./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2169291813 <...> Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts. execve("./syz-executor2169291813", ["./syz-executor2169291813"], 0x7ffc39699d30 /* 10 vars */) = 0 brk(NULL) = 0x555557145000 brk(0x555557145e00) = 0x555557145e00 arch_prctl(ARCH_SET_FS, 0x555557145480) = 0 set_tid_address(0x555557145750) = 5063 set_robust_list(0x555557145760, 24) = 0 rseq(0x555557145da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2169291813", 4096) = 28 getrandom("\xf4\x86\x85\xc5\xa4\x59\xe9\xfc", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557145e00 brk(0x555557166e00) = 0x555557166e00 brk(0x555557167000) = 0x555557167000 mprotect(0x7fda9bbd4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fda9bb24990, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fda9bb2d700}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fda9bb24990, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fda9bb2d700}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] set_robust_list(0x555557145760, 24) = 0 ./strace-static-x86_64: Process 5065 attached [pid 5064] mkdir("./syzkaller.igLMLb", 0700 [pid 5063] <... clone resumed>, child_tidptr=0x555557145750) = 5065 [pid 5065] set_robust_list(0x555557145760, 24 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... set_robust_list resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] chmod("./syzkaller.igLMLb", 0777 [pid 5065] mkdir("./syzkaller.g9r9Zb", 0700 [pid 5064] <... chmod resumed>) = 0 [pid 5064] chdir("./syzkaller.igLMLb"./strace-static-x86_64: Process 5066 attached [pid 5065] <... mkdir resumed>) = 0 [pid 5063] <... clone resumed>, child_tidptr=0x555557145750) = 5066 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] set_robust_list(0x555557145760, 24 [pid 5065] chmod("./syzkaller.g9r9Zb", 0777 [pid 5064] <... chdir resumed>) = 0 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] <... chmod resumed>) = 0 [pid 5064] mkdir("./0", 0777./strace-static-x86_64: Process 5067 attached [pid 5063] <... clone resumed>, child_tidptr=0x555557145750) = 5067 [pid 5065] chdir("./syzkaller.g9r9Zb" [pid 5066] mkdir("./syzkaller.sucdlv", 0700 [pid 5067] set_robust_list(0x555557145760, 24 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... chdir resumed>) = 0 [pid 5065] mkdir("./0", 0777) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5068 attached [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5063] <... clone resumed>, child_tidptr=0x555557145750) = 5068 [pid 5068] set_robust_list(0x555557145760, 24 [pid 5067] getrandom( [pid 5066] chmod("./syzkaller.sucdlv", 0777 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... getrandom resumed>"\xe2\x1c\xb6\x17\x42\x7a\x08\x33", 8, GRND_NONBLOCK) = 8 [pid 5068] <... set_robust_list resumed>) = 0 [pid 5066] <... chmod resumed>) = 0 [pid 5068] mkdir("./syzkaller.aGbHXI", 0700 [pid 5066] chdir("./syzkaller.sucdlv" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5068] <... mkdir resumed>) = 0 [pid 5066] <... chdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5067] mkdir("./syzkaller.8Vx9rU", 0700./strace-static-x86_64: Process 5069 attached [pid 5066] mkdir("./0", 0777 [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5069] set_robust_list(0x555557145760, 24 [pid 5063] <... clone resumed>, child_tidptr=0x555557145750) = 5069 [pid 5067] <... mkdir resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] close(3 [pid 5068] chmod("./syzkaller.aGbHXI", 0777 [pid 5064] close(3 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5069] mkdir("./syzkaller.2Vo0gq", 0700 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 ./strace-static-x86_64: Process 5070 attached [pid 5069] <... mkdir resumed>) = 0 [pid 5070] set_robust_list(0x555557145760, 24) = 0 [pid 5070] chdir("./0" [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5070] <... chdir resumed>) = 0 [pid 5069] chmod("./syzkaller.2Vo0gq", 0777 [pid 5068] <... chmod resumed>) = 0 [pid 5067] chmod("./syzkaller.8Vx9rU", 0777 [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... chmod resumed>) = 0 [pid 5066] close(3 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 5070 [pid 5070] <... prctl resumed>) = 0 [pid 5069] chdir("./syzkaller.2Vo0gq" [pid 5066] <... close resumed>) = 0 [pid 5070] setpgid(0, 0 [pid 5069] <... chdir resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached [pid 5070] <... setpgid resumed>) = 0 [pid 5069] mkdir("./0", 0777 [pid 5068] chdir("./syzkaller.aGbHXI" [pid 5067] <... chmod resumed>) = 0 [pid 5071] set_robust_list(0x555557145760, 24 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... chdir resumed>) = 0 [pid 5067] chdir("./syzkaller.8Vx9rU" [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 5071 [pid 5068] mkdir("./0", 0777 [pid 5067] <... chdir resumed>) = 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5067] mkdir("./0", 0777 [pid 5071] chdir("./0" [pid 5070] <... openat resumed>) = 3 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5067] <... mkdir resumed>) = 0 [pid 5070] write(3, "1000", 4) = 4 [pid 5068] <... mkdir resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 5072 [pid 5070] close(3 [pid 5069] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5072 attached [pid 5071] <... chdir resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5072] set_robust_list(0x555557145760, 24 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] symlink("/dev/binderfs", "./binderfs" [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5072] <... set_robust_list resumed>) = 0 [pid 5071] <... prctl resumed>) = 0 [pid 5070] <... symlink resumed>) = 0 [pid 5069] close(3 [pid 5071] setpgid(0, 0 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] chdir("./0" [pid 5071] <... setpgid resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5068] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5073 attached [pid 5072] <... chdir resumed>) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] memfd_create("syzkaller", 0 [pid 5073] set_robust_list(0x555557145760, 24 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5073] <... set_robust_list resumed>) = 0 [pid 5073] chdir("./0" [pid 5071] <... openat resumed>) = 3 [pid 5070] <... memfd_create resumed>) = 3 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] <... prctl resumed>) = 0 [pid 5073] <... chdir resumed>) = 0 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 5073 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] setpgid(0, 0 [pid 5070] <... mmap resumed>) = 0x7fda9371b000 [pid 5073] <... prctl resumed>) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] <... setpgid resumed>) = 0 [pid 5071] write(3, "1000", 4 [pid 5068] close(3 [pid 5073] <... openat resumed>) = 3 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] <... write resumed>) = 4 [pid 5068] <... close resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5071] close(3 [pid 5073] write(3, "1000", 4 [pid 5072] <... openat resumed>) = 3 [pid 5073] <... write resumed>) = 4 [pid 5071] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5067] close(3 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0 [pid 5071] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... symlink resumed>) = 0 [pid 5073] <... memfd_create resumed>) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5071] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5075 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 5074 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 5075 [pid 5072] write(3, "1000", 4./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x555557145760, 24 [pid 5071] <... memfd_create resumed>) = 3 [pid 5075] set_robust_list(0x555557145760, 24 [pid 5072] <... write resumed>) = 4 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5075] chdir("./0" [pid 5074] <... set_robust_list resumed>) = 0 [pid 5072] close(3 [pid 5071] <... mmap resumed>) = 0x7fda9371b000 [pid 5075] <... chdir resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs" [pid 5075] setpgid(0, 0 [pid 5074] chdir("./0" [pid 5075] <... setpgid resumed>) = 0 [pid 5074] <... chdir resumed>) = 0 [pid 5072] <... symlink resumed>) = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] memfd_create("syzkaller", 0 [pid 5074] symlink("/dev/binderfs", "./binderfs" [pid 5075] <... openat resumed>) = 3 [pid 5074] <... symlink resumed>) = 0 [pid 5072] <... memfd_create resumed>) = 3 [pid 5075] write(3, "1000", 4 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] <... write resumed>) = 4 [pid 5075] close(3 [pid 5074] memfd_create("syzkaller", 0 [pid 5072] <... mmap resumed>) = 0x7fda9371b000 [pid 5075] <... close resumed>) = 0 [pid 5074] <... memfd_create resumed>) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] symlink("/dev/binderfs", "./binderfs" [pid 5074] <... mmap resumed>) = 0x7fda9371b000 [pid 5075] <... symlink resumed>) = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5071] <... write resumed>) = 16777216 [pid 5070] <... write resumed>) = 16777216 [pid 5070] munmap(0x7fda9371b000, 138412032) = 0 [pid 5071] munmap(0x7fda9371b000, 138412032) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3 [pid 5075] <... write resumed>) = 16777216 [pid 5073] <... write resumed>) = 16777216 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5073] munmap(0x7fda9371b000, 138412032 [pid 5072] <... write resumed>) = 16777216 [pid 5071] <... openat resumed>) = 4 [pid 5072] munmap(0x7fda9371b000, 138412032) = 0 [pid 5071] ioctl(4, LOOP_SET_FD, 3 [pid 5070] <... ioctl resumed>) = 0 [pid 5075] munmap(0x7fda9371b000, 138412032 [pid 5074] <... write resumed>) = 16777216 [pid 5073] <... munmap resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5071] <... ioctl resumed>) = 0 [pid 5070] close(3 [pid 5074] munmap(0x7fda9371b000, 138412032 [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5072] <... openat resumed>) = 4 [pid 5070] <... close resumed>) = 0 [pid 5075] <... munmap resumed>) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file0", 0777 [pid 5073] <... openat resumed>) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3 [pid 5071] <... mkdir resumed>) = 0 [pid 5070] mkdir("./file0", 0777 [ 56.708504][ T5070] loop1: detected capacity change from 0 to 32768 [ 56.727538][ T5071] loop0: detected capacity change from 0 to 32768 [ 56.749689][ T5072] loop2: detected capacity change from 0 to 32768 [pid 5071] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5075] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5074] <... munmap resumed>) = 0 [pid 5073] ioctl(4, LOOP_SET_FD, 3 [pid 5072] <... ioctl resumed>) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5075] <... openat resumed>) = 4 [pid 5074] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3 [pid 5074] ioctl(4, LOOP_SET_FD, 3 [pid 5073] <... ioctl resumed>) = 0 [pid 5072] close(3 [pid 5070] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5073] close(3 [pid 5072] <... close resumed>) = 0 [pid 5072] mkdir("./file0", 0777) = 0 [pid 5072] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5073] <... close resumed>) = 0 [pid 5073] mkdir("./file0", 0777) = 0 [pid 5073] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5075] <... ioctl resumed>) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [pid 5075] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5074] <... ioctl resumed>) = 0 [ 56.759882][ T5073] loop5: detected capacity change from 0 to 32768 [ 56.762973][ T5075] loop3: detected capacity change from 0 to 32768 [ 56.773692][ T5071] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5071) [ 56.787739][ T5074] loop4: detected capacity change from 0 to 32768 [ 56.795627][ T5070] BTRFS: device /dev/loop1 using temp-fsid e4998b70-141b-45ad-85e7-5454ae317995 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file0", 0777) = 0 [ 56.807010][ T5071] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.816749][ T5071] BTRFS info (device loop0): force clearing of disk cache [ 56.817784][ T5070] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5070) [ 56.824695][ T5071] BTRFS info (device loop0): setting nodatasum [ 56.843291][ T5071] BTRFS info (device loop0): allowing degraded mounts [ 56.845999][ T5070] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.852875][ T5071] BTRFS info (device loop0): enabling disk space caching [ 56.859334][ T5070] BTRFS info (device loop1): force clearing of disk cache [ 56.866971][ T5071] BTRFS info (device loop0): disk space caching is enabled [ 56.873718][ T5073] BTRFS: device /dev/loop5 