] mkdir("./file0", 0777) = 0 [ 98.204687][ T5588] loop0: detected capacity change from 0 to 32768 [ 98.215027][ T5588] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5588) [ 98.230794][ T5588] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.240091][ T5588] BTRFS info (device loop0): setting nodatacow, compression disabled [ 98.248545][ T5588] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 98.259442][ T5588] BTRFS info (device loop0): trying to use backup root at mount time [ 98.267767][ T5588] BTRFS info (device loop0): disabling tree log [ 98.274342][ T5588] BTRFS info (device loop0): enabling auto defrag [ 98.280814][ T5588] BTRFS info (device loop0): using free space tree [pid 5588] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5588] chdir("./file0") = 0 [pid 5588] ioctl(4, LOOP_CLR_FD) = 0 [pid 5588] close(4) = 0 [pid 5588] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5588] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5588] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5588] exit_group(0) = ? [pid 5588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5588, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 98.300004][ T5588] BTRFS info (device loop0): enabling ssd optimizations [ 98.307989][ T5588] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5605 ./strace-static-x86_64: Process 5605 attached [pid 5605] set_robust_list(0x5555567e7660, 24) = 0 [pid 5605] chdir("./33") = 0 [pid 5605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5605] setpgid(0, 0) = 0 [pid 5605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5605] write(3, "1000", 4) = 4 [pid 5605] close(3) = 0 [pid 5605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5605] memfd_create("syzkaller", 0) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5605] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] mkdir("./file0", 0777) = 0 [ 98.798782][ T5605] loop0: detected capacity change from 0 to 32768 [ 98.809850][ T5605] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5605) [ 98.828095][ T5605] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.836921][ T5605] BTRFS info (device loop0): setting nodatacow, compression disabled [ 98.845152][ T5605] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 98.855879][ T5605] BTRFS info (device loop0): trying to use backup root at mount time [ 98.864091][ T5605] BTRFS info (device loop0): disabling tree log [ 98.870386][ T5605] BTRFS info (device loop0): enabling auto defrag [ 98.876990][ T5605] BTRFS info (device loop0): using free space tree [pid 5605] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] chdir("./file0") = 0 [pid 5605] ioctl(4, LOOP_CLR_FD) = 0 [pid 5605] close(4) = 0 [pid 5605] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5605] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5605] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5605] exit_group(0) = ? [pid 5605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5605, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 98.895824][ T5605] BTRFS info (device loop0): enabling ssd optimizations [ 98.903111][ T5605] BTRFS info (device loop0): auto enabling async discard umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5622 ./strace-static-x86_64: Process 5622 attached [pid 5622] set_robust_list(0x5555567e7660, 24) = 0 [pid 5622] chdir("./34") = 0 [pid 5622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5622] setpgid(0, 0) = 0 [pid 5622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5622] write(3, "1000", 4) = 4 [pid 5622] close(3) = 0 [pid 5622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5622] memfd_create("syzkaller", 0) = 3 [pid 5622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5622] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5622] close(3) = 0 [pid 5622] mkdir("./file0", 0777) = 0 [ 99.384288][ T5622] loop0: detected capacity change from 0 to 32768 [ 99.395356][ T5622] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5622) [ 99.414368][ T5622] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.423365][ T5622] BTRFS info (device loop0): setting nodatacow, compression disabled [ 99.431474][ T5622] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 99.442159][ T5622] BTRFS info (device loop0): trying to use backup root at mount time [ 99.450353][ T5622] BTRFS info (device loop0): disabling tree log [ 99.456737][ T5622] BTRFS info (device loop0): enabling auto defrag [ 99.463277][ T5622] BTRFS info (device loop0): using free space tree [pid 5622] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5622] chdir("./file0") = 0 [pid 5622] ioctl(4, LOOP_CLR_FD) = 0 [pid 5622] close(4) = 0 [pid 5622] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5622] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5622] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5622] exit_group(0) = ? [pid 5622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5622, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 99.482204][ T5622] BTRFS info (device loop0): enabling ssd optimizations [ 99.489366][ T5622] BTRFS info (device loop0): auto enabling async discard newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5639 ./strace-static-x86_64: Process 5639 attached [pid 5639] set_robust_list(0x5555567e7660, 24) = 0 [pid 5639] chdir("./35") = 0 [pid 5639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5639] setpgid(0, 0) = 0 [pid 5639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5639] write(3, "1000", 4) = 4 [pid 5639] close(3) = 0 [pid 5639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5639] memfd_create("syzkaller", 0) = 3 [pid 5639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5639] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5639] close(3) = 0 [pid 5639] mkdir("./file0", 0777) = 0 [ 99.961266][ T5639] loop0: detected capacity change from 0 to 32768 [ 99.973922][ T5639] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5639) [ 99.991274][ T5639] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.000126][ T5639] BTRFS info (device loop0): setting nodatacow, compression disabled [ 100.008391][ T5639] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 100.019085][ T5639] BTRFS info (device loop0): trying to use backup root at mount time [ 100.027267][ T5639] BTRFS info (device loop0): disabling tree log [ 100.033633][ T5639] BTRFS info (device loop0): enabling auto defrag [ 100.040105][ T5639] BTRFS info (device loop0): using free space tree [pid 5639] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5639] chdir("./file0") = 0 [pid 5639] ioctl(4, LOOP_CLR_FD) = 0 [pid 5639] close(4) = 0 [pid 5639] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5639] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5639] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5639] exit_group(0) = ? [pid 5639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5639, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 100.058289][ T5639] BTRFS info (device loop0): enabling ssd optimizations [ 100.065632][ T5639] BTRFS info (device loop0): auto enabling async discard umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5656 ./strace-static-x86_64: Process 5656 attached [pid 5656] set_robust_list(0x5555567e7660, 24) = 0 [pid 5656] chdir("./36") = 0 [pid 5656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5656] setpgid(0, 0) = 0 [pid 5656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5656] write(3, "1000", 4) = 4 [pid 5656] close(3) = 0 [pid 5656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5656] memfd_create("syzkaller", 0) = 3 [pid 5656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5656] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5656] close(3) = 0 [pid 5656] mkdir("./file0", 0777) = 0 [ 100.559175][ T5656] loop0: detected capacity change from 0 to 32768 [ 100.569545][ T5656] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5656) [ 100.587460][ T5656] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.596324][ T5656] BTRFS info (device loop0): setting nodatacow, compression disabled [ 100.604509][ T5656] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 100.615193][ T5656] BTRFS info (device loop0): trying to use backup root at mount time [ 100.623372][ T5656] BTRFS info (device loop0): disabling tree log [ 100.629757][ T5656] BTRFS info (device loop0): enabling auto defrag [ 100.636277][ T5656] BTRFS info (device loop0): using free space tree [pid 5656] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5656] chdir("./file0") = 0 [pid 5656] ioctl(4, LOOP_CLR_FD) = 0 [pid 5656] close(4) = 0 [pid 5656] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5656] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5656] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5656] exit_group(0) = ? [pid 5656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5656, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 100.655234][ T5656] BTRFS info (device loop0): enabling ssd optimizations [ 100.662397][ T5656] BTRFS info (device loop0): auto enabling async discard umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5673 ./strace-static-x86_64: Process 5673 attached [pid 5673] set_robust_list(0x5555567e7660, 24) = 0 [pid 5673] chdir("./37") = 0 [pid 5673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5673] setpgid(0, 0) = 0 [pid 5673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5673] write(3, "1000", 4) = 4 [pid 5673] close(3) = 0 [pid 5673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5673] memfd_create("syzkaller", 0) = 3 [pid 5673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5673] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5673] close(3) = 0 [pid 5673] mkdir("./file0", 0777) = 0 [ 101.161745][ T5673] loop0: detected capacity change from 0 to 32768 [ 101.171487][ T5673] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5673) [ 101.189579][ T5673] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.198527][ T5673] BTRFS info (device loop0): setting nodatacow, compression disabled [ 101.206779][ T5673] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 101.217515][ T5673] BTRFS info (device loop0): trying to use backup root at mount time [ 101.225873][ T5673] BTRFS info (device loop0): disabling tree log [ 101.232174][ T5673] BTRFS info (device loop0): enabling auto defrag [ 101.238689][ T5673] BTRFS info (device loop0): using free space tree [pid 5673] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5673] chdir("./file0") = 0 [pid 5673] ioctl(4, LOOP_CLR_FD) = 0 [pid 5673] close(4) = 0 [pid 5673] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5673] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5673] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5673] exit_group(0) = ? [pid 5673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5673, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [ 101.258557][ T5673] BTRFS info (device loop0): enabling ssd optimizations [ 101.265621][ T5673] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5690 ./strace-static-x86_64: Process 5690 attached [pid 5690] set_robust_list(0x5555567e7660, 24) = 0 [pid 5690] chdir("./38") = 0 [pid 5690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5690] setpgid(0, 0) = 0 [pid 5690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5690] write(3, "1000", 4) = 4 [pid 5690] close(3) = 0 [pid 5690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5690] memfd_create("syzkaller", 0) = 3 [pid 5690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5690] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5690] close(3) = 0 [pid 5690] mkdir("./file0", 0777) = 0 [ 101.762056][ T5690] loop0: detected capacity change from 0 to 32768 [ 101.772155][ T5690] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5690) [ 101.789394][ T5690] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.798514][ T5690] BTRFS info (device loop0): setting nodatacow, compression disabled [ 101.807371][ T5690] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 101.818390][ T5690] BTRFS info (device