using temp-fsid 4fdb49ae-d2b1-4bd3-912b-bbce0de33dea [ 56.882782][ T5070] BTRFS info (device loop1): setting nodatasum [ 56.893245][ T5073] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5073) [ 56.897682][ T5070] BTRFS info (device loop1): allowing degraded mounts [ 56.915499][ T5070] BTRFS info (device loop1): enabling disk space caching [ 56.922589][ T5070] BTRFS info (device loop1): disk space caching is enabled [ 56.933130][ T5072] BTRFS: device /dev/loop2 using temp-fsid b292e217-27d1-44b4-910f-c10be64aad72 [ 56.942900][ T5073] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.945906][ T5072] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5072) [ 56.964749][ T5073] BTRFS info (device loop5): force clearing of disk cache [ 56.973204][ T5073] BTRFS info (device loop5): setting nodatasum [ 56.980074][ T5073] BTRFS info (device loop5): allowing degraded mounts [ 56.980423][ T5072] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.987010][ T5073] BTRFS info (device loop5): enabling disk space caching [ 56.996568][ T5075] BTRFS: device /dev/loop3 using temp-fsid edc407b4-36f7-4ce3-82e4-ca7e07599971 [ 57.006548][ T5072] BTRFS info (device loop2): force clearing of disk cache [ 57.013110][ T5075] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5075) [ 57.030060][ T5073] BTRFS info (device loop5): disk space caching is enabled [ 57.032291][ T5072] BTRFS info (device loop2): setting nodatasum [ 57.045731][ T5072] BTRFS info (device loop2): allowing degraded mounts [ 57.053616][ T5074] BTRFS: device /dev/loop4 using temp-fsid 07dd6d12-af6c-45af-9052-5c74f96f5d8d [ 57.056663][ T5072] BTRFS info (device loop2): enabling disk space caching [ 57.070055][ T5072] BTRFS info (device loop2): disk space caching is enabled [ 57.073372][ T5074] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5074) [ 57.077324][ T5075] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.101805][ T5075] BTRFS info (device loop3): force clearing of disk cache [ 57.109283][ T5075] BTRFS info (device loop3): setting nodatasum [ 57.116230][ T5075] BTRFS info (device loop3): allowing degraded mounts [ 57.119613][ T5074] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.123935][ T5075] BTRFS info (device loop3): enabling disk space caching [ 57.133074][ T5070] BTRFS info (device loop1): enabling ssd optimizations [ 57.141800][ T5075] BTRFS info (device loop3): disk space caching is enabled [ 57.146975][ T5071] BTRFS info (device loop0): enabling ssd optimizations [ 57.154969][ T5074] BTRFS info (device loop4): force clearing of disk cache [ 57.161168][ T5070] BTRFS info (device loop1): auto enabling async discard [ 57.169255][ T5074] BTRFS info (device loop4): setting nodatasum [ 57.175113][ T5071] BTRFS info (device loop0): auto enabling async discard [ 57.182067][ T5074] BTRFS info (device loop4): allowing degraded mounts [ 57.190525][ T5071] BTRFS info (device loop0): rebuilding free space tree [ 57.198054][ T5074] BTRFS info (device loop4): enabling disk space caching [ 57.203053][ T5070] BTRFS info (device loop1): rebuilding free space tree [ 57.210183][ T5074] BTRFS info (device loop4): disk space caching is enabled [ 57.257507][ T5071] BTRFS info (device loop0): disabling free space tree [ 57.258396][ T5072] BTRFS info (device loop2): enabling ssd optimizations [ 57.265056][ T5071] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.272768][ T5072] BTRFS info (device loop2): auto enabling async discard [ 57.282558][ T5071] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.290377][ T5070] BTRFS info (device loop1): disabling free space tree [ 57.307461][ T5073] BTRFS info (device loop5): enabling ssd optimizations [ 57.307865][ T5070] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.316770][ T5073] BTRFS info (device loop5): auto enabling async discard [ 57.326633][ T5070] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.332681][ T5073] BTRFS info (device loop5): rebuilding free space tree [ 57.341945][ T5072] BTRFS info (device loop2): rebuilding free space tree [ 57.356725][ T5071] BTRFS info (device loop0): checking UUID tree [ 57.370387][ T5073] BTRFS info (device loop5): disabling free space tree [ 57.375596][ T5072] BTRFS info (device loop2): disabling free space tree [ 57.377818][ T5073] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.384178][ T5072] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5074] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5071] <... mount resumed>) = 0 [pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file0") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] open("./file0", O_RDONLY) = 4 [ 57.398952][ T5070] BTRFS info (device loop1): checking UUID tree [ 57.403819][ T5072] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.409795][ T5075] BTRFS info (device loop3): enabling ssd optimizations [ 57.422326][ T5073] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.429236][ T5074] BTRFS info (device loop4): enabling ssd optimizations [ 57.439709][ T5075] BTRFS info (device loop3): auto enabling async discard [pid 5071] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5070] <... mount resumed>) = 0 [pid 5072] <... mount resumed>) = 0 [pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5073] <... mount resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5070] <... openat resumed>) = 3 [pid 5070] chdir("./file0" [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5072] chdir("./file0" [pid 5070] <... chdir resumed>) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5072] <... chdir resumed>) = 0 [pid 5070] ioctl(4, LOOP_CLR_FD [pid 5073] chdir("./file0" [pid 5072] ioctl(4, LOOP_CLR_FD [pid 5070] <... ioctl resumed>) = 0 [pid 5073] <... chdir resumed>) = 0 [pid 5072] <... ioctl resumed>) = 0 [pid 5070] close(4 [ 57.452107][ T5074] BTRFS info (device loop4): auto enabling async discard [ 57.453011][ T5075] BTRFS info (device loop3): rebuilding free space tree [ 57.459921][ T5072] BTRFS info (device loop2): checking UUID tree [ 57.473731][ T5073] BTRFS info (device loop5): checking UUID tree [ 57.484388][ T5074] BTRFS info (device loop4): rebuilding free space tree [ 57.497011][ T5075] BTRFS info (device loop3): disabling free space tree [pid 5073] ioctl(4, LOOP_CLR_FD [pid 5072] close(4 [pid 5070] <... close resumed>) = 0 [pid 5073] <... ioctl resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5071] <... ioctl resumed>) = 0 [pid 5070] open("./file0", O_RDONLY [pid 5071] open("./file0", O_RDONLY) = 5 [pid 5071] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5073] close(4 [pid 5072] open("./file0", O_RDONLY [pid 5071] <... ioctl resumed>) = 0 [pid 5070] <... open resumed>) = 4 [pid 5073] <... close resumed>) = 0 [pid 5072] <... open resumed>) = 4 [pid 5071] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [ 57.509688][ T5075] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.520334][ T5075] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.532660][ T5074] BTRFS info (device loop4): disabling free space tree [ 57.540791][ T5074] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5070] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5073] open("./file0", O_RDONLY [pid 5072] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5071] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] <... ioctl resumed>) = 0 [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- [pid 5070] open("./file0", O_RDONLY [pid 5064] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5073] <... open resumed>) = 4 [pid 5070] <... open resumed>) = 5 [pid 5064] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5072] <... ioctl resumed>) = 0 [pid 5070] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./0/binderfs" [pid 5072] open("./file0", O_RDONLY [pid 5070] <... ioctl resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5070] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5072] <... open resumed>) = 5 [pid 5070] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5070] exit_group(0) = ? [pid 5070] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=46 /* 0.46 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5073] <... ioctl resumed>) = 0 [pid 5072] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [ 57.555917][ T5074] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.569486][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 57.596895][ T5075] BTRFS info (device loop3): checking UUID tree [pid 5073] open("./file0", O_RDONLY [pid 5072] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./0/binderfs" [pid 5072] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] <... unlink resumed>) = 0 [pid 5073] <... open resumed>) = 5 [pid 5072] exit_group(0 [pid 5065] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5072] <... exit_group resumed>) = ? [pid 5072] +++ exited with 0 +++ [pid 5073] <... ioctl resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=47 /* 0.47 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5073] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... restart_syscall resumed>) = 0 [pid 5073] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5073] exit_group(0) = ? [pid 5066] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] +++ exited with 0 +++ [pid 5066] <... openat resumed>) = 3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./0/binderfs" [pid 5069] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... unlink resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] <... mount resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5075] <... openat resumed>) = 3 [ 57.615468][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 57.625408][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 57.641408][ T2855] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5075] chdir("./file0" [pid 5069] getdents64(3, [pid 5075] <... chdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5075] ioctl(4, LOOP_CLR_FD [pid 5069] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... ioctl resumed>) = 0 [pid 5075] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] <... close resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5075] open("./file0", O_RDONLY [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./0/binderfs" [pid 5075] <... open resumed>) = 4 [pid 5069] <... unlink resumed>) = 0 [pid 5075] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... ioctl resumed>) = 0 [pid 5075] open("./file0", O_RDONLY [pid 5074] <... mount resumed>) = 0 [pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file0") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] open("./file0", O_RDONLY) = 4 [pid 5074] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5075] <... open resumed>) = 5 [ 57.680353][ T5074] BTRFS info (device loop4): checking UUID tree [pid 5075] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5074] <... ioctl resumed>) = 0 [pid 5074] open("./file0", O_RDONLY) = 5 [pid 5074] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5074] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [pid 5068] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] exit_group(0 [pid 5068] <... openat resumed>) = 3 [pid 5075] <... exit_group resumed>) = ? [pid 5068] newfstatat(3, "", [pid 5075] +++ exited with 0 +++ [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=45 /* 0.45 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... restart_syscall resumed>) = 0 [pid 5068] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5067] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] unlink("./0/binderfs" [pid 5067] <... openat resumed>) = 3 [pid 5068] <... unlink resumed>) = 0 [pid 5067] newfstatat(3, "", [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./0/binderfs") = 0 [ 57.740102][ T2855] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./0/file0", [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./0/file0", [pid 5064] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 4 [ 57.797551][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5066] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(4, [pid 5066] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] newfstatat(4, "", [pid 5064] getdents64(4, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(4, [pid 5064] close(4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... close resumed>) = 0 [pid 5066] getdents64(4, [pid 5064] rmdir("./0/file0" [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./0/file0") = 0 [pid 5065] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(AT_FDCWD, "./0/file0", [pid 5064] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] rmdir("./0" [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... rmdir resumed>) = 0 [pid 5066] close(3 [pid 5065] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] mkdir("./1", 0777 [pid 5069] <... umount2 resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5066] rmdir("./0" [pid 5065] newfstatat(4, "", [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] mkdir("./1", 0777) = 0 [pid 5065] getdents64(4, [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... openat resumed>) = 3 [pid 5065] getdents64(4, [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(4 [pid 5069] newfstatat(AT_FDCWD, "./0/file0", [pid 5066] close(3 [pid 5065] <... close resumed>) = 0 [pid 5064] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] rmdir("./0/file0" [pid 5064] <... close resumed>) = 0 [pid 5069] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... rmdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(3, [pid 5069] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5065] close(3./strace-static-x86_64: Process 5183 attached ./strace-static-x86_64: Process 5182 attached [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 5183 [pid 5065] <... close resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 5182 [pid 5183] set_robust_list(0x555557145760, 24 [pid 5182] set_robust_list(0x555557145760, 24 [pid 5069] newfstatat(4, "", [pid 5065] rmdir("./0" [pid 5183] <... set_robust_list resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5183] chdir("./1" [pid 5182] <... set_robust_list resumed>) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5183] <... chdir resumed>) = 0 [pid 5182] chdir("./1" [pid 5069] getdents64(4, [pid 5065] mkdir("./1", 0777 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5183] <... prctl resumed>) = 0 [pid 5069] close(4 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5183] setpgid(0, 0 [pid 5069] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5183] <... setpgid resumed>) = 0 [pid 5069] rmdir("./0/file0" [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... rmdir resumed>) = 0 [pid 5183] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5183] write(3, "1000", 4 [pid 5069] getdents64(3, [pid 5065] <... ioctl resumed>) = 0 [pid 5183] <... write resumed>) = 4 [pid 5182] <... chdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5183] close(3 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] close(3./strace-static-x86_64: Process 5185 attached [pid 5183] <... close resumed>) = 0 [pid 5182] <... prctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs" [pid 5069] rmdir("./0" [pid 5183] <... symlink resumed>) = 0 [pid 5182] setpgid(0, 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5185] set_robust_list(0x555557145760, 24 [pid 5183] memfd_create("syzkaller", 0 [pid 5182] <... setpgid resumed>) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5185] <... set_robust_list resumed>) = 0 [pid 5183] <... memfd_create resumed>) = 3 [pid 5182] <... openat resumed>) = 3 [pid 5069] mkdir("./1", 0777 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 5185 [pid 5182] write(3, "1000", 4 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5182] <... write resumed>) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 5185] chdir("./1" [pid 5183] <... mmap resumed>) = 0x7fda9371b000 [pid 5185] <... chdir resumed>) = 0 [pid 5182] close(3 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] <... close resumed>) = 0 [pid 5185] setpgid(0, 0 [pid 5182] symlink("/dev/binderfs", "./binderfs" [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5185] <... setpgid resumed>) = 0 [pid 5069] close(3 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... close resumed>) = 0 [pid 5185] <... openat resumed>) = 3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached [pid 5185] write(3, "1000", 4 [pid 5182] <... symlink resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 5187 [pid 5185] <... write resumed>) = 4 [pid 5185] close(3) = 0 [pid 5187] set_robust_list(0x555557145760, 24 [pid 5185] symlink("/dev/binderfs", "./binderfs" [pid 5182] memfd_create("syzkaller", 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5185] <... symlink resumed>) = 0 [pid 5187] chdir("./1" [pid 5182] <... memfd_create resumed>) = 3 [pid 5187] <... chdir resumed>) = 0 [pid 5185] memfd_create("syzkaller", 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5185] <... memfd_create resumed>) = 3 [pid 5187] <... prctl resumed>) = 0 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5187] setpgid(0, 0 [pid 5185] <... mmap resumed>) = 0x7fda9371b000 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5187] <... setpgid resumed>) = 0 [pid 5182] <... mmap resumed>) = 0x7fda9371b000 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./0/file0", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] newfstatat(AT_FDCWD, "./0/file0", [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5068] rmdir("./0/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./0") = 0 [pid 5068] mkdir("./1", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] newfstatat(4, "", [pid 5068] <... ioctl resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached , child_tidptr=0x555557145750) = 5190 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 5190] set_robust_list(0x555557145760, 24 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5190] <... set_robust_list resumed>) = 0 [pid 5190] chdir("./1") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3 [pid 5067] close(4 [pid 5190] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs" [pid 5067] rmdir("./0/file0" [pid 5190] <... symlink resumed>) = 0 [pid 5190] memfd_create("syzkaller", 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5190] <... memfd_create resumed>) = 3 [pid 5067] getdents64(3, [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./0") = 0 [pid 5067] mkdir("./1", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x555557145760, 24) = 0 [pid 5191] chdir("./1") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5183] <... write resumed>) = 16777216 [pid 5183] munmap(0x7fda9371b000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5182] <... write resumed>) = 16777216 [pid 5183] <... openat resumed>) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5182] munmap(0x7fda9371b000, 138412032 [pid 5183] mkdir("./file0", 0777) = 0 [pid 5182] <... munmap resumed>) = 0 [ 59.300200][ T5183] loop2: detected capacity change from 0 to 32768 [pid 5183] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3 [pid 5187] <... write resumed>) = 16777216 [pid 5185] <... write resumed>) = 16777216 [pid 5185] munmap(0x7fda9371b000, 138412032 [pid 5187] munmap(0x7fda9371b000, 138412032) = 0 [pid 5182] <... ioctl resumed>) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5182] close(3 [pid 5187] <... openat resumed>) = 4 [pid 5185] <... munmap resumed>) = 0 [pid 5182] <... close resumed>) = 0 [pid 5187] ioctl(4, LOOP_SET_FD, 3 [ 59.363881][ T5183] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5183) [ 59.383981][ T5182] loop0: detected capacity change from 0 to 32768 [pid 5185] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5182] mkdir("./file0", 0777 [pid 5185] <... openat resumed>) = 4 [pid 5182] <... mkdir resumed>) = 0 [pid 5187] <... ioctl resumed>) = 0 [pid 5185] ioctl(4, LOOP_SET_FD, 3 [ 59.434417][ T5187] loop5: detected capacity change from 0 to 32768 [ 59.445370][ T5183] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.462318][ T5182] BTRFS: device /dev/loop0 using temp-fsid 22dcc47d-849d-4bbe-a674-34db601f8020 [ 59.469891][ T5183] BTRFS info (device loop2): force clearing of disk cache [ 59.472079][ T5185] loop1: detected capacity change from 0 to 32768 [pid 5182] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5190] <... write resumed>) = 16777216 [pid 5187] close(3 [pid 5190] munmap(0x7fda9371b000, 138412032 [pid 5187] <... close resumed>) = 0 [pid 5187] mkdir("./file0", 0777 [pid 5190] <... munmap resumed>) = 0 [pid 5187] <... mkdir resumed>) = 0 [pid 5187] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5190] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5185] <... ioctl resumed>) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./file0", 0777 [pid 5190] <... openat resumed>) = 4 [pid 5185] <... mkdir resumed>) = 0 [ 59.479891][ T5183] BTRFS info (device loop2): setting nodatasum [ 59.488167][ T5182] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5182) [ 59.511104][ T5183] BTRFS info (device loop2): allowing degraded mounts [pid 5190] ioctl(4, LOOP_SET_FD, 3 [pid 5191] <... write resumed>) = 16777216 [pid 5190] <... ioctl resumed>) = 0 [pid 5185] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5191] munmap(0x7fda9371b000, 138412032) = 0 [pid 5190] close(3 [pid 5191] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5190] <... close resumed>) = 0 [pid 5191] <... openat resumed>) = 4 [pid 5190] mkdir("./file0", 0777 [pid 5191] ioctl(4, LOOP_SET_FD, 3 [pid 5190] <... mkdir resumed>) = 0 [ 59.531758][ T5190] loop4: detected capacity change from 0 to 32768 [ 59.534818][ T5183] BTRFS info (device loop2): enabling disk space caching [ 59.545869][ T5183] BTRFS info (device loop2): disk space caching is enabled [ 59.551631][ T5187] BTRFS: device /dev/loop5 using temp-fsid 2752cdfd-2ff9-40c0-b1ee-384238e7c1f6 [ 59.564377][ T5182] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.567337][ T5191] loop3: detected capacity change from 0 to 32768 [pid 5191] <... ioctl resumed>) = 0 [pid 5190] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5191] close(3) = 0 [pid 5191] mkdir("./file0", 0777) = 0 [ 59.575789][ T5182] BTRFS info (device loop0): force clearing of disk cache [ 59.581979][ T5187] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5187) [ 59.588977][ T5182] BTRFS info (device loop0): setting nodatasum [ 59.607751][ T5182] BTRFS info (device loop0): allowing degraded mounts [ 59.614824][ T5182] BTRFS info (device loop0): enabling disk space caching [ 59.614845][ T5185] BTRFS: device /dev/loop1 using temp-fsid 46f7eaca-570d-4e2e-ad58-0c59f989624b [ 59.632027][ T5187] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.641293][ T5182] BTRFS info (device loop0): disk space caching is enabled [ 59.649189][ T5185] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5185) [ 59.650772][ T5187] BTRFS info (device loop5): force clearing of disk cache [ 59.669062][ T5187] BTRFS info (device loop5): setting nodatasum [ 59.675770][ T5190] BTRFS: device /dev/loop4 using temp-fsid 973a0ca8-ba9a-4ff6-b57a-91134577b0ac [pid 5191] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5183] <... mount resumed>) = 0 [pid 5183] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./file0") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] open("./file0", O_RDONLY) = 4 [ 59.675984][ T5185] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.685129][ T5190] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5190) [ 59.711622][ T5191] BTRFS: device /dev/loop3 using temp-fsid 047a2a2c-3604-4357-87ed-d9e80c52296a [ 59.720788][ T5191] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5191) [pid 5183] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5183] open("./file0", O_RDONLY) = 5 [pid 5183] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5183] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5183] exit_group(0) = ? [pid 5183] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 5066] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5187] <... mount resumed>) = 0 [pid 5182] <... mount resumed>) = 0 [pid 5182] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5182] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5182] chdir("./file0") = 0 [pid 5066] unlink("./1/binderfs" [pid 5187] <... openat resumed>) = 3 [pid 5182] ioctl(4, LOOP_CLR_FD [pid 5187] chdir("./file0") = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5187] ioctl(4, LOOP_CLR_FD [pid 5066] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5187] <... ioctl resumed>) = 0 [pid 5185] <... mount resumed>) = 0 [pid 5182] <... ioctl resumed>) = 0 [pid 5187] close(4 [pid 5185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5182] close(4 [pid 5187] <... close resumed>) = 0 [pid 5187] open("./file0", O_RDONLY [pid 5185] <... openat resumed>) = 3 [pid 5182] <... close resumed>) = 0 [pid 5187] <... open resumed>) = 4 [pid 5182] open("./file0", O_RDONLY [pid 