loop0): trying to use backup root at mount time [ 101.826738][ T5690] BTRFS info (device loop0): disabling tree log [ 101.833170][ T5690] BTRFS info (device loop0): enabling auto defrag [ 101.839645][ T5690] BTRFS info (device loop0): using free space tree [pid 5690] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5690] chdir("./file0") = 0 [pid 5690] ioctl(4, LOOP_CLR_FD) = 0 [pid 5690] close(4) = 0 [pid 5690] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5690] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5690] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5690] exit_group(0) = ? [pid 5690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5690, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 101.858561][ T5690] BTRFS info (device loop0): enabling ssd optimizations [ 101.865750][ T5690] BTRFS info (device loop0): auto enabling async discard umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5707 ./strace-static-x86_64: Process 5707 attached [pid 5707] set_robust_list(0x5555567e7660, 24) = 0 [pid 5707] chdir("./39") = 0 [pid 5707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5707] setpgid(0, 0) = 0 [pid 5707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5707] write(3, "1000", 4) = 4 [pid 5707] close(3) = 0 [pid 5707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5707] memfd_create("syzkaller", 0) = 3 [pid 5707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5707] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5707] close(3) = 0 [pid 5707] mkdir("./file0", 0777) = 0 [ 102.391201][ T5707] loop0: detected capacity change from 0 to 32768 [ 102.401409][ T5707] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5707) [ 102.419269][ T5707] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.428377][ T5707] BTRFS info (device loop0): setting nodatacow, compression disabled [ 102.436829][ T5707] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 102.447764][ T5707] BTRFS info (device loop0): trying to use backup root at mount time [ 102.456305][ T5707] BTRFS info (device loop0): disabling tree log [ 102.462674][ T5707] BTRFS info (device loop0): enabling auto defrag [ 102.469700][ T5707] BTRFS info (device loop0): using free space tree [pid 5707] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5707] chdir("./file0") = 0 [pid 5707] ioctl(4, LOOP_CLR_FD) = 0 [pid 5707] close(4) = 0 [pid 5707] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5707] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5707] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5707] exit_group(0) = ? [pid 5707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5707, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 102.488414][ T5707] BTRFS info (device loop0): enabling ssd optimizations [ 102.495705][ T5707] BTRFS info (device loop0): auto enabling async discard umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5724 ./strace-static-x86_64: Process 5724 attached [pid 5724] set_robust_list(0x5555567e7660, 24) = 0 [pid 5724] chdir("./40") = 0 [pid 5724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5724] setpgid(0, 0) = 0 [pid 5724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5724] write(3, "1000", 4) = 4 [pid 5724] close(3) = 0 [pid 5724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5724] memfd_create("syzkaller", 0) = 3 [pid 5724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5724] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5724] close(3) = 0 [pid 5724] mkdir("./file0", 0777) = 0 [ 102.980812][ T5724] loop0: detected capacity change from 0 to 32768 [ 102.990792][ T5724] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5724) [ 103.009022][ T5724] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.018138][ T5724] BTRFS info (device loop0): setting nodatacow, compression disabled [ 103.026340][ T5724] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 103.037079][ T5724] BTRFS info (device loop0): trying to use backup root at mount time [ 103.045554][ T5724] BTRFS info (device loop0): disabling tree log [ 103.051937][ T5724] BTRFS info (device loop0): enabling auto defrag [ 103.058465][ T5724] BTRFS info (device loop0): using free space tree [pid 5724] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5724] chdir("./file0") = 0 [pid 5724] ioctl(4, LOOP_CLR_FD) = 0 [pid 5724] close(4) = 0 [pid 5724] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5724] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5724] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5724] exit_group(0) = ? [pid 5724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5724, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [ 103.077418][ T5724] BTRFS info (device loop0): enabling ssd optimizations [ 103.084522][ T5724] BTRFS info (device loop0): auto enabling async discard umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5741 ./strace-static-x86_64: Process 5741 attached [pid 5741] set_robust_list(0x5555567e7660, 24) = 0 [pid 5741] chdir("./41") = 0 [pid 5741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5741] setpgid(0, 0) = 0 [pid 5741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5741] write(3, "1000", 4) = 4 [pid 5741] close(3) = 0 [pid 5741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5741] memfd_create("syzkaller", 0) = 3 [pid 5741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5741] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5741] close(3) = 0 [pid 5741] mkdir("./file0", 0777) = 0 [ 103.581810][ T5741] loop0: detected capacity change from 0 to 32768 [ 103.591540][ T5741] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5741) [ 103.609446][ T5741] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.618335][ T5741] BTRFS info (device loop0): setting nodatacow, compression disabled [ 103.626666][ T5741] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 103.637379][ T5741] BTRFS info (device loop0): trying to use backup root at mount time [ 103.645746][ T5741] BTRFS info (device loop0): disabling tree log [ 103.652029][ T5741] BTRFS info (device loop0): enabling auto defrag [ 103.658554][ T5741] BTRFS info (device loop0): using free space tree [pid 5741] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5741] chdir("./file0") = 0 [pid 5741] ioctl(4, LOOP_CLR_FD) = 0 [pid 5741] close(4) = 0 [pid 5741] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5741] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5741] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5741] exit_group(0) = ? [pid 5741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5741, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 103.677624][ T5741] BTRFS info (device loop0): enabling ssd optimizations [ 103.684767][ T5741] BTRFS info (device loop0): auto enabling async discard umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5758 ./strace-static-x86_64: Process 5758 attached [pid 5758] set_robust_list(0x5555567e7660, 24) = 0 [pid 5758] chdir("./42") = 0 [pid 5758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5758] setpgid(0, 0) = 0 [pid 5758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5758] write(3, "1000", 4) = 4 [pid 5758] close(3) = 0 [pid 5758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5758] memfd_create("syzkaller", 0) = 3 [pid 5758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5758] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5758] close(3) = 0 [pid 5758] mkdir("./file0", 0777) = 0 [ 104.168533][ T5758] loop0: detected capacity change from 0 to 32768 [ 104.178642][ T5758] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5758) [ 104.197283][ T5758] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.206243][ T5758] BTRFS info (device loop0): setting nodatacow, compression disabled [ 104.214586][ T5758] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 104.225289][ T5758] BTRFS info (device loop0): trying to use backup root at mount time [ 104.233613][ T5758] BTRFS info (device loop0): disabling tree log [ 104.239896][ T5758] BTRFS info (device loop0): enabling auto defrag [ 104.246443][ T5758] BTRFS info (device loop0): using free space tree [pid 5758] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5758] chdir("./file0") = 0 [pid 5758] ioctl(4, LOOP_CLR_FD) = 0 [pid 5758] close(4) = 0 [pid 5758] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5758] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5758] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [ 104.265472][ T5758] BTRFS info (device loop0): enabling ssd optimizations [ 104.272540][ T5758] BTRFS info (device loop0): auto enabling async discard [pid 5758] exit_group(0) = ? [pid 5758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5758, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5775 ./strace-static-x86_64: Process 5775 attached [pid 5775] set_robust_list(0x5555567e7660, 24) = 0 [pid 5775] chdir("./43") = 0 [pid 5775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5775] setpgid(0, 0) = 0 [pid 5775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5775] write(3, "1000", 4) = 4 [pid 5775] close(3) = 0 [pid 5775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5775] memfd_create("syzkaller", 0) = 3 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5775] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5775] close(3) = 0 [pid 5775] mkdir("./file0", 0777) = 0 [ 104.780667][ T5775] loop0: detected capacity change from 0 to 32768 [ 104.790769][ T5775] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5775) [ 104.808991][ T5775] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.818751][ T5775] BTRFS info (device loop0): setting nodatacow, compression disabled [ 104.827140][ T5775] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 104.838070][ T5775] BTRFS info (device loop0): trying to use backup root at mount time [ 104.846428][ T5775] BTRFS info (device loop0): disabling tree log [ 104.852700][ T5775] BTRFS info (device loop0): enabling auto defrag [ 104.859822][ T5775] BTRFS info (device loop0): using free space tree [pid 5775] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5775] chdir("./file0") = 0 [pid 5775] ioctl(4, LOOP_CLR_FD) = 0 [pid 5775] close(4) = 0 [pid 5775] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5775] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5775] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5775] exit_group(0) = ? [pid 5775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5775, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 104.879630][ T5775] BTRFS info (device loop0): enabling ssd optimizations [ 104.886806][ T5775] BTRFS info (device loop0): auto enabling async discard umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5792 ./strace-static-x86_64: Process 5792 attached [pid 5792] set_robust_list(0x5555567e7660, 24) = 0 [pid 5792] chdir("./44") = 0 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5792] memfd_create("syzkaller", 0) = 3 [pid 5792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5792] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5792] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5792] close(3) = 0 [pid 5792] mkdir("./file0", 0777) = 0 [ 105.387347][ T5792] loop0: detected capacity change from 0 to 32768 [ 105.396817][ T5792] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5792) [ 105.416370][ T5792] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.425185][ T5792] BTRFS info (device loop0): setting nodatacow, compression disabled [ 105.433398][ T5792] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 105.444084][ T5792] BTRFS info (device loop0): trying to use backup root at mount time [ 105.452203][ T5792] BTRFS info (device loop0): disabling tree log [ 105.458573][ T5792] BTRFS info (device loop0): enabling auto defrag [ 105.465101][ T5792] BTRFS info (device loop0): using free space tree [pid 5792] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5792] chdir("./file0") = 0 [pid 5792] ioctl(4, LOOP_CLR_FD) = 0 [pid 5792] close(4) = 0 [pid 