5187] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5185] chdir("./file0" [pid 5182] <... open resumed>) = 4 [pid 5182] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5185] <... chdir resumed>) = 0 [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [pid 5185] close(4) = 0 [pid 5185] open("./file0", O_RDONLY [pid 5182] <... ioctl resumed>) = 0 [pid 5185] <... open resumed>) = 4 [pid 5182] open("./file0", O_RDONLY [pid 5185] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5182] <... open resumed>) = 5 [pid 5182] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5187] <... ioctl resumed>) = 0 [pid 5187] open("./file0", O_RDONLY [pid 5185] <... ioctl resumed>) = 0 [pid 5187] <... open resumed>) = 5 [pid 5185] open("./file0", O_RDONLY [pid 5182] <... ioctl resumed>) = 0 [pid 5191] <... mount resumed>) = 0 [pid 5190] <... mount resumed>) = 0 [pid 5187] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5185] <... open resumed>) = 5 [pid 5182] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5185] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5182] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5191] <... openat resumed>) = 3 [pid 5190] <... openat resumed>) = 3 [pid 5182] exit_group(0 [pid 5191] chdir("./file0") = 0 [pid 5190] chdir("./file0" [pid 5185] <... ioctl resumed>) = 0 [pid 5182] <... exit_group resumed>) = ? [pid 5191] ioctl(4, LOOP_CLR_FD [pid 5185] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5191] <... ioctl resumed>) = 0 [pid 5191] close(4) = 0 [pid 5191] open("./file0", O_RDONLY) = 4 [pid 5182] +++ exited with 0 +++ [pid 5190] <... chdir resumed>) = 0 [pid 5185] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5191] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5187] <... ioctl resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5190] ioctl(4, LOOP_CLR_FD [pid 5185] exit_group(0 [pid 5187] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5190] <... ioctl resumed>) = 0 [pid 5187] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5185] <... exit_group resumed>) = ? [pid 5064] <... restart_syscall resumed>) = 0 [pid 5187] exit_group(0 [pid 5191] <... ioctl resumed>) = 0 [pid 5187] <... exit_group resumed>) = ? [pid 5064] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5191] open("./file0", O_RDONLY [pid 5190] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5191] <... open resumed>) = 5 [pid 5190] <... close resumed>) = 0 [pid 5187] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ [pid 5064] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5191] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 5065] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5065] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(3, [pid 5065] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] newfstatat(3, "", [pid 5064] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(3, [pid 5064] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5190] open("./file0", O_RDONLY [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5191] <... ioctl resumed>) = 0 [pid 5190] <... open resumed>) = 4 [pid 5064] unlink("./1/binderfs" [pid 5191] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5190] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5191] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5064] <... unlink resumed>) = 0 [pid 5191] exit_group(0 [pid 5069] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5191] <... exit_group resumed>) = ? [pid 5065] unlink("./1/binderfs" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... unlink resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5065] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5191] +++ exited with 0 +++ [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./1/binderfs") = 0 [pid 5067] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5190] <... ioctl resumed>) = 0 [pid 5069] unlink("./1/binderfs" [pid 5190] open("./file0", O_RDONLY [pid 5069] <... unlink resumed>) = 0 [pid 5190] <... open resumed>) = 5 [pid 5190] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5069] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5190] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5190] exit_group(0) = ? [pid 5190] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} --- [pid 5068] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./1/binderfs") = 0 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./1/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./1") = 0 [pid 5066] mkdir("./2", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached , child_tidptr=0x555557145750) = 5289 [pid 5289] set_robust_list(0x555557145760, 24) = 0 [pid 5289] chdir("./2") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] memfd_create("syzkaller", 0) = 3 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5289] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./1/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./1") = 0 [pid 5069] mkdir("./2", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5291 ./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x555557145760, 24) = 0 [pid 5291] chdir("./2") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5291] memfd_create("syzkaller", 0) = 3 [pid 5291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./1/file0", [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./1/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5065] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(4, "", [pid 5065] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(4, "", [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5065] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./1/file0" [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... rmdir resumed>) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] getdents64(3, [pid 5065] close(4) = 0 [pid 5065] rmdir("./1/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./1") = 0 [pid 5065] mkdir("./2", 0777) = 0 [pid 5291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] close(3 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5292 attached [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] newfstatat(AT_FDCWD, "./1/file0", [pid 5292] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 5292 [pid 5292] <... set_robust_list resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] close(3 [pid 5292] chdir("./2" [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5292] <... chdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./1" [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5292] <... prctl resumed>) = 0 [pid 5292] setpgid(0, 0 [pid 5068] <... openat resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 5292] <... setpgid resumed>) = 0 [pid 5068] newfstatat(4, "", [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] mkdir("./2", 0777 [pid 5068] getdents64(4, [pid 5292] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... mkdir resumed>) = 0 [pid 5292] write(3, "1000", 4 [pid 5068] getdents64(4, [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5068] close(4) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5068] rmdir("./1/file0" [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5064] close(3 [pid 5292] <... write resumed>) = 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5292] close(3 [pid 5068] getdents64(3, [pid 5292] <... close resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5292] symlink("/dev/binderfs", "./binderfs" [pid 5068] close(3) = 0 [pid 5068] rmdir("./1" [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 5293 ./strace-static-x86_64: Process 5293 attached [pid 5292] <... symlink resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./2", 0777 [pid 5293] set_robust_list(0x555557145760, 24) = 0 [pid 5292] memfd_create("syzkaller", 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5293] chdir("./2" [pid 5292] <... memfd_create resumed>) = 3 [pid 5293] <... chdir resumed>) = 0 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5292] <... mmap resumed>) = 0x7fda9371b000 [pid 5293] <... prctl resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5293] setpgid(0, 0) = 0 [pid 5068] close(3 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... close resumed>) = 0 [pid 5293] <... openat resumed>) = 3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5294 attached [pid 5293] write(3, "1000", 4 [pid 5067] <... umount2 resumed>) = 0 [pid 5294] set_robust_list(0x555557145760, 24 [pid 5293] <... write resumed>) = 4 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 5294 [pid 5067] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5294] chdir("./2" [pid 5293] <... close resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./1/file0", [pid 5294] <... chdir resumed>) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs" [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5294] <... prctl resumed>) = 0 [pid 5067] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] setpgid(0, 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5294] <... setpgid resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] <... openat resumed>) = 4 [pid 5294] write(3, "1000", 4 [pid 5293] <... symlink resumed>) = 0 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5293] memfd_create("syzkaller", 0 [pid 5294] <... write resumed>) = 4 [pid 5067] getdents64(4, [pid 5294] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5293] <... memfd_create resumed>) = 3 [pid 5294] <... close resumed>) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs" [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] close(4 [pid 5294] <... symlink resumed>) = 0 [pid 5293] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./1/file0") = 0 [pid 5294] memfd_create("syzkaller", 0 [pid 5067] getdents64(3, [pid 5294] <... memfd_create resumed>) = 3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] close(3 [pid 5294] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./1") = 0 [pid 5067] mkdir("./2", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x555557145760, 24) = 0 [pid 5295] chdir("./2") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] memfd_create("syzkaller", 0) = 3 [pid 5295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5291] <... write resumed>) = 16777216 [pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5291] munmap(0x7fda9371b000, 138412032) = 0 [pid 5291] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5291] close(3) = 0 [pid 5291] mkdir("./file0", 0777) = 0 [ 61.054135][ T5291] loop5: detected capacity change from 0 to 32768 [ 61.093348][ T5291] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5291) [pid 5291] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5289] <... write resumed>) = 16777216 [pid 5293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5289] munmap(0x7fda9371b000, 138412032) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5289] <... openat resumed>) = 4 [pid 5289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5289] close(3) = 0 [pid 5289] mkdir("./file0", 0777) = 0 [ 61.248095][ T5289] loop2: detected capacity change from 0 to 32768 [ 61.294981][ T5289] BTRFS: device /dev/loop2 using temp-fsid 8b8aa012-f467-481a-a841-61effc5dbbbc [ 61.304658][ T5289] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5289) [pid 5289] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5291] <... mount resumed>) = 0 [pid 5291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5291] chdir("./file0") = 0 [pid 5291] ioctl(4, LOOP_CLR_FD) = 0 [pid 5291] close(4 [pid 5292] <... write resumed>) = 16777216 [pid 5291] <... close resumed>) = 0 [pid 5291] open("./file0", O_RDONLY [pid 5292] munmap(0x7fda9371b000, 138412032 [pid 5291] <... open resumed>) = 4 [pid 5292] <... munmap resumed>) = 0 [pid 5291] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5291] <... ioctl resumed>) = 0 [pid 5292] close(3 [pid 5291] open("./file0", O_RDONLY [pid 5292] <... close resumed>) = 0 [pid 5292] mkdir("./file0", 0777 [pid 5291] <... open resumed>) = 5 [pid 5292] <... mkdir resumed>) = 0 [pid 5291] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [ 61.440215][ T5292] loop1: detected capacity change from 0 to 32768 [pid 5292] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5291] <... ioctl resumed>) = 0 [pid 5291] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5291] exit_group(0) = ? [pid 5291] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- [pid 5069] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./2/binderfs") = 0 [pid 5069] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] <... write resumed>) = 16777216 [ 61.505785][ T5292] BTRFS: device /dev/loop1 using temp-fsid 4cfa009d-b41b-4d55-9ff7-b011edcf1d5e [pid 5294] munmap(0x7fda9371b000, 138412032) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./file0", 0777) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5294] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 61.545692][ T5292] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5292) [ 61.571660][ T5294] loop4: detected capacity change from 0 to 32768 [pid 5069] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./2/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./2") = 0 [pid 5069] mkdir("./3", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5333 attached , child_tidptr=0x555557145750) = 5333 [pid 5333] set_robust_list(0x555557145760, 24) = 0 [pid 5333] chdir("./3") = 0 [pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5333] setpgid(0, 0) = 0 [pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5333] write(3, "1000", 4) = 4 [ 61.624138][ T5294] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5294) [pid 5333] close(3) = 0 [pid 5333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5333] memfd_create("syzkaller", 0) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5289] <... mount resumed>) = 0 [pid 5333] <... mmap resumed>) = 0x7fda9371b000 [pid 5289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5289] chdir("./file0") = 0 [pid 5289] ioctl(4, LOOP_CLR_FD) = 0 [pid 5289] close(4) = 0 [pid 5289] open("./file0", O_RDONLY) = 4 [pid 5289] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5295] <... write resumed>) = 16777216 [pid 5295] munmap(0x7fda9371b000, 138412032 [pid 5289] open("./file0", O_RDONLY) = 5 [pid 5295] <... munmap resumed>) = 0 [pid 5289] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5295] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5289] <... ioctl resumed>) = 0 [pid 5295] close(3) = 0 [pid 5295] mkdir("./file0", 0777 [pid 5289] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5295] <... mkdir resumed>) = 0 [pid 5289] exit_group(0 [pid 5295] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5289] <... exit_group resumed>) = ? [pid 5289] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 5066] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./2/binderfs") = 0 [ 61.762165][ T5295] loop3: detected capacity change from 0 to 32768 [ 61.783039][ T5295] BTRFS: device /dev/loop3 using temp-fsid a46c22dc-2bca-4bee-8533-27242a847e19 [ 61.798914][ T5295] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5295) [ 61.820809][ T5292] _btrfs_printk: 111 callbacks suppressed [ 61.820820][ T5292] BTRFS info (device loop1): disabling free space tree [ 61.859046][ T5295] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5293] <... write resumed>) = 16777216 [pid 5293] munmap(0x7fda9371b000, 138412032) = 0 [ 61.868342][ T5295] BTRFS info (device loop3): force clearing of disk cache [ 61.878384][ T5295] BTRFS info (device loop3): setting nodatasum [ 61.884822][ T5295] BTRFS info (device loop3): allowing degraded mounts [ 61.892435][ T5295] BTRFS info (device loop3): enabling disk space caching [ 61.899749][ T5295] BTRFS info (device loop3): disk space caching is enabled [ 61.914129][ T5292] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.939650][ T5294] BTRFS info (device loop4): enabling ssd optimizations [ 61.946598][ T5294] BTRFS info (device loop4): auto enabling async discard [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5293] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5293] close(3 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5293] <... close resumed>) = 0 [pid 5066] getdents64(4, [pid 5293] mkdir("./file0", 0777 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5293] <... mkdir resumed>) = 0 [ 61.966590][ T5293] loop0: detected capacity change from 0 to 32768 [ 61.988924][ T5292] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5066] close(4 [pid 5293] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./2/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./2") = 0 [pid 5066] mkdir("./3", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5372 attached [pid 5372] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 5372 [pid 5372] chdir("./3") = 0 [pid 5372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5372] setpgid(0, 0) = 0 [pid 5372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5372] write(3, "1000", 4) = 4 [pid 5372] close(3) = 0 [pid 5372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 62.023385][ T5293] BTRFS: device /dev/loop0 using temp-fsid 3454eb5b-5159-4b7c-8888-0daed104f7d6 [ 62.029008][ T5294] BTRFS info (device loop4): rebuilding free space tree [ 62.053749][ T5293] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5293) [ 62.054476][ T5292] BTRFS info (device loop1): checking UUID tree [ 62.101891][ T5294] BTRFS info (device loop4): disabling free space tree [ 62.112023][ T5294] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.128945][ T5293] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.138175][ T5293] BTRFS info (device loop0): force clearing of disk cache [pid 5292] <... mount resumed>) = 0 [pid 5292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5292] chdir("./file0") = 0 [pid 5292] ioctl(4, LOOP_CLR_FD) = 0 [pid 5292] close(4) = 0 [ 62.141661][ T5294] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5292] open("./file0", O_RDONLY [pid 5333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5292] <... open resumed>) = 4 [pid 5292] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5292] open("./file0", O_RDONLY) = 5 [pid 5292] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5292] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5292] exit_group(0) = ? [ 62.196727][ T5293] BTRFS info (device loop0): setting nodatasum [ 62.198876][ T5295] BTRFS info (device loop3): enabling ssd optimizations [ 62.231350][ T5293] BTRFS info (device loop0): allowing degraded mounts [ 62.232592][ T5295] BTRFS info (device loop3): auto enabling async discard [pid 5292] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- [pid 5065] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./2/binderfs") = 0 [ 62.249729][ T5294] BTRFS info (device loop4): checking UUID tree [ 62.261440][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 62.280387][ T5293] BTRFS info (device loop0): enabling disk space caching [ 62.291647][ T5295] BTRFS info (device loop3): rebuilding free space tree [pid 5065] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] <... mount resumed>) = 0 [pid 5294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file0") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] open("./file0", O_RDONLY) = 4 [ 62.305086][ T5293] BTRFS info (device loop0): disk space caching is enabled [ 62.339299][ T5295] BTRFS info (device loop3): disabling free space tree [pid 5294] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5294] open("./file0", O_RDONLY) = 5 [pid 5294] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5294] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5294] exit_group(0) = ? [pid 5294] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5068] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.346877][ T5295] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./2/binderfs") = 0 [ 62.394340][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 62.427027][ T5295] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./2/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./2") = 0 [pid 5065] mkdir("./3", 0777) = 0 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 62.507135][ T5295] BTRFS info (device loop3): checking UUID tree [ 62.541662][ T5293] BTRFS info (device loop0): enabling ssd optimizations [ 62.548610][ T5293] BTRFS info (device loop0): auto enabling async discard [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5397 attached , child_tidptr=0x555557145750) = 5397 [pid 5397] set_robust_list(0x555557145760, 24) = 0 [pid 5397] chdir("./3") = 0 [pid 5397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5397] setpgid(0, 0) = 0 [pid 5397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5397] write(3, "1000", 4) = 4 [pid 5397] close(3) = 0 [pid 5397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5397] memfd_create("syzkaller", 0 [pid 5295] <... mount resumed>) = 0 [pid 5295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5397] <... memfd_create resumed>) = 3 [pid 5295] <... openat resumed>) = 3 [pid 5295] chdir("./file0") = 0 [pid 5295] ioctl(4, LOOP_CLR_FD) = 0 [pid 5295] close(4 [pid 5397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5295] <... close resumed>) = 0 [pid 5295] open("./file0", O_RDONLY [pid 5397] <... mmap resumed>) = 0x7fda9371b000 [pid 5295] <... open resumed>) = 4 [ 62.572222][ T5293] BTRFS info (device loop0): rebuilding free space tree [pid 5295] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5295] open("./file0", O_RDONLY [pid 5068] <... umount2 resumed>) = 0 [pid 5295] <... open resumed>) = 5 [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5295] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 62.618530][ T5293] BTRFS info (device loop0): disabling free space tree [ 62.645136][ T5293] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] close(4) = 0 [pid 5068] rmdir("./2/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./2") = 0 [pid 5068] mkdir("./3", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5295] <... ioctl resumed>) = 0 [pid 5295] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 5398 ./strace-static-x86_64: Process 5398 attached [pid 5295] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5398] set_robust_list(0x555557145760, 24 [pid 5295] exit_group(0) = ? [pid 5295] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- [pid 5067] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5398] <... set_robust_list resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5398] chdir("./3" [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5398] <... chdir resumed>) = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] unlink("./2/binderfs" [pid 5398] <... prctl resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5398] setpgid(0, 0 [pid 5067] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5398] <... setpgid resumed>) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] memfd_create("syzkaller", 0) = 3 [pid 5398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 62.694500][ T5293] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.762193][ T5293] BTRFS info (device loop0): checking UUID tree [pid 5293] <... mount resumed>) = 0 [pid 5293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./file0") = 0 [pid 5293] ioctl(4, LOOP_CLR_FD) = 0 [pid 5293] close(4) = 0 [pid 5293] open("./file0", O_RDONLY) = 4 [ 62.810253][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5293] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5333] <... write resumed>) = 16777216 [pid 5333] munmap(0x7fda9371b000, 138412032) = 0 [pid 5293] <... ioctl resumed>) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5293] open("./file0", O_RDONLY) = 5 [pid 5067] <... umount2 resumed>) = 0 [pid 5293] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5333] <... openat resumed>) = 4 [pid 5067] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5333] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./2/file0") = 0 [pid 5067] getdents64(3, [pid 5333] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./2") = 0 [pid 5293] <... ioctl resumed>) = 0 [pid 5293] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5293] exit_group(0 [pid 5333] close(3 [pid 5067] mkdir("./3", 0777 [pid 5293] <... exit_group resumed>) = ? [pid 5067] <... mkdir resumed>) = 0 [pid 5333] <... close resumed>) = 0 [pid 5293] +++ exited with 0 +++ [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5333] mkdir("./file0", 0777 [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 5067] <... ioctl resumed>) = 0 [pid 5064] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5401 attached [pid 5064] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5401] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 5401 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5401] <... set_robust_list resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./2/binderfs") = 0 [pid 5333] <... mkdir resumed>) = 0 [ 62.969123][ T5333] loop5: detected capacity change from 0 to 32768 [ 