5792] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5792] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5792] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5792] exit_group(0) = ? [pid 5792] +++ exited with 0 +++ [ 105.484644][ T5792] BTRFS info (device loop0): enabling ssd optimizations [ 105.491702][ T5792] BTRFS info (device loop0): auto enabling async discard --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5792, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5809 ./strace-static-x86_64: Process 5809 attached [pid 5809] set_robust_list(0x5555567e7660, 24) = 0 [pid 5809] chdir("./45") = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5809] memfd_create("syzkaller", 0) = 3 [pid 5809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5809] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5809] close(3) = 0 [pid 5809] mkdir("./file0", 0777) = 0 [ 106.004932][ T5809] loop0: detected capacity change from 0 to 32768 [ 106.015977][ T5809] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5809) [ 106.032336][ T5809] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.041241][ T5809] BTRFS info (device loop0): setting nodatacow, compression disabled [ 106.049469][ T5809] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 106.060172][ T5809] BTRFS info (device loop0): trying to use backup root at mount time [ 106.068336][ T5809] BTRFS info (device loop0): disabling tree log [ 106.074654][ T5809] BTRFS info (device loop0): enabling auto defrag [ 106.081132][ T5809] BTRFS info (device loop0): using free space tree [pid 5809] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5809] chdir("./file0") = 0 [pid 5809] ioctl(4, LOOP_CLR_FD) = 0 [pid 5809] close(4) = 0 [pid 5809] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5809] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5809] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5809] exit_group(0) = ? [pid 5809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 106.101083][ T5809] BTRFS info (device loop0): enabling ssd optimizations [ 106.108457][ T5809] BTRFS info (device loop0): auto enabling async discard umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5826 ./strace-static-x86_64: Process 5826 attached [pid 5826] set_robust_list(0x5555567e7660, 24) = 0 [pid 5826] chdir("./46") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5826] setpgid(0, 0) = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5826] memfd_create("syzkaller", 0) = 3 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5826] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] close(3) = 0 [pid 5826] mkdir("./file0", 0777) = 0 [ 106.590721][ T5826] loop0: detected capacity change from 0 to 32768 [ 106.601013][ T5826] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5826) [ 106.618951][ T5826] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.627789][ T5826] BTRFS info (device loop0): setting nodatacow, compression disabled [ 106.635986][ T5826] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 106.646667][ T5826] BTRFS info (device loop0): trying to use backup root at mount time [ 106.654890][ T5826] BTRFS info (device loop0): disabling tree log [ 106.661200][ T5826] BTRFS info (device loop0): enabling auto defrag [ 106.668016][ T5826] BTRFS info (device loop0): using free space tree [pid 5826] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5826] chdir("./file0") = 0 [pid 5826] ioctl(4, LOOP_CLR_FD) = 0 [pid 5826] close(4) = 0 [pid 5826] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5826] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5826] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5826] exit_group(0) = ? [pid 5826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5826, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 106.688619][ T5826] BTRFS info (device loop0): enabling ssd optimizations [ 106.695795][ T5826] BTRFS info (device loop0): auto enabling async discard umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5843 ./strace-static-x86_64: Process 5843 attached [pid 5843] set_robust_list(0x5555567e7660, 24) = 0 [pid 5843] chdir("./47") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5843] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] mkdir("./file0", 0777) = 0 [ 107.195927][ T5843] loop0: detected capacity change from 0 to 32768 [ 107.206258][ T5843] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5843) [ 107.222282][ T5843] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.231768][ T5843] BTRFS info (device loop0): setting nodatacow, compression disabled [ 107.240259][ T5843] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 107.251065][ T5843] BTRFS info (device loop0): trying to use backup root at mount time [ 107.259375][ T5843] BTRFS info (device loop0): disabling tree log [ 107.265736][ T5843] BTRFS info (device loop0): enabling auto defrag [ 107.272199][ T5843] BTRFS info (device loop0): using free space tree [pid 5843] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [pid 5843] ioctl(4, LOOP_CLR_FD) = 0 [pid 5843] close(4) = 0 [pid 5843] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5843] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5843] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 107.291813][ T5843] BTRFS info (device loop0): enabling ssd optimizations [ 107.299067][ T5843] BTRFS info (device loop0): auto enabling async discard umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5860 ./strace-static-x86_64: Process 5860 attached [pid 5860] set_robust_list(0x5555567e7660, 24) = 0 [pid 5860] chdir("./48") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] memfd_create("syzkaller", 0) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5860] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] mkdir("./file0", 0777) = 0 [ 107.795742][ T5860] loop0: detected capacity change from 0 to 32768 [ 107.805835][ T5860] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5860) [ 107.823192][ T5860] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.831958][ T5860] BTRFS info (device loop0): setting nodatacow, compression disabled [ 107.840173][ T5860] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 107.850873][ T5860] BTRFS info (device loop0): trying to use backup root at mount time [ 107.859066][ T5860] BTRFS info (device loop0): disabling tree log [ 107.865377][ T5860] BTRFS info (device loop0): enabling auto defrag [ 107.871920][ T5860] BTRFS info (device loop0): using free space tree [pid 5860] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file0") = 0 [pid 5860] ioctl(4, LOOP_CLR_FD) = 0 [pid 5860] close(4) = 0 [pid 5860] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5860] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5860] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5860] exit_group(0) = ? [ 107.892260][ T5860] BTRFS info (device loop0): enabling ssd optimizations [ 107.899707][ T5860] BTRFS info (device loop0): auto enabling async discard [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5877 ./strace-static-x86_64: Process 5877 attached [pid 5877] set_robust_list(0x5555567e7660, 24) = 0 [pid 5877] chdir("./49") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5877] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] mkdir("./file0", 0777) = 0 [ 108.411665][ T5877] loop0: detected capacity change from 0 to 32768 [ 108.422423][ T5877] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5877) [ 108.439516][ T5877] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.448449][ T5877] BTRFS info (device loop0): setting nodatacow, compression disabled [ 108.456947][ T5877] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 108.468032][ T5877] BTRFS info (device loop0): trying to use backup root at mount time [ 108.476493][ T5877] BTRFS info (device loop0): disabling tree log [ 108.482793][ T5877] BTRFS info (device loop0): enabling auto defrag [ 108.489378][ T5877] BTRFS info (device loop0): using free space tree [pid 5877] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./file0") = 0 [pid 5877] ioctl(4, LOOP_CLR_FD) = 0 [pid 5877] close(4) = 0 [pid 5877] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5877] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5877] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5877] exit_group(0) = ? [pid 5877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 108.510458][ T5877] BTRFS info (device loop0): enabling ssd optimizations [ 108.517579][ T5877] BTRFS info (device loop0): auto enabling async discard unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5894 ./strace-static-x86_64: Process 5894 attached [pid 5894] set_robust_list(0x5555567e7660, 24) = 0 [pid 5894] chdir("./50") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5894] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] mkdir("./file0", 0777) = 0 [ 109.002752][ T5894] loop0: detected capacity change from 0 to 32768 [ 109.012733][ T5894] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5894) [ 109.031566][ T5894] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.040466][ T5894] BTRFS info (device loop0): setting nodatacow, compression disabled [ 109.048729][ T5894] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 109.059480][ T5894] BTRFS info (device loop0): trying to use backup root at mount time [ 109.067670][ T5894] BTRFS info (device loop0): disabling tree log [ 109.074200][ T5894] BTRFS info (device loop0): enabling auto defrag [ 109.080672][ T5894] BTRFS info (device loop0): using free space tree [pid 5894] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./file0") = 0 [pid 5894] ioctl(4, LOOP_CLR_FD) = 0 [pid 5894] close(4) = 0 [pid 5894] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5894] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5894] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5894] exit_group(0) = ? [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.099854][ T5894] BTRFS info (device loop0): enabling ssd optimizations [ 109.106968][ T5894] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5911 ./strace-static-x86_64: Process 5911 attached [pid 5911] set_robust_list(0x5555567e7660, 24) = 0 [pid 5911] chdir("./51") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5911] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] mkdir("./file0", 0777) = 0 [ 109.600677][ T5911] loop0: detected capacity change from 0 to 32768 [ 109.610909][ T5911] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5911) [ 109.627072][ T5911] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.635971][ T5911] BTRFS info (device loop0): setting nodatacow, compression disabled [ 109.644179][ T5911] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 109.654896][ T5911] BTRFS info (device loop0): trying to use backup root at mount time [ 109.663070][ T5911] BTRFS info (device loop0): disabling tree log [ 109.669370][ T5911] BTRFS info (device loop0): enabling auto defrag [ 109.675887][ T5911] BTRFS info (device loop0): using free space tree [pid 5911] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file0") = 0 [pid 5911] ioctl(4, LOOP_CLR_FD) = 0 [pid 5911] close(4) = 0 [pid 5911] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5911] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5911] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5911] exit_group(0) = ? [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 109.695162][ T5911] BTRFS info (device loop0): enabling ssd optimizations [ 109.702265][ T5911] BTRFS info (device loop0): auto enabling async discard umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5928 ./strace-static-x86_64: Process 5928 attached [pid 5928] set_robust_list(0x5555567e7660, 24) = 0 [pid 5928] chdir("./52") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5928] memfd_create("syzkaller", 0) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5928] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5928] close(3) = 0 [pid 5928] mkdir("./file0", 0777) = 0 [ 110.193816][ T5928] loop0: detected capacity change from 0 to 32768 [ 110.203996][ T5928] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5928) [ 