62.997187][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5401] chdir("./3" [pid 5333] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5401] <... chdir resumed>) = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] memfd_create("syzkaller", 0) = 3 [pid 5401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 63.009357][ T5333] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5333) [ 63.089034][ T5333] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.098265][ T5333] BTRFS info (device loop5): force clearing of disk cache [ 63.190335][ T5333] BTRFS info (device loop5): setting nodatasum [ 63.196532][ T5333] BTRFS info (device loop5): allowing degraded mounts [pid 5397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5372] <... write resumed>) = 16777216 [pid 5064] <... umount2 resumed>) = 0 [ 63.248902][ T5333] BTRFS info (device loop5): enabling disk space caching [pid 5372] munmap(0x7fda9371b000, 138412032 [pid 5064] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5372] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 63.299569][ T5333] BTRFS info (device loop5): disk space caching is enabled [pid 5372] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] close(4) = 0 [pid 5064] rmdir("./2/file0" [pid 5372] <... openat resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 5372] ioctl(4, LOOP_SET_FD, 3 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./2") = 0 [pid 5064] mkdir("./3", 0777 [pid 5372] <... ioctl resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5372] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5372] <... close resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [ 63.382221][ T5372] loop2: detected capacity change from 0 to 32768 [pid 5372] mkdir("./file0", 0777) = 0 [pid 5064] <... close resumed>) = 0 [pid 5372] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5416 ./strace-static-x86_64: Process 5416 attached [pid 5416] set_robust_list(0x555557145760, 24) = 0 [pid 5416] chdir("./3") = 0 [ 63.442125][ T5372] BTRFS: device /dev/loop2 using temp-fsid e23a70ff-7a32-4404-834d-b5cdd8d83a90 [pid 5416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5416] setpgid(0, 0) = 0 [pid 5416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5416] write(3, "1000", 4) = 4 [pid 5416] close(3) = 0 [ 63.489172][ T5372] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5372) [pid 5416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5416] memfd_create("syzkaller", 0) = 3 [pid 5416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 63.604190][ T5372] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.618844][ T5333] BTRFS info (device loop5): enabling ssd optimizations [ 63.625797][ T5333] BTRFS info (device loop5): auto enabling async discard [pid 5397] <... write resumed>) = 16777216 [ 63.669025][ T5372] BTRFS info (device loop2): force clearing of disk cache [ 63.677024][ T5372] BTRFS info (device loop2): setting nodatasum [pid 5397] munmap(0x7fda9371b000, 138412032) = 0 [ 63.712955][ T5372] BTRFS info (device loop2): allowing degraded mounts [ 63.719815][ T5333] BTRFS info (device loop5): rebuilding free space tree [pid 5397] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5397] ioctl(4, LOOP_SET_FD, 3) = 0 [ 63.759335][ T5372] BTRFS info (device loop2): enabling disk space caching [ 63.766394][ T5372] BTRFS info (device loop2): disk space caching is enabled [ 63.769860][ T5333] BTRFS info (device loop5): disabling free space tree [ 63.782420][ T5397] loop1: detected capacity change from 0 to 32768 [pid 5397] close(3) = 0 [pid 5397] mkdir("./file0", 0777) = 0 [ 63.820313][ T5333] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.840530][ T5397] BTRFS: device /dev/loop1 using temp-fsid 8c0165af-231d-4e2a-8fcf-3a50417f3dbe [pid 5397] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5398] <... write resumed>) = 16777216 [pid 5398] munmap(0x7fda9371b000, 138412032) = 0 [pid 5398] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 63.870320][ T5333] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.881192][ T5397] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5397) [pid 5398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5398] close(3) = 0 [pid 5398] mkdir("./file0", 0777) = 0 [ 63.928047][ T5398] loop4: detected capacity change from 0 to 32768 [ 63.935774][ T5333] BTRFS info (device loop5): checking UUID tree [ 63.954451][ T5398] BTRFS: device /dev/loop4 using temp-fsid f77c3da3-54d7-4fb7-beff-dbb3344320c9 [ 63.968961][ T5398] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5398) [pid 5398] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5333] <... mount resumed>) = 0 [pid 5333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5333] chdir("./file0") = 0 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [ 64.002382][ T5397] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.022034][ T5398] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5333] close(4) = 0 [pid 5333] open("./file0", O_RDONLY) = 4 [pid 5333] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5333] open("./file0", O_RDONLY) = 5 [pid 5333] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5333] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5333] exit_group(0) = ? [pid 5333] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5333, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [ 64.049184][ T5398] BTRFS info (device loop4): force clearing of disk cache [ 64.056516][ T5398] BTRFS info (device loop4): setting nodatasum [ 64.068835][ T5398] BTRFS info (device loop4): allowing degraded mounts [ 64.069244][ T5397] BTRFS info (device loop1): force clearing of disk cache [ 64.075595][ T5398] BTRFS info (device loop4): enabling disk space caching [pid 5069] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5416] <... write resumed>) = 16777216 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 64.105660][ T5372] BTRFS info (device loop2): enabling ssd optimizations [ 64.118827][ T5398] BTRFS info (device loop4): disk space caching is enabled [ 64.123593][ T12] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 64.145967][ T5397] BTRFS info (device loop1): setting nodatasum [pid 5416] munmap(0x7fda9371b000, 138412032 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./3/binderfs") = 0 [pid 5069] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5416] <... munmap resumed>) = 0 [pid 5416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5416] close(3) = 0 [pid 5416] mkdir("./file0", 0777) = 0 [ 64.151241][ T5372] BTRFS info (device loop2): auto enabling async discard [ 64.152890][ T5397] BTRFS info (device loop1): allowing degraded mounts [ 64.174202][ T5397] BTRFS info (device loop1): enabling disk space caching [ 64.183462][ T5397] BTRFS info (device loop1): disk space caching is enabled [ 64.191558][ T5372] BTRFS info (device loop2): rebuilding free space tree [ 64.199341][ T5416] loop0: detected capacity change from 0 to 32768 [pid 5416] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5401] <... write resumed>) = 16777216 [ 64.235421][ T5416] BTRFS: device /dev/loop0 using temp-fsid 73b1e30e-9c69-4cee-bb1b-7160969b0f0a [ 64.250097][ T5372] BTRFS info (device loop2): disabling free space tree [ 64.251450][ T5416] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5416) [ 64.258664][ T5372] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5401] munmap(0x7fda9371b000, 138412032) = 0 [pid 5401] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5372] <... mount resumed>) = 0 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file0") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] open("./file0", O_RDONLY [pid 5401] ioctl(4, LOOP_SET_FD, 3 [pid 5372] <... open resumed>) = 4 [ 64.281252][ T5372] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 64.299060][ T5372] BTRFS info (device loop2): checking UUID tree [ 64.307282][ T5398] BTRFS info (device loop4): enabling ssd optimizations [ 64.314792][ T5398] BTRFS info (device loop4): auto enabling async discard [pid 5401] <... ioctl resumed>) = 0 [pid 5372] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5401] close(3) = 0 [pid 5401] mkdir("./file0", 0777) = 0 [ 64.331842][ T5401] loop3: detected capacity change from 0 to 32768 [ 64.341720][ T5398] BTRFS info (device loop4): rebuilding free space tree [ 64.343250][ T5416] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.364390][ T5416] BTRFS info (device loop0): force clearing of disk cache [ 64.365115][ T5398] BTRFS info (device loop4): disabling free space tree [ 64.376123][ T5416] BTRFS info (device loop0): setting nodatasum [pid 5401] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5372] <... ioctl resumed>) = 0 [pid 5372] open("./file0", O_RDONLY) = 5 [pid 5372] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5069] <... umount2 resumed>) = 0 [ 64.385494][ T5401] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5401) [ 64.400668][ T5398] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.414758][ T5398] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 64.422866][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5372] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5372] exit_group(0) = ? [pid 5372] +++ exited with 0 +++ [pid 5069] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5372, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=36 /* 0.36 s */} --- [pid 5066] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./3/binderfs") = 0 [pid 5066] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 64.434566][ T5397] BTRFS info (device loop1): enabling ssd optimizations [ 64.442598][ T5401] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.459207][ T5401] BTRFS info (device loop3): force clearing of disk cache [ 64.466755][ T5416] BTRFS info (device loop0): allowing degraded mounts [ 64.471868][ T5401] BTRFS info (device loop3): setting nodatasum [ 64.474545][ T5397] BTRFS info (device loop1): auto enabling async discard [pid 5069] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 5398] <... mount resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./3/file0" [pid 5398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5398] chdir("./file0" [pid 5069] getdents64(3, [pid 5398] <... chdir resumed>) = 0 [pid 5398] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [ 64.488159][ T5398] BTRFS info (device loop4): checking UUID tree [ 64.497444][ T5416] BTRFS info (device loop0): enabling disk space caching [ 64.507764][ T5397] BTRFS info (device loop1): rebuilding free space tree [ 64.514006][ T5401] BTRFS info (device loop3): allowing degraded mounts [pid 5398] close(4) = 0 [pid 5069] close(3 [pid 5398] open("./file0", O_RDONLY) = 4 [pid 5398] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./3") = 0 [pid 5398] <... ioctl resumed>) = 0 [pid 5398] open("./file0", O_RDONLY) = 5 [pid 5398] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5398] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5398] exit_group(0) = ? [pid 5069] mkdir("./4", 0777 [pid 5398] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5398, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5068] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] <... mkdir resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./3/binderfs") = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5481 ./strace-static-x86_64: Process 5481 attached [pid 5481] set_robust_list(0x555557145760, 24) = 0 [pid 5481] chdir("./4") = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5481] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5481] <... prctl resumed>) = 0 [pid 5481] setpgid(0, 0 [pid 5066] newfstatat(AT_FDCWD, "./3/file0", [pid 5481] <... setpgid resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5481] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5481] write(3, "1000", 4 [pid 5066] <... openat resumed>) = 4 [pid 5481] <... write resumed>) = 4 [pid 5481] close(3) = 0 [pid 5481] symlink("/dev/binderfs", "./binderfs" [pid 5066] newfstatat(4, "", [pid 5481] <... symlink resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5481] memfd_create("syzkaller", 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./3/file0") = 0 [pid 5397] <... mount resumed>) = 0 [pid 5397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] getdents64(3, [pid 5481] <... memfd_create resumed>) = 3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5397] chdir("./file0" [pid 5066] close(3 [pid 5481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5397] <... chdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5397] ioctl(4, LOOP_CLR_FD) = 0 [pid 5397] close(4 [pid 5066] rmdir("./3" [pid 5481] <... mmap resumed>) = 0x7fda9371b000 [pid 5397] <... close resumed>) = 0 [pid 5397] open("./file0", O_RDONLY [pid 5066] <... rmdir resumed>) = 0 [pid 5397] <... open resumed>) = 4 [pid 5397] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] mkdir("./4", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5397] <... ioctl resumed>) = 0 [pid 5397] open("./file0", O_RDONLY) = 5 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 5495 [pid 5397] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}./strace-static-x86_64: Process 5495 attached [pid 5495] set_robust_list(0x555557145760, 24) = 0 [pid 5495] chdir("./4") = 0 [pid 5495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5397] <... ioctl resumed>) = 0 [pid 5495] setpgid(0, 0 [pid 5397] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5495] <... setpgid resumed>) = 0 [pid 5397] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5397] exit_group(0 [pid 5495] <... openat resumed>) = 3 [pid 5397] <... exit_group resumed>) = ? [pid 5495] write(3, "1000", 4 [pid 5397] +++ exited with 0 +++ [pid 5495] <... write resumed>) = 4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5397, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=36 /* 0.36 s */} --- [pid 5495] close(3 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5495] <... close resumed>) = 0 [pid 5065] <... restart_syscall resumed>) = 0 [pid 5495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5495] memfd_create("syzkaller", 0 [pid 5065] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5495] <... memfd_create resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5495] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./3/binderfs") = 0 [pid 5065] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./3/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./3") = 0 [pid 5068] mkdir("./4", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5505 ./strace-static-x86_64: Process 5505 attached [pid 5505] set_robust_list(0x555557145760, 24) = 0 [pid 5416] <... mount resumed>) = 0 [pid 5505] chdir("./4" [pid 5401] <... mount resumed>) = 0 [pid 5416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5505] <... chdir resumed>) = 0 [pid 5416] <... openat resumed>) = 3 [pid 5401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5505] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5416] chdir("./file0" [pid 5505] <... prctl resumed>) = 0 [pid 5416] <... chdir resumed>) = 0 [pid 5505] setpgid(0, 0 [pid 5416] ioctl(4, LOOP_CLR_FD [pid 5505] <... setpgid resumed>) = 0 [pid 5416] <... ioctl resumed>) = 0 [pid 5505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5416] close(4 [pid 5505] <... openat resumed>) = 3 [pid 5416] <... close resumed>) = 0 [pid 5401] <... openat resumed>) = 3 [pid 5416] open("./file0", O_RDONLY) = 4 [pid 5505] write(3, "1000", 4 [pid 5416] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5401] chdir("./file0" [pid 5505] <... write resumed>) = 4 [pid 5401] <... chdir resumed>) = 0 [pid 5505] close(3 [pid 5401] ioctl(4, LOOP_CLR_FD [pid 5505] <... close resumed>) = 0 [pid 5401] <... ioctl resumed>) = 0 [pid 5505] symlink("/dev/binderfs", "./binderfs" [pid 5401] close(4 [pid 5505] <... symlink resumed>) = 0 [pid 5416] <... ioctl resumed>) = 0 [pid 5401] <... close resumed>) = 0 [pid 5505] memfd_create("syzkaller", 0) = 3 [pid 5505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5416] open("./file0", O_RDONLY [pid 5505] <... mmap resumed>) = 0x7fda9371b000 [pid 5416] <... open resumed>) = 5 [pid 5401] open("./file0", O_RDONLY) = 4 [pid 5416] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5401] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5416] <... ioctl resumed>) = 0 [pid 5401] <... ioctl resumed>) = 0 [pid 5416] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5401] open("./file0", O_RDONLY [pid 5416] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] <... open resumed>) = 5 [pid 5416] exit_group(0 [pid 5401] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5416] <... exit_group resumed>) = ? [pid 5416] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5416, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5064] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./3/binderfs" [pid 5401] <... ioctl resumed>) = 0 [pid 5401] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5064] <... unlink resumed>) = 0 [pid 5401] exit_group(0 [pid 5064] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5401] <... exit_group resumed>) = ? [pid 5401] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./3/file0", [pid 5067] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./3/binderfs" [pid 5065] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... unlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./3/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./3") = 0 [pid 5065] mkdir("./4", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5509 attached , child_tidptr=0x555557145750) = 5509 [pid 5509] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5509] chdir("./4" [pid 5064] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5509] <... chdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5509] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] newfstatat(AT_FDCWD, "./3/file0", [pid 5509] <... prctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5509] setpgid(0, 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5064] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5509] <... setpgid resumed>) = 0 [pid 5067] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... openat resumed>) = 4 [pid 5509] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", [pid 5067] newfstatat(AT_FDCWD, "./3/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5509] write(3, "1000", 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] getdents64(4, [pid 5509] <... write resumed>) = 4 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5509] close(3 [pid 5064] getdents64(4, [pid 5509] <... close resumed>) = 0 [pid 5067] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5509] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5509] <... symlink resumed>) = 0 [pid 5064] close(4) = 0 [pid 5509] memfd_create("syzkaller", 0 [pid 5064] rmdir("./3/file0" [pid 5509] <... memfd_create resumed>) = 3 [pid 5509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... rmdir resumed>) = 0 [pid 5509] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(3, [pid 5067] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./3" [pid 5067] newfstatat(4, "", [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./4", 0777 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 5064] <... mkdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] getdents64(4, [pid 5064] <... openat resumed>) = 3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5067] <... close resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5067] rmdir("./3/file0" [pid 5064] close(3 [pid 5481] <... write resumed>) = 16777216 [pid 5064] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5510 attached , child_tidptr=0x555557145750) = 5510 [pid 5067] getdents64(3, [pid 5510] set_robust_list(0x555557145760, 24 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 5510] <... set_robust_list resumed>) = 0 [pid 5481] munmap(0x7fda9371b000, 138412032 [pid 5067] <... close resumed>) = 0 [pid 5510] chdir("./4" [pid 5067] rmdir("./3" [pid 5510] <... chdir resumed>) = 0 [pid 5481] <... munmap resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5510] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] mkdir("./4", 0777 [pid 5510] <... prctl resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5510] setpgid(0, 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5510] <... setpgid resumed>) = 0 [pid 5481] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] <... ioctl resumed>) = 0 [pid 5510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] close(3 [pid 5510] <... openat resumed>) = 3 [pid 5481] <... openat resumed>) = 4 [pid 5510] write(3, "1000", 4 [pid 5481] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... close resumed>) = 0 [pid 5510] <... write resumed>) = 4 [pid 5481] <... ioctl resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5511 attached [pid 5510] close(3 [pid 5481] close(3 [pid 5511] set_robust_list(0x555557145760, 24 [pid 5510] <... close resumed>) = 0 [pid 5481] <... close resumed>) = 0 [pid 5481] mkdir("./file0", 0777 [pid 5511] <... set_robust_list resumed>) = 0 [pid 5511] chdir("./4" [pid 5510] symlink("/dev/binderfs", "./binderfs" [pid 5481] <... mkdir resumed>) = 0 [pid 5511] <... chdir resumed>) = 0 [pid 5481] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 5511 [ 65.579621][ T5481] loop5: detected capacity change from 0 to 32768 [pid 5511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5510] <... symlink resumed>) = 0 [pid 5511] setpgid(0, 0) = 0 [pid 5510] memfd_create("syzkaller", 0) = 3 [pid 5511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5511] <... openat resumed>) = 3 [ 65.641686][ T5481] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5481) [pid 5511] write(3, "1000", 4) = 4 [pid 5511] close(3) = 0 [pid 5511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5511] memfd_create("syzkaller", 0) = 3 [pid 5511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5481] <... mount resumed>) = 0 [pid 5495] <... write resumed>) = 16777216 [pid 5481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5495] munmap(0x7fda9371b000, 138412032 [pid 5481] chdir("./file0" [pid 5495] <... munmap resumed>) = 0 [pid 5481] <... chdir resumed>) = 0 [pid 5481] ioctl(4, LOOP_CLR_FD) = 0 [pid 5481] close(4) = 0 [pid 5481] open("./file0", O_RDONLY [pid 5495] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5481] <... open resumed>) = 4 [pid 5495] <... openat resumed>) = 4 [pid 5481] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5495] ioctl(4, LOOP_SET_FD, 3 [pid 5481] <... ioctl resumed>) = 0 [pid 5481] open("./file0", O_RDONLY) = 5 [pid 5505] <... write resumed>) = 16777216 [pid 5495] <... ioctl resumed>) = 0 [pid 5481] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5505] munmap(0x7fda9371b000, 138412032 [pid 5495] close(3 [pid 5481] <... ioctl resumed>) = 0 [ 66.122518][ T5495] loop2: detected capacity change from 0 to 32768 [pid 5510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5495] <... close resumed>) = 0 [pid 5495] mkdir("./file0", 0777 [pid 5481] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5495] <... mkdir resumed>) = 0 [pid 5481] exit_group(0) = ? [pid 5495] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5509] <... write resumed>) = 16777216 [pid 5505] <... munmap resumed>) = 0 [pid 5481] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5481, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [pid 5069] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5505] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5505] <... openat resumed>) = 4 [pid 5505] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... openat resumed>) = 3 [ 66.189897][ T5495] BTRFS: device /dev/loop2 using temp-fsid 6e0bff3f-79bd-42cb-8a81-7faf064bc344 [pid 5509] munmap(0x7fda9371b000, 138412032) = 0 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5509] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5505] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5509] ioctl(4, LOOP_SET_FD, 3 [pid 5505] close(3 [pid 5069] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5505] <... close resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5505] mkdir("./file0", 0777 [pid 5069] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5509] <... ioctl resumed>) = 0 [pid 5505] <... mkdir resumed>) = 0 [pid 5505] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 66.239201][ T5505] loop4: detected capacity change from 0 to 32768 [ 66.259942][ T5495] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5495) [ 66.279489][ T5509] loop1: detected capacity change from 0 to 32768 [pid 5069] unlink("./4/binderfs") = 0 [pid 5509] close(3 [pid 5069] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5509] <... close resumed>) = 0 [pid 5509] mkdir("./file0", 0777) = 0 [ 66.308286][ T5505] BTRFS: device /dev/loop4 using temp-fsid 73e5ffdd-2dd3-435d-962f-d5cb212bd961 [ 66.331674][ T5505] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5505) [ 66.372579][ T5509] BTRFS: device /dev/loop1 