110.221632][ T5928] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.230578][ T5928] BTRFS info (device loop0): setting nodatacow, compression disabled [ 110.238980][ T5928] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 110.249672][ T5928] BTRFS info (device loop0): trying to use backup root at mount time [ 110.257862][ T5928] BTRFS info (device loop0): disabling tree log [ 110.264228][ T5928] BTRFS info (device loop0): enabling auto defrag [ 110.270705][ T5928] BTRFS info (device loop0): using free space tree [pid 5928] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./file0") = 0 [pid 5928] ioctl(4, LOOP_CLR_FD) = 0 [pid 5928] close(4) = 0 [pid 5928] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5928] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5928] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5928] exit_group(0) = ? [pid 5928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 110.291247][ T5928] BTRFS info (device loop0): enabling ssd optimizations [ 110.298473][ T5928] BTRFS info (device loop0): auto enabling async discard umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5945 ./strace-static-x86_64: Process 5945 attached [pid 5945] set_robust_list(0x5555567e7660, 24) = 0 [pid 5945] chdir("./53") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5945] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] mkdir("./file0", 0777) = 0 [ 110.788796][ T5945] loop0: detected capacity change from 0 to 32768 [ 110.799584][ T5945] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5945) [ 110.817392][ T5945] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.826216][ T5945] BTRFS info (device loop0): setting nodatacow, compression disabled [ 110.834443][ T5945] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 110.845185][ T5945] BTRFS info (device loop0): trying to use backup root at mount time [ 110.853367][ T5945] BTRFS info (device loop0): disabling tree log [ 110.859647][ T5945] BTRFS info (device loop0): enabling auto defrag [ 110.866168][ T5945] BTRFS info (device loop0): using free space tree [pid 5945] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file0") = 0 [pid 5945] ioctl(4, LOOP_CLR_FD) = 0 [pid 5945] close(4) = 0 [pid 5945] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5945] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5945] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5945] exit_group(0) = ? [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [ 110.885444][ T5945] BTRFS info (device loop0): enabling ssd optimizations [ 110.892525][ T5945] BTRFS info (device loop0): auto enabling async discard restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5962 ./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x5555567e7660, 24) = 0 [pid 5962] chdir("./54") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] memfd_create("syzkaller", 0) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5962] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] mkdir("./file0", 0777) = 0 [ 111.376803][ T5962] loop0: detected capacity change from 0 to 32768 [ 111.386505][ T5962] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5962) [ 111.403223][ T5962] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.411996][ T5962] BTRFS info (device loop0): setting nodatacow, compression disabled [ 111.420167][ T5962] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 111.430925][ T5962] BTRFS info (device loop0): trying to use backup root at mount time [ 111.439104][ T5962] BTRFS info (device loop0): disabling tree log [ 111.445450][ T5962] BTRFS info (device loop0): enabling auto defrag [ 111.451923][ T5962] BTRFS info (device loop0): using free space tree [ 111.470315][ T5962] BTRFS info (device loop0): enabling ssd optimizations [pid 5962] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5962] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5962] chdir("./file0") = 0 [pid 5962] ioctl(4, LOOP_CLR_FD) = 0 [pid 5962] close(4) = 0 [pid 5962] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5962] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5962] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5962] exit_group(0) = ? [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 111.477743][ T5962] BTRFS info (device loop0): auto enabling async discard umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5979 ./strace-static-x86_64: Process 5979 attached [pid 5979] set_robust_list(0x5555567e7660, 24) = 0 [pid 5979] chdir("./55") = 0 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5979] setpgid(0, 0) = 0 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5979] write(3, "1000", 4) = 4 [pid 5979] close(3) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5979] memfd_create("syzkaller", 0) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5979] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5979] close(3) = 0 [pid 5979] mkdir("./file0", 0777) = 0 [ 111.971822][ T5979] loop0: detected capacity change from 0 to 32768 [ 111.981876][ T5979] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5979) [ 111.997788][ T5979] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.006975][ T5979] BTRFS info (device loop0): setting nodatacow, compression disabled [ 112.016168][ T5979] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 112.027155][ T5979] BTRFS info (device loop0): trying to use backup root at mount time [ 112.035604][ T5979] BTRFS info (device loop0): disabling tree log [ 112.041879][ T5979] BTRFS info (device loop0): enabling auto defrag [ 112.048808][ T5979] BTRFS info (device loop0): using free space tree [pid 5979] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5979] chdir("./file0") = 0 [pid 5979] ioctl(4, LOOP_CLR_FD) = 0 [pid 5979] close(4) = 0 [pid 5979] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5979] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 5979] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5979] exit_group(0) = ? [pid 5979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 112.069676][ T5979] BTRFS info (device loop0): enabling ssd optimizations [ 112.076795][ T5979] BTRFS info (device loop0): auto enabling async discard umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 5996 ./strace-static-x86_64: Process 5996 attached [pid 5996] set_robust_list(0x5555567e7660, 24) = 0 [pid 5996] chdir("./56") = 0 [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5996] setpgid(0, 0) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] write(3, "1000", 4) = 4 [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5996] munmap(0x7f09f8c52000, 16777216) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5996] close(3) = 0 [pid 5996] mkdir("./file0", 0777) = 0 [ 112.597332][ T5996] loop0: detected capacity change from 0 to 32768 [ 112.607733][ T5996] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (5996) [ 112.626013][ T5996] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.634902][ T5996] BTRFS info (device loop0): setting nodatacow, compression disabled [ 112.643128][ T5996] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 112.654027][ T5996] BTRFS info (device loop0): trying to use backup root at mount time [ 112.662289][ T5996] BTRFS info (device loop0): disabling tree log [ 112.668991][ T5996] BTRFS info (device loop0): enabling auto defrag [ 112.675560][ T5996] BTRFS info (device loop0): using free space tree [pid 5996] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 5996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5996] chdir("./file0") = 0 [pid 5996] ioctl(4, LOOP_CLR_FD) = 0 [pid 5996] close(4) = 0 [pid 5996] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5996] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [ 112.695351][ T5996] BTRFS info (device loop0): enabling ssd optimizations [ 112.702464][ T5996] BTRFS info (device loop0): auto enabling async discard [pid 5996] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 5996] exit_group(0) = ? [pid 5996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6013 ./strace-static-x86_64: Process 6013 attached [pid 6013] set_robust_list(0x5555567e7660, 24) = 0 [pid 6013] chdir("./57") = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6013] setpgid(0, 0) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6013] memfd_create("syzkaller", 0) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6013] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6013] close(3) = 0 [pid 6013] mkdir("./file0", 0777) = 0 [ 113.224929][ T6013] loop0: detected capacity change from 0 to 32768 [ 113.234514][ T6013] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6013) [ 113.249847][ T6013] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.259045][ T6013] BTRFS info (device loop0): setting nodatacow, compression disabled [ 113.267498][ T6013] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 113.278499][ T6013] BTRFS info (device loop0): trying to use backup root at mount time [ 113.287197][ T6013] BTRFS info (device loop0): disabling tree log [ 113.293957][ T6013] BTRFS info (device loop0): enabling auto defrag [ 113.300408][ T6013] BTRFS info (device loop0): using free space tree [pid 6013] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./file0") = 0 [pid 6013] ioctl(4, LOOP_CLR_FD) = 0 [pid 6013] close(4) = 0 [pid 6013] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6013] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6013] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6013] exit_group(0) = ? [ 113.320620][ T6013] BTRFS info (device loop0): enabling ssd optimizations [ 113.327736][ T6013] BTRFS info (device loop0): auto enabling async discard [pid 6013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6030 ./strace-static-x86_64: Process 6030 attached [pid 6030] set_robust_list(0x5555567e7660, 24) = 0 [pid 6030] chdir("./58") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6030] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] mkdir("./file0", 0777) = 0 [ 113.830749][ T6030] loop0: detected capacity change from 0 to 32768 [ 113.841963][ T6030] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6030) [ 113.859347][ T6030] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.868364][ T6030] BTRFS info (device loop0): setting nodatacow, compression disabled [ 113.876572][ T6030] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 113.887254][ T6030] BTRFS info (device loop0): trying to use backup root at mount time [ 113.895738][ T6030] BTRFS info (device loop0): disabling tree log [ 113.902135][ T6030] BTRFS info (device loop0): enabling auto defrag [ 113.908716][ T6030] BTRFS info (device loop0): using free space tree [pid 6030] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./file0") = 0 [pid 6030] ioctl(4, LOOP_CLR_FD) = 0 [pid 6030] close(4) = 0 [pid 6030] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6030] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6030] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6030] exit_group(0) = ? [pid 6030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 113.928546][ T6030] BTRFS info (device loop0): enabling ssd optimizations [ 113.935690][ T6030] BTRFS info (device loop0): auto enabling async discard umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6047 ./strace-static-x86_64: Process 6047 attached [pid 6047] set_robust_list(0x5555567e7660, 24) = 0 [pid 6047] chdir("./59") = 0 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6047] setpgid(0, 0) = 0 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6047] write(3, "1000", 4) = 4 [pid 6047] close(3) = 0 [pid 6047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6047] memfd_create("syzkaller", 0) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6047] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6047] close(3) = 0 [pid 6047] mkdir("./file0", 0777) = 0 [ 114.441406][ T6047] loop0: detected capacity change from 0 to 32768 [ 114.451459][ T6047] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6047) [ 114.469286][ T6047] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.478431][ T6047] BTRFS info (device loop0): setting nodatacow, compression disabled [ 114.486845][ T6047] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 114.497840][ T6047] BTRFS info (device loop0): trying to use backup root at mount time [ 114.506216][ T6047] BTRFS info (device loop0): disabling tree log [ 114.512511][ T6047] BTRFS info (device loop0): enabling auto defrag [ 114.519398][ T6047] BTRFS info (device loop0): using free space tree [pid 6047] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6047] chdir("./file0") = 0 [pid 6047] ioctl(4, LOOP_CLR_FD) = 0 [pid 6047] close(4) = 0 [pid 6047] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6047] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6047] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6047] exit_group(0) = ? [pid 6047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=28 /* 0.28 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 [ 114.539520][ T6047] BTRFS info (device loop0): enabling ssd optimizations [ 114.546575][ T6047] BTRFS info (device loop0): auto enabling async discard umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6065 ./strace-static-x86_64: Process 6065 attached [pid 6065] set_robust_list(0x5555567e7660, 24) = 0 [pid 6065] chdir("./60") = 0 [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6065] setpgid(0, 0) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6065] write(3, "1000", 4) = 4 [pid 6065] close(3) = 0 [pid 6065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6065] memfd_create("syzkaller", 0) = 3 [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6065] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6065] close(3) = 0 [pid 6065] mkdir("./file0", 0777) = 0 [ 115.051051][ T6065] loop0: detected capacity change from 0 to 32768 [ 115.062006][ T6065] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6065) [ 115.081155][ T6065] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.089991][ T6065] BTRFS info (device loop0): setting nodatacow, compression disabled [ 115.098191][ T6065] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 115.108940][ T6065] BTRFS info (device loop0): trying to use backup root at mount time [ 115.117215][ T6065] BTRFS info (device loop0): disabling tree log [ 115.123557][ T6065] BTRFS info (device loop0): enabling auto defrag [ 115.130101][ T6065] BTRFS info (device loop0): using free space tree [pid 6065] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6065] chdir("./file0") = 0 [pid 6065] ioctl(4, LOOP_CLR_FD) = 0 [pid 6065] close(4) = 0 [pid 6065] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6065] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6065] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6065] exit_group(0) = ? [pid 6065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 115.150169][ T6065] BTRFS info (device loop0): enabling ssd optimizations [ 115.157263][ T6065] BTRFS info (device loop0): auto enabling async discard umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6083 ./strace-static-x86_64: Process 6083 attached [pid 6083] set_robust_list(0x5555567e7660, 24) = 0 [pid 6083] chdir("./61") = 0 [pid 6083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6083] setpgid(0, 0) = 0 [pid 6083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6083] write(3, "1000", 4) = 4 [pid 6083] close(3) = 0 [pid 6083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6083] memfd_create("syzkaller", 0) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6083] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6083] close(3) = 0 [pid 6083] mkdir("./file0", 0777) = 0 [ 115.681594][ T6083] loop0: detected capacity change from 0 to 32768 [ 115.694548][ T6083] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6083) [ 115.710893][ T6083] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.719732][ T6083] BTRFS info (device loop0): setting nodatacow, compression disabled [ 115.727889][ T6083] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 115.738596][ T6083] BTRFS info (device loop0): trying to use backup root at mount time [ 115.746745][ T6083] BTRFS info (device loop0): disabling tree log [ 115.753076][ T6083] BTRFS info (device loop0): enabling auto defrag [ 115.759558][ T6083] BTRFS info (device loop0): using free space tree [pid 6083] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./file0") = 0 [pid 6083] ioctl(4, LOOP_CLR_FD) = 0 [pid 6083] close(4) = 0 [pid 6083] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6083] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6083] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6083] exit_group(0) = ? [pid 6083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6083, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 115.778229][ T6083] BTRFS info (device loop0): enabling ssd optimizations [ 115.785462][ T6083] BTRFS info (device loop0): auto enabling async discard umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6102 ./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x5555567e7660, 24) = 0 [pid 6102] chdir("./62") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] memfd_create("syzkaller", 0) = 3 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6102] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6102] close(3) = 0 [pid 6102] mkdir("./file0", 0777) = 0 [ 116.279437][ T6102] loop0: detected capacity change from 0 to 32768 [ 116.290739][ T6102] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6102) [ 116.306969][ T6102] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.315790][ T6102] BTRFS info (device loop0): setting nodatacow, compression disabled [ 116.324050][ T6102] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 116.334718][ T6102] BTRFS info (device loop0): trying to use backup root at mount time [ 116.342822][ T6102] BTRFS info (device loop0): disabling tree log [ 116.349181][ T6102] BTRFS info (device loop0): enabling auto defrag [ 116.355890][ T6102] BTRFS info (device loop0): using free space tree [pid 6102] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6102] chdir("./file0") = 0 [pid 6102] ioctl(4, LOOP_CLR_FD) = 0 [pid 6102] close(4) = 0 [pid 6102] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6102] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6102] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6102] exit_group(0) = ? [ 116.376695][ T6102] BTRFS info (device loop0): enabling ssd optimizations [ 116.383853][ T6102] BTRFS info (device loop0): auto enabling async discard [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6121 ./strace-static-x86_64: Process 6121 attached [pid 6121] set_robust_list(0x5555567e7660, 24) = 0 [pid 6121] chdir("./63") = 0 [pid 6121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6121] setpgid(0, 0) = 0 [pid 6121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6121] write(3, "1000", 4) = 4 [pid 6121] close(3) = 0 [pid 6121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6121] memfd_create("syzkaller", 0) = 3 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6121] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6121] close(3) = 0 [pid 6121] mkdir("./file0", 0777) = 0 [ 116.882291][ T6121] loop0: detected capacity change from 0 to 32768 [ 116.892387][ T6121] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6121) [ 116.907660][ T6121] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.916441][ T6121] BTRFS info (device loop0): setting nodatacow, compression disabled [ 116.924991][ T6121] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 116.936154][ T6121] BTRFS info (device loop0): trying to use backup root at mount time [ 116.944349][ T6121] BTRFS info (device loop0): disabling tree log [ 116.950636][ T6121] BTRFS info (device loop0): enabling auto defrag [ 116.957160][ T6121] BTRFS info (device loop0): using free space tree [pid 6121] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6121] chdir("./file0") = 0 [pid 6121] ioctl(4, LOOP_CLR_FD) = 0 [pid 6121] close(4) = 0 [pid 6121] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6121] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6121] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6121] exit_group(0) = ? [pid 6121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6121, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 116.976901][ T6121] BTRFS info (device loop0): enabling ssd optimizations [ 116.984036][ T6121] BTRFS info (device loop0): auto enabling async discard umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6138 ./strace-static-x86_64: Process 6138 attached [pid 6138] set_robust_list(0x5555567e7660, 24) = 0 [pid 6138] chdir("./64") = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] memfd_create("syzkaller", 0) = 3 [pid 6138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6138] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6138] close(3) = 0 [pid 6138] mkdir("./file0", 0777) = 0 [ 117.455686][ T6138] loop0: detected capacity change from 0 to 32768 [ 117.465563][ T6138] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6138) [ 117.482064][ T6138] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.491212][ T6138] BTRFS info (device loop0): setting nodatacow, compression disabled [ 117.499943][ T6138] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 117.512520][ T6138] BTRFS info (device loop0): trying to use backup root at mount time [ 117.521014][ T6138] BTRFS info (device loop0): disabling tree log [ 117.527821][ T6138] BTRFS info (device loop0): enabling auto defrag [ 117.534571][ T6138] BTRFS info (device loop0): using free space tree [pid 6138] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6138] chdir("./file0") = 0 [pid 6138] ioctl(4, LOOP_CLR_FD) = 0 [pid 6138] close(4) = 0 [pid 6138] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6138] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6138] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [ 117.553633][ T6138] BTRFS info (device loop0): enabling ssd optimizations [ 117.560864][ T6138] BTRFS info (device loop0): auto enabling async discard [pid 6138] exit_group(0) = ? [pid 6138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6155 ./strace-static-x86_64: Process 6155 attached [pid 6155] set_robust_list(0x5555567e7660, 24) = 0 [pid 6155] chdir("./65") = 0 [pid 6155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6155] setpgid(0, 0) = 0 [pid 6155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6155] write(3, "1000", 4) = 4 [pid 6155] close(3) = 0 [pid 6155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6155] memfd_create("syzkaller", 0) = 3 [pid 6155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6155] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6155] close(3) = 0 [pid 6155] mkdir("./file0", 0777) = 0 [ 118.050687][ T6155] loop0: detected capacity change from 0 to 32768 [ 118.061931][ T6155] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6155) [ 118.079186][ T6155] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.088034][ T6155] BTRFS info (device loop0): setting nodatacow, compression disabled [ 118.096521][ T6155] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 118.107274][ T6155] BTRFS info (device loop0): trying to use backup root at mount time [ 118.115470][ T6155] BTRFS info (device loop0): disabling tree log [ 118.121753][ T6155] BTRFS info (device loop0): enabling auto defrag [ 118.128444][ T6155] BTRFS info (device loop0): using free space tree [pid 6155] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6155] chdir("./file0") = 0 [pid 6155] ioctl(4, LOOP_CLR_FD) = 0 [pid 6155] close(4) = 0 [pid 6155] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6155] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6155] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6155] exit_group(0) = ? [pid 6155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6155, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.147073][ T6155] BTRFS info (device loop0): enabling ssd optimizations [ 118.154116][ T6155] BTRFS info (device loop0): auto enabling async discard newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6172 ./strace-static-x86_64: Process 6172 attached [pid 6172] set_robust_list(0x5555567e7660, 24) = 0 [pid 6172] chdir("./66") = 0 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6172] write(3, "1000", 4) = 4 [pid 6172] close(3) = 0 [pid 6172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6172] memfd_create("syzkaller", 0) = 3 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6172] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] close(3) = 0 [pid 6172] mkdir("./file0", 0777) = 0 [ 118.647240][ T6172] loop0: detected capacity change from 0 to 32768 [ 118.658841][ T6172] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6172) [ 118.675661][ T6172] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.684459][ T6172] BTRFS info (device loop0): setting nodatacow, compression disabled [ 118.692828][ T6172] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 118.703844][ T6172] BTRFS info (device loop0): trying to use backup root at mount time [ 118.711980][ T6172] BTRFS info (device loop0): disabling tree log [ 118.718415][ T6172] BTRFS info (device loop0): enabling auto defrag [ 118.725259][ T6172] BTRFS info (device loop0): using free space tree [pid 6172] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6172] chdir("./file0") = 0 [pid 6172] ioctl(4, LOOP_CLR_FD) = 0 [pid 6172] close(4) = 0 [pid 6172] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6172] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6172] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6172] exit_group(0) = ? [pid 6172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 118.744723][ T6172] BTRFS info (device loop0): enabling ssd optimizations [ 118.752263][ T6172] BTRFS info (device loop0): auto enabling async discard umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6189 ./strace-static-x86_64: Process 6189 attached [pid 6189] set_robust_list(0x5555567e7660, 24) = 0 [pid 6189] chdir("./67") = 0 [pid 6189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6189] setpgid(0, 0) = 0 [pid 6189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6189] write(3, "1000", 4) = 4 [pid 6189] close(3) = 0 [pid 6189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6189] memfd_create("syzkaller", 0) = 3 [pid 6189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6189] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6189] close(3) = 0 [pid 6189] mkdir("./file0", 0777) = 0 [ 119.257045][ T6189] loop0: detected capacity change from 0 to 32768 [ 119.266876][ T6189] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6189) [ 119.285233][ T6189] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.294069][ T6189] BTRFS info (device loop0): setting nodatacow, compression disabled [ 119.302186][ T6189] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 119.312970][ T6189] BTRFS info (device loop0): trying to use backup root at mount time [ 119.321122][ T6189] BTRFS info (device loop0): disabling tree log [ 119.327489][ T6189] BTRFS info (device loop0): enabling auto defrag [ 119.334094][ T6189] BTRFS info (device loop0): using free space tree [pid 6189] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6189] chdir("./file0") = 0 [pid 6189] ioctl(4, LOOP_CLR_FD) = 0 [pid 6189] close(4) = 0 [pid 6189] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6189] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6189] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6189] exit_group(0) = ? [pid 6189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6189, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 119.353950][ T6189] BTRFS info (device loop0): enabling ssd optimizations [ 119.360952][ T6189] BTRFS info (device loop0): auto enabling async discard umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6206 ./strace-static-x86_64: Process 6206 attached [pid 6206] set_robust_list(0x5555567e7660, 24) = 0 [pid 6206] chdir("./68") = 0 [pid 6206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6206] setpgid(0, 0) = 0 [pid 6206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6206] write(3, "1000", 4) = 4 [pid 6206] close(3) = 0 [pid 6206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6206] memfd_create("syzkaller", 0) = 3 [pid 6206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6206] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6206] close(3) = 0 [pid 6206] mkdir("./file0", 0777) = 0 [ 119.848069][ T6206] loop0: detected capacity change from 0 to 32768 [ 119.858457][ T6206] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6206) [ 119.876718][ T6206] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.885560][ T6206] BTRFS info (device loop0): setting nodatacow, compression disabled [ 119.893909][ T6206] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 119.904794][ T6206] BTRFS info (device loop0): trying to use backup root at mount time [ 119.913340][ T6206] BTRFS info (device loop0): disabling tree log [ 119.919640][ T6206] BTRFS info (device loop0): enabling auto defrag [ 119.926143][ T6206] BTRFS info (device loop0): using free space tree [pid 6206] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6206] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6206] chdir("./file0") = 0 [pid 6206] ioctl(4, LOOP_CLR_FD) = 0 [pid 6206] close(4) = 0 [pid 6206] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6206] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6206] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6206] exit_group(0) = ? [pid 6206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6206, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 [ 119.946180][ T6206] BTRFS info (device loop0): enabling ssd optimizations [ 119.953510][ T6206] BTRFS info (device loop0): auto enabling async discard umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6223 attached , child_tidptr=0x5555567e7650) = 6223 [pid 6223] set_robust_list(0x5555567e7660, 24) = 0 [pid 6223] chdir("./69") = 0 [pid 6223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6223] setpgid(0, 0) = 0 [pid 6223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6223] write(3, "1000", 4) = 4 [pid 6223] close(3) = 0 [pid 6223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6223] memfd_create("syzkaller", 0) = 3 [pid 6223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6223] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6223] close(3) = 0 [pid 6223] mkdir("./file0", 0777) = 0 [ 120.444421][ T6223] loop0: detected capacity change from 0 to 32768 [ 120.454285][ T6223] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6223) [ 120.472101][ T6223] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.481026][ T6223] BTRFS info (device loop0): setting nodatacow, compression disabled [ 120.489262][ T6223] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 120.499975][ T6223] BTRFS info (device loop0): trying to use backup root at mount time [ 120.508154][ T6223] BTRFS info (device loop0): disabling tree log [ 120.514499][ T6223] BTRFS info (device loop0): enabling auto defrag [ 120.520957][ T6223] BTRFS info (device loop0): using free space tree [pid 6223] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6223] chdir("./file0") = 0 [pid 6223] ioctl(4, LOOP_CLR_FD) = 0 [pid 6223] close(4) = 0 [pid 6223] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6223] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6223] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6223] exit_group(0) = ? [pid 6223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6223, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 120.539762][ T6223] BTRFS info (device loop0): enabling ssd optimizations [ 120.546916][ T6223] BTRFS info (device loop0): auto enabling async discard unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6240 ./strace-static-x86_64: Process 6240 attached [pid 6240] set_robust_list(0x5555567e7660, 24) = 0 [pid 6240] chdir("./70") = 0 [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6240] setpgid(0, 0) = 0 [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6240] write(3, "1000", 4) = 4 [pid 6240] close(3) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6240] memfd_create("syzkaller", 0) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6240] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6240] close(3) = 0 [pid 6240] mkdir("./file0", 0777) = 0 [ 121.041831][ T6240] loop0: detected capacity change from 0 to 32768 [ 121.053201][ T6240] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6240) [ 121.068047][ T6240] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.076908][ T6240] BTRFS info (device loop0): setting nodatacow, compression disabled [ 121.085275][ T6240] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 121.096040][ T6240] BTRFS info (device loop0): trying to use backup root at mount time [ 121.104380][ T6240] BTRFS info (device loop0): disabling tree log [ 121.110649][ T6240] BTRFS info (device loop0): enabling auto defrag [ 121.117181][ T6240] BTRFS info (device loop0): using free space tree [pid 6240] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6240] chdir("./file0") = 0 [pid 6240] ioctl(4, LOOP_CLR_FD) = 0 [pid 6240] close(4) = 0 [pid 6240] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6240] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6240] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6240] exit_group(0) = ? [pid 6240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 121.136995][ T6240] BTRFS info (device loop0): enabling ssd optimizations [ 121.144124][ T6240] BTRFS info (device loop0): auto enabling async discard umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6257 ./strace-static-x86_64: Process 6257 attached [pid 6257] set_robust_list(0x5555567e7660, 24) = 0 [pid 6257] chdir("./71") = 0 [pid 6257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6257] setpgid(0, 0) = 0 [pid 6257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6257] write(3, "1000", 4) = 4 [pid 6257] close(3) = 0 [pid 6257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6257] memfd_create("syzkaller", 0) = 3 [pid 6257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6257] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6257] close(3) = 0 [pid 6257] mkdir("./file0", 0777) = 0 [ 121.633235][ T6257] loop0: detected capacity change from 0 to 32768 [ 121.643318][ T6257] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6257) [ 121.661793][ T6257] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.671025][ T6257] BTRFS info (device loop0): setting nodatacow, compression disabled [ 121.679269][ T6257] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 121.689994][ T6257] BTRFS info (device loop0): trying to use backup root at mount time [ 121.698143][ T6257] BTRFS info (device loop0): disabling tree log [ 121.704453][ T6257] BTRFS info (device loop0): enabling auto defrag [ 121.710902][ T6257] BTRFS info (device loop0): using free space tree [pid 6257] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6257] chdir("./file0") = 0 [pid 6257] ioctl(4, LOOP_CLR_FD) = 0 [pid 6257] close(4) = 0 [pid 6257] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6257] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6257] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6257] exit_group(0) = ? [pid 6257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6257, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 121.729693][ T6257] BTRFS info (device loop0): enabling ssd optimizations [ 121.736837][ T6257] BTRFS info (device loop0): auto enabling async discard umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6274 ./strace-static-x86_64: Process 6274 attached [pid 6274] set_robust_list(0x5555567e7660, 24) = 0 [pid 6274] chdir("./72") = 0 [pid 6274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6274] setpgid(0, 0) = 0 [pid 6274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6274] write(3, "1000", 4) = 4 [pid 6274] close(3) = 0 [pid 6274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6274] memfd_create("syzkaller", 0) = 3 [pid 6274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6274] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6274] close(3) = 0 [pid 6274] mkdir("./file0", 0777) = 0 [ 122.222348][ T6274] loop0: detected capacity change from 0 to 32768 [ 122.232056][ T6274] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6274) [ 122.248244][ T6274] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.257377][ T6274] BTRFS info (device loop0): setting nodatacow, compression disabled [pid 6274] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6274] chdir("./file0") = 0 [pid 6274] ioctl(4, LOOP_CLR_FD) = 0 [pid 6274] close(4) = 0 [pid 6274] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6274] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [ 122.265644][ T6274] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 122.276724][ T6274] BTRFS info (device loop0): trying to use backup root at mount time [ 122.285264][ T6274] BTRFS info (device loop0): disabling tree log [ 122.291570][ T6274] BTRFS info (device loop0): enabling auto defrag [ 122.298190][ T6274] BTRFS info (device loop0): using free space tree [pid 6274] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6274] exit_group(0) = ? [pid 6274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6274, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 122.318454][ T6274] BTRFS info (device loop0): enabling ssd optimizations [ 122.325771][ T6274] BTRFS info (device loop0): auto enabling async discard umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6291 ./strace-static-x86_64: Process 6291 attached [pid 6291] set_robust_list(0x5555567e7660, 24) = 0 [pid 6291] chdir("./73") = 0 [pid 6291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6291] setpgid(0, 0) = 0 [pid 6291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6291] write(3, "1000", 4) = 4 [pid 6291] close(3) = 0 [pid 6291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6291] memfd_create("syzkaller", 0) = 3 [pid 6291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6291] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6291] close(3) = 0 [pid 6291] mkdir("./file0", 0777) = 0 [ 122.812389][ T6291] loop0: detected capacity change from 0 to 32768 [ 122.824325][ T6291] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6291) [ 122.841894][ T6291] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.850813][ T6291] BTRFS info (device loop0): setting nodatacow, compression disabled [ 122.859044][ T6291] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 122.869741][ T6291] BTRFS info (device loop0): trying to use backup root at mount time [ 122.877918][ T6291] BTRFS info (device loop0): disabling tree log [ 122.884288][ T6291] BTRFS info (device loop0): enabling auto defrag [ 122.890759][ T6291] BTRFS info (device loop0): using free space tree [pid 6291] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6291] chdir("./file0") = 0 [pid 6291] ioctl(4, LOOP_CLR_FD) = 0 [pid 6291] close(4) = 0 [pid 6291] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6291] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6291] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [ 122.910696][ T6291] BTRFS info (device loop0): enabling ssd optimizations [ 122.918174][ T6291] BTRFS info (device loop0): auto enabling async discard [pid 6291] exit_group(0) = ? [pid 6291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6291, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6308 ./strace-static-x86_64: Process 6308 attached [pid 6308] set_robust_list(0x5555567e7660, 24) = 0 [pid 6308] chdir("./74") = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6308] memfd_create("syzkaller", 0) = 3 [pid 6308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6308] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6308] close(3) = 0 [pid 6308] mkdir("./file0", 0777) = 0 [ 123.416246][ T6308] loop0: detected capacity change from 0 to 32768 [ 123.427767][ T6308] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6308) [ 123.443730][ T6308] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.452799][ T6308] BTRFS info (device loop0): setting nodatacow, compression disabled [ 123.462098][ T6308] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 123.472830][ T6308] BTRFS info (device loop0): trying to use backup root at mount time [ 123.481018][ T6308] BTRFS info (device loop0): disabling tree log [ 123.487652][ T6308] BTRFS info (device loop0): enabling auto defrag [ 123.494511][ T6308] BTRFS info (device loop0): using free space tree [pid 6308] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6308] chdir("./file0") = 0 [pid 6308] ioctl(4, LOOP_CLR_FD) = 0 [pid 6308] close(4) = 0 [pid 6308] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6308] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6308] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6308] exit_group(0) = ? [pid 6308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 123.515310][ T6308] BTRFS info (device loop0): enabling ssd optimizations [ 123.522457][ T6308] BTRFS info (device loop0): auto enabling async discard umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6325 ./strace-static-x86_64: Process 6325 attached [pid 6325] set_robust_list(0x5555567e7660, 24) = 0 [pid 6325] chdir("./75") = 0 [pid 6325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6325] setpgid(0, 0) = 0 [pid 6325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6325] write(3, "1000", 4) = 4 [pid 6325] close(3) = 0 [pid 6325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6325] memfd_create("syzkaller", 0) = 3 [pid 6325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6325] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6325] close(3) = 0 [pid 6325] mkdir("./file0", 0777) = 0 [ 124.000260][ T6325] loop0: detected capacity change from 0 to 32768 [ 124.011310][ T6325] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6325) [ 124.028204][ T6325] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.037037][ T6325] BTRFS info (device loop0): setting nodatacow, compression disabled [ 124.045214][ T6325] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 124.055929][ T6325] BTRFS info (device loop0): trying to use backup root at mount time [ 124.064178][ T6325] BTRFS info (device loop0): disabling tree log [ 124.070479][ T6325] BTRFS info (device loop0): enabling auto defrag [ 124.077095][ T6325] BTRFS info (device loop0): using free space tree [pid 6325] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6325] chdir("./file0") = 0 [pid 6325] ioctl(4, LOOP_CLR_FD) = 0 [pid 6325] close(4) = 0 [pid 6325] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6325] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6325] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6325] exit_group(0) = ? [pid 6325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6325, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 [ 124.095662][ T6325] BTRFS info (device loop0): enabling ssd optimizations [ 124.103102][ T6325] BTRFS info (device loop0): auto enabling async discard umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6342 ./strace-static-x86_64: Process 6342 attached [pid 6342] set_robust_list(0x5555567e7660, 24) = 0 [pid 6342] chdir("./76") = 0 [pid 6342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6342] setpgid(0, 0) = 0 [pid 6342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6342] write(3, "1000", 4) = 4 [pid 6342] close(3) = 0 [pid 6342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6342] memfd_create("syzkaller", 0) = 3 [pid 6342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6342] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6342] close(3) = 0 [pid 6342] mkdir("./file0", 0777) = 0 [ 124.621572][ T6342] loop0: detected capacity change from 0 to 32768 [ 124.631440][ T6342] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6342) [ 124.647961][ T6342] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.656795][ T6342] BTRFS info (device loop0): setting nodatacow, compression disabled [ 124.665049][ T6342] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 124.675710][ T6342] BTRFS info (device loop0): trying to use backup root at mount time [ 124.683912][ T6342] BTRFS info (device loop0): disabling tree log [ 124.690342][ T6342] BTRFS info (device loop0): enabling auto defrag [ 124.696866][ T6342] BTRFS info (device loop0): using free space tree [pid 6342] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6342] chdir("./file0") = 0 [pid 6342] ioctl(4, LOOP_CLR_FD) = 0 [pid 6342] close(4) = 0 [pid 6342] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6342] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6342] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6342] exit_group(0) = ? [pid 6342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6342, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 124.716426][ T6342] BTRFS info (device loop0): enabling ssd optimizations [ 124.723598][ T6342] BTRFS info (device loop0): auto enabling async discard umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6359 ./strace-static-x86_64: Process 6359 attached [pid 6359] set_robust_list(0x5555567e7660, 24) = 0 [pid 6359] chdir("./77") = 0 [pid 6359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6359] setpgid(0, 0) = 0 [pid 6359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6359] write(3, "1000", 4) = 4 [pid 6359] close(3) = 0 [pid 6359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6359] memfd_create("syzkaller", 0) = 3 [pid 6359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6359] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6359] close(3) = 0 [pid 6359] mkdir("./file0", 0777) = 0 [ 125.213326][ T6359] loop0: detected capacity change from 0 to 32768 [ 125.222667][ T6359] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6359) [ 125.238448][ T6359] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.247587][ T6359] BTRFS info (device loop0): setting nodatacow, compression disabled [ 125.256105][ T6359] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 125.266953][ T6359] BTRFS info (device loop0): trying to use backup root at mount time [ 125.275340][ T6359] BTRFS info (device loop0): disabling tree log [ 125.281683][ T6359] BTRFS info (device loop0): enabling auto defrag [ 125.288351][ T6359] BTRFS info (device loop0): using free space tree [pid 6359] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6359] chdir("./file0") = 0 [pid 6359] ioctl(4, LOOP_CLR_FD) = 0 [pid 6359] close(4) = 0 [pid 6359] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6359] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6359] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6359] exit_group(0) = ? [pid 6359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6359, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 125.308166][ T6359] BTRFS info (device loop0): enabling ssd optimizations [ 125.315680][ T6359] BTRFS info (device loop0): auto enabling async discard umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6376 ./strace-static-x86_64: Process 6376 attached [pid 6376] set_robust_list(0x5555567e7660, 24) = 0 [pid 6376] chdir("./78") = 0 [pid 6376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6376] setpgid(0, 0) = 0 [pid 6376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6376] write(3, "1000", 4) = 4 [pid 6376] close(3) = 0 [pid 6376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6376] memfd_create("syzkaller", 0) = 3 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6376] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6376] close(3) = 0 [pid 6376] mkdir("./file0", 0777) = 0 [ 125.823235][ T6376] loop0: detected capacity change from 0 to 32768 [ 125.833214][ T6376] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6376) [ 125.850477][ T6376] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.859676][ T6376] BTRFS info (device loop0): setting nodatacow, compression disabled [ 125.868117][ T6376] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 125.878898][ T6376] BTRFS info (device loop0): trying to use backup root at mount time [ 125.887286][ T6376] BTRFS info (device loop0): disabling tree log [ 125.893975][ T6376] BTRFS info (device loop0): enabling auto defrag [ 125.900528][ T6376] BTRFS info (device loop0): using free space tree [pid 6376] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6376] chdir("./file0") = 0 [pid 6376] ioctl(4, LOOP_CLR_FD) = 0 [pid 6376] close(4) = 0 [pid 6376] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6376] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6376] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6376] exit_group(0) = ? [ 125.919776][ T6376] BTRFS info (device loop0): enabling ssd optimizations [ 125.926835][ T6376] BTRFS info (device loop0): auto enabling async discard [pid 6376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6376, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6393 ./strace-static-x86_64: Process 6393 attached [pid 6393] set_robust_list(0x5555567e7660, 24) = 0 [pid 6393] chdir("./79") = 0 [pid 6393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6393] setpgid(0, 0) = 0 [pid 6393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6393] write(3, "1000", 4) = 4 [pid 6393] close(3) = 0 [pid 6393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6393] memfd_create("syzkaller", 0) = 3 [pid 6393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6393] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6393] close(3) = 0 [pid 6393] mkdir("./file0", 0777) = 0 [ 126.434971][ T6393] loop0: detected capacity change from 0 to 32768 [ 126.445490][ T6393] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6393) [ 126.464929][ T6393] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 126.473934][ T6393] BTRFS info (device loop0): setting nodatacow, compression disabled [ 126.482134][ T6393] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 126.493067][ T6393] BTRFS info (device loop0): trying to use backup root at mount time [ 126.501231][ T6393] BTRFS info (device loop0): disabling tree log [ 126.507675][ T6393] BTRFS info (device loop0): enabling auto defrag [ 126.514186][ T6393] BTRFS info (device loop0): using free space tree [pid 6393] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6393] chdir("./file0") = 0 [pid 6393] ioctl(4, LOOP_CLR_FD) = 0 [pid 6393] close(4) = 0 [pid 6393] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6393] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6393] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6393] exit_group(0) = ? [ 126.532549][ T6393] BTRFS info (device loop0): enabling ssd optimizations [ 126.539896][ T6393] BTRFS info (device loop0): auto enabling async discard [pid 6393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6393, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6410 ./strace-static-x86_64: Process 6410 attached [pid 6410] set_robust_list(0x5555567e7660, 24) = 0 [pid 6410] chdir("./80") = 0 [pid 6410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6410] setpgid(0, 0) = 0 [pid 6410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6410] write(3, "1000", 4) = 4 [pid 6410] close(3) = 0 [pid 6410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6410] memfd_create("syzkaller", 0) = 3 [pid 6410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6410] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6410] close(3) = 0 [pid 6410] mkdir("./file0", 0777) = 0 [ 127.057342][ T6410] loop0: detected capacity change from 0 to 32768 [ 127.067283][ T6410] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6410) [ 127.086291][ T6410] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 127.095309][ T6410] BTRFS info (device loop0): setting nodatacow, compression disabled [ 127.103751][ T6410] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 127.114611][ T6410] BTRFS info (device loop0): trying to use backup root at mount time [ 127.123231][ T6410] BTRFS info (device loop0): disabling tree log [ 127.129519][ T6410] BTRFS info (device loop0): enabling auto defrag [ 127.136404][ T6410] BTRFS info (device loop0): using free space tree [pid 6410] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6410] chdir("./file0") = 0 [pid 6410] ioctl(4, LOOP_CLR_FD) = 0 [pid 6410] close(4) = 0 [pid 6410] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6410] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6410] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6410] exit_group(0) = ? [pid 6410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6410, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 127.157240][ T6410] BTRFS info (device loop0): enabling ssd optimizations [ 127.164344][ T6410] BTRFS info (device loop0): auto enabling async discard unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555567f0730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555567f0730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555567e86f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567e7650) = 6427 ./strace-static-x86_64: Process 6427 attached [pid 6427] set_robust_list(0x5555567e7660, 24) = 0 [pid 6427] chdir("./81") = 0 [pid 6427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6427] setpgid(0, 0) = 0 [pid 6427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6427] write(3, "1000", 4) = 4 [pid 6427] close(3) = 0 [pid 6427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6427] memfd_create("syzkaller", 0) = 3 [pid 6427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09f8c52000 [pid 6427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6427] munmap(0x7f09f8c52000, 16777216) = 0 [pid 6427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6427] close(3) = 0 [pid 6427] mkdir("./file0", 0777) = 0 [ 127.662323][ T6427] loop0: detected capacity change from 0 to 32768 [ 127.673160][ T6427] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor376 (6427) [ 127.690526][ T6427] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 127.699395][ T6427] BTRFS info (device loop0): setting nodatacow, compression disabled [ 127.707574][ T6427] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 127.718284][ T6427] BTRFS info (device loop0): trying to use backup root at mount time [ 127.726445][ T6427] BTRFS info (device loop0): disabling tree log [ 127.732744][ T6427] BTRFS info (device loop0): enabling auto defrag [ 127.739354][ T6427] BTRFS info (device loop0): using free space tree [pid 6427] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,nodatacow,usebackuproot,notreelog,nodatasum,autodefrag,user_subvol_rm_allowed,") = 0 [pid 6427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6427] chdir("./file0") = 0 [pid 6427] ioctl(4, LOOP_CLR_FD) = 0 [pid 6427] close(4) = 0 [pid 6427] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 6427] openat(AT_FDCWD, "./file2", O_RDWR|O_NOFOLLOW|O_CLOEXEC|FASYNC) = 5 [pid 6427] pwritev2(5, [{iov_base="v", iov_len=1}], 1, 0, 0) = 1 [pid 6427] exit_group(0) = ? [pid 6427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6427, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 127.759820][ T6427] BTRFS info (device loop0): enabling ssd optimizations [ 127.766958][ T6427] BTRFS info (device loop0): auto enabling async discard openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555567e86f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 127.829064][ T6441] ------------[ cut here ]------------ [ 127.834740][ T6441] kernel BUG at fs/inode.c:624! [ 127.839699][ T6441] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 127.845834][ T6441] CPU: 0 PID: 6441 Comm: btrfs-cleaner Not tainted 6.5.0-rc5-syzkaller-00063-g374a7f47bf40 #0 [ 127.856268][ T6441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 127.866367][ T6441] RIP: 0010:clear_inode+0x153/0x190 [ 127.871657][ T6441] Code: 48 c7 83 d8 00 00 00 60 00 00 00 5b 5d 41 5c c3 e8 a2 83 96 ff 0f 0b e8 9b 83 96 ff 0f 0b e8 94 83 96 ff 0f 0b e8 8d 83 96 ff <0f> 0b e8 86 83 96 ff 0f 0b e8 7f b0 e9 ff e9 db fe ff ff e8 75 b0 [ 127.891319][ T6441] RSP: 0018:ffffc9000c50faf0 EFLAGS: 00010293 [ 127.897437][ T6441] RAX: 0000000000000000 RBX: ffff8880725cf640 RCX: 0000000000000000 [ 127.905452][ T6441] RDX: ffff88807a73a140 RSI: ffffffff81ee9d33 RDI: 0000000000000007 [ 127.913472][ T6441] RBP: 0000000000000040 R08: 0000000000000007 R09: 0000000000000000 [ 127.921489][ T6441] R10: 0000000000000040 R11: 0000000000000000 R12: 0000000000000020 [ 127.929512][ T6441] R13: ffff888076bc6000 R14: 0000000000000000 R15: ffff8880725cf640 [ 127.937542][ T6441] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 127.946533][ T6441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.953166][ T6441] CR2: 000055ffa9fdf000 CR3: 000000000c776000 CR4: 00000000003506f0 [ 127.961185][ T6441] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 127.969196][ T6441] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 127.977194][ T6441] Call Trace: [ 127.980522][ T6441] [ 127.983468][ T6441] ? die+0x31/0x80 [ 127.987218][ T6441] ? do_trap+0x1ab/0x3b0 [ 127.991510][ T6441] ? clear_inode+0x153/0x190 [ 127.996170][ T6441] ? do_error_trap+0x9e/0x160 [ 128.000932][ T6441] ? clear_inode+0x153/0x190 [ 128.005643][ T6441] ? handle_invalid_op+0x2c/0x30 [ 128.010623][ T6441] ? clear_inode+0x153/0x190 [ 128.015241][ T6441] ? exc_invalid_op+0x2d/0x40 [ 128.019975][ T6441] ? asm_exc_invalid_op+0x1a/0x20 [ 128.025042][ T6441] ? clear_inode+0x153/0x190 [ 128.029666][ T6441] ? clear_inode+0x153/0x190 [ 128.034292][ T6441] btrfs_evict_inode+0x51d/0xe30 [ 128.039274][ T6441] ? btrfs_rmdir+0x680/0x680 [ 128.043893][ T6441] ? evict+0x2b7/0x6b0 [ 128.048008][ T6441] ? reacquire_held_locks+0x4b0/0x4b0 [ 128.053429][ T6441] ? pick_next_task_stop+0x1c0/0x1c0 [ 128.058747][ T6441] ? btrfs_rmdir+0x680/0x680 [ 128.063367][ T6441] evict+0x2ed/0x6b0 [ 128.067290][ T6441] iput.part.0+0x55e/0x7a0 [ 128.071735][ T6441] ? btrfs_destroy_inode+0x850/0x850 [ 128.077056][ T6441] iput+0x5c/0x80 [ 128.080725][ T6441] btrfs_run_defrag_inodes+0xc50/0xe00 [ 128.086227][ T6441] ? btrfs_defrag_file+0x37d0/0x37d0 [ 128.091562][ T6441] ? bit_wait_io_timeout+0x160/0x160 [ 128.096884][ T6441] ? spin_bug+0x1d0/0x1d0 [ 128.101244][ T6441] ? _raw_spin_unlock+0x28/0x40 [ 128.106135][ T6441] ? btrfs_clean_one_deleted_snapshot+0x2b2/0x420 [ 128.112574][ T6441] cleaner_kthread+0x2f0/0x480 [ 128.117387][ T6441] ? btree_invalidate_folio+0x360/0x360 [ 128.122996][ T6441] kthread+0x33a/0x430 [ 128.127094][ T6441] ? kthread_complete_and_exit+0x40/0x40 [ 128.132839][ T6441] ret_from_fork+0x2c/0x70 [ 128.137282][ T6441] ? kthread_complete_and_exit+0x40/0x40 [ 128.143067][ T6441] ret_from_fork_asm+0x11/0x20 [ 128.147875][ T6441] [ 128.150904][ T6441] Modules linked in: [ 128.155573][ T6441] ---[ end trace 0000000000000000 ]--- [ 128.161072][ T6441] RIP: 0010:clear_inode+0x153/0x190 [ 128.166361][ T6441] Code: 48 c7 83 d8 00 00 00 60 00 00 00 5b 5d 41 5c c3 e8 a2 83 96 ff 0f 0b e8 9b 83 96 ff 0f 0b e8 94 83 96 ff 0f 0b e8 8d 83 96 ff <0f> 0b e8 86 83 96 ff 0f 0b e8 7f b0 e9 ff e9 db fe ff ff e8 75 b0 [ 128.186077][ T6441] RSP: 0018:ffffc9000c50faf0 EFLAGS: 00010293 [ 128.192156][ T6441] RAX: 0000000000000000 RBX: ffff8880725cf640 RCX: 0000000000000000 [ 128.200179][ T6441] RDX: ffff88807a73a140 RSI: ffffffff81ee9d33 RDI: 0000000000000007 [ 128.208238][ T6441] RBP: 0000000000000040 R08: 0000000000000007 R09: 0000000000000000 [ 128.216294][ T6441] R10: 0000000000000040 R11: 0000000000000000 R12: 0000000000000020 [ 128.224339][ T6441] R13: ffff888076bc6000 R14: 0000000000000000 R15: ffff8880725cf640 [ 128.232327][ T6441] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 128.241318][ T6441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.247995][ T6441] CR2: 000055ffa9fdf000 CR3: 000000000c776000 CR4: 00000000003506f0 [ 128.256030][ T6441] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.264065][ T6441] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 128.272138][ T6441] Kernel panic - not syncing: Fatal exception [ 128.278493][ T6441] Kernel Offset: disabled [ 128.282838][ T6441] Rebooting in 86400 seconds..