using temp-fsid 809872a0-acab-47b8-bb49-a16c4137c66f [ 66.402184][ T5509] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5509) [pid 5509] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./4/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./4") = 0 [pid 5069] mkdir("./5", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5568 attached , child_tidptr=0x555557145750) = 5568 [pid 5568] set_robust_list(0x555557145760, 24) = 0 [pid 5568] chdir("./5") = 0 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5568] setpgid(0, 0) = 0 [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5568] write(3, "1000", 4) = 4 [pid 5568] close(3) = 0 [pid 5568] symlink("/dev/binderfs", "./binderfs" [pid 5495] <... mount resumed>) = 0 [pid 5568] <... symlink resumed>) = 0 [pid 5495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5495] chdir("./file0") = 0 [pid 5495] ioctl(4, LOOP_CLR_FD [pid 5568] memfd_create("syzkaller", 0 [pid 5510] <... write resumed>) = 16777216 [pid 5495] <... ioctl resumed>) = 0 [pid 5495] close(4 [pid 5568] <... memfd_create resumed>) = 3 [pid 5568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5510] munmap(0x7fda9371b000, 138412032 [pid 5495] <... close resumed>) = 0 [pid 5510] <... munmap resumed>) = 0 [pid 5495] open("./file0", O_RDONLY [pid 5510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5495] <... open resumed>) = 4 [pid 5510] ioctl(4, LOOP_SET_FD, 3 [pid 5495] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5510] <... ioctl resumed>) = 0 [pid 5510] close(3) = 0 [pid 5510] mkdir("./file0", 0777) = 0 [pid 5510] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5495] <... ioctl resumed>) = 0 [pid 5495] open("./file0", O_RDONLY) = 5 [pid 5495] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5495] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5495] exit_group(0) = ? [ 66.582139][ T5510] loop0: detected capacity change from 0 to 32768 [ 66.602465][ T5510] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5510) [pid 5495] +++ exited with 0 +++ [pid 5505] <... mount resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5495, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5505] chdir("./file0") = 0 [pid 5066] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5505] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5505] close(4 [pid 5066] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5509] <... mount resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5505] <... close resumed>) = 0 [pid 5509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5509] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5509] chdir("./file0" [pid 5066] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5509] <... chdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5509] ioctl(4, LOOP_CLR_FD [pid 5066] unlink("./4/binderfs" [pid 5509] <... ioctl resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5509] close(4 [pid 5066] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5509] <... close resumed>) = 0 [pid 5509] open("./file0", O_RDONLY) = 4 [pid 5505] open("./file0", O_RDONLY [pid 5509] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5505] <... open resumed>) = 4 [pid 5505] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5511] <... write resumed>) = 16777216 [pid 5509] <... ioctl resumed>) = 0 [pid 5511] munmap(0x7fda9371b000, 138412032 [pid 5509] open("./file0", O_RDONLY [pid 5505] open("./file0", O_RDONLY [pid 5509] <... open resumed>) = 5 [pid 5505] <... open resumed>) = 5 [pid 5509] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5505] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5509] <... ioctl resumed>) = 0 [pid 5505] <... ioctl resumed>) = 0 [pid 5509] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5505] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5511] <... munmap resumed>) = 0 [pid 5509] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5505] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] exit_group(0 [pid 5505] exit_group(0 [pid 5509] <... exit_group resumed>) = ? [pid 5509] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5509, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- [pid 5505] <... exit_group resumed>) = ? [pid 5065] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5505] +++ exited with 0 +++ [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5505, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- [pid 5065] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5511] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5068] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5511] <... openat resumed>) = 4 [pid 5068] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] unlink("./4/binderfs" [pid 5511] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... openat resumed>) = 3 [pid 5065] <... unlink resumed>) = 0 [pid 5511] <... ioctl resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 5065] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./4/binderfs") = 0 [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 66.830245][ T5511] loop3: detected capacity change from 0 to 32768 [pid 5511] close(3) = 0 [pid 5511] mkdir("./file0", 0777) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./4/file0") = 0 [pid 5511] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./4") = 0 [pid 5066] mkdir("./5", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5595 ./strace-static-x86_64: Process 5595 attached [pid 5595] set_robust_list(0x555557145760, 24) = 0 [pid 5595] chdir("./5") = 0 [pid 5595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5595] setpgid(0, 0) = 0 [pid 5595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 66.879783][ T5510] _btrfs_printk: 87 callbacks suppressed [ 66.879795][ T5510] BTRFS info (device loop0): enabling ssd optimizations [ 66.904950][ T5510] BTRFS info (device loop0): auto enabling async discard [ 66.913722][ T5511] BTRFS: device /dev/loop3 using temp-fsid 000aabed-4362-46ba-aebb-20163bc84f29 [ 66.914643][ T5510] BTRFS info (device loop0): rebuilding free space tree [pid 5595] write(3, "1000", 4) = 4 [pid 5595] close(3) = 0 [pid 5595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5595] memfd_create("syzkaller", 0) = 3 [pid 5595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 66.963556][ T5510] BTRFS info (device loop0): disabling free space tree [ 66.970508][ T5510] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 66.999188][ T5511] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5511) [ 67.090846][ T5510] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.119439][ T5511] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 67.128660][ T5511] BTRFS info (device loop3): force clearing of disk cache [pid 5568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./4/file0", [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5065] <... openat resumed>) = 4 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] newfstatat(4, "", [pid 5068] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5068] close(4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 5068] rmdir("./4/file0" [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] close(4 [pid 5068] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./4/file0" [pid 5068] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5065] getdents64(3, [pid 5068] rmdir("./4" [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] close(3) = 0 [pid 5068] mkdir("./5", 0777 [pid 5065] rmdir("./4" [pid 5068] <... mkdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./5", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5065] <... openat resumed>) = 3 [pid 5068] <... ioctl resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] close(3 [pid 5065] <... ioctl resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5065] close(3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... close resumed>) = 0 [ 67.182875][ T5510] BTRFS info (device loop0): checking UUID tree [ 67.194681][ T5511] BTRFS info (device loop3): setting nodatasum [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 5598 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 5599 ./strace-static-x86_64: Process 5599 attached ./strace-static-x86_64: Process 5598 attached [pid 5599] set_robust_list(0x555557145760, 24) = 0 [pid 5599] chdir("./5") = 0 [pid 5598] set_robust_list(0x555557145760, 24 [pid 5599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] <... set_robust_list resumed>) = 0 [pid 5598] chdir("./5") = 0 [pid 5598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5598] setpgid(0, 0) = 0 [pid 5598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5599] setpgid(0, 0 [pid 5598] <... openat resumed>) = 3 [pid 5599] <... setpgid resumed>) = 0 [pid 5510] <... mount resumed>) = 0 [pid 5598] write(3, "1000", 4) = 4 [pid 5598] close(3 [pid 5599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5598] <... close resumed>) = 0 [ 67.246202][ T5511] BTRFS info (device loop3): allowing degraded mounts [pid 5598] symlink("/dev/binderfs", "./binderfs" [pid 5599] <... openat resumed>) = 3 [pid 5510] <... openat resumed>) = 3 [pid 5598] <... symlink resumed>) = 0 [pid 5598] memfd_create("syzkaller", 0) = 3 [pid 5598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5599] write(3, "1000", 4 [pid 5510] chdir("./file0" [pid 5599] <... write resumed>) = 4 [pid 5599] close(3 [pid 5510] <... chdir resumed>) = 0 [pid 5599] <... close resumed>) = 0 [pid 5510] ioctl(4, LOOP_CLR_FD [pid 5599] symlink("/dev/binderfs", "./binderfs" [pid 5510] <... ioctl resumed>) = 0 [pid 5510] close(4 [pid 5599] <... symlink resumed>) = 0 [pid 5510] <... close resumed>) = 0 [pid 5510] open("./file0", O_RDONLY [pid 5599] memfd_create("syzkaller", 0 [pid 5510] <... open resumed>) = 4 [pid 5599] <... memfd_create resumed>) = 3 [pid 5599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5510] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5599] <... mmap resumed>) = 0x7fda9371b000 [ 67.289765][ T5511] BTRFS info (device loop3): enabling disk space caching [ 67.298525][ T5511] BTRFS info (device loop3): disk space caching is enabled [pid 5510] <... ioctl resumed>) = 0 [pid 5510] open("./file0", O_RDONLY) = 5 [pid 5510] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5510] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5510] exit_group(0) = ? [pid 5510] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5510, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [pid 5064] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./4/binderfs") = 0 [pid 5595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 67.392146][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./4/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./4") = 0 [pid 5064] mkdir("./5", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5616 attached [pid 5616] set_robust_list(0x555557145760, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 5616 [pid 5616] <... set_robust_list resumed>) = 0 [pid 5616] chdir("./5") = 0 [pid 5616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5616] setpgid(0, 0) = 0 [pid 5616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] write(3, "1000", 4) = 4 [pid 5616] close(3) = 0 [pid 5616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5616] memfd_create("syzkaller", 0) = 3 [pid 5616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 67.669329][ T5511] BTRFS info (device loop3): enabling ssd optimizations [ 67.676314][ T5511] BTRFS info (device loop3): auto enabling async discard [ 67.741811][ T5511] BTRFS info (device loop3): rebuilding free space tree [pid 5599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5568] <... write resumed>) = 16777216 [ 67.781999][ T5511] BTRFS info (device loop3): disabling free space tree [ 67.820780][ T5511] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5568] munmap(0x7fda9371b000, 138412032) = 0 [pid 5568] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5568] close(3) = 0 [pid 5568] mkdir("./file0", 0777) = 0 [ 67.871917][ T5511] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.899883][ T5568] loop5: detected capacity change from 0 to 32768 [pid 5568] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5595] <... write resumed>) = 16777216 [ 67.950144][ T5568] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5568) [ 67.951111][ T5511] BTRFS info (device loop3): checking UUID tree [pid 5595] munmap(0x7fda9371b000, 138412032) = 0 [pid 5595] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5595] close(3) = 0 [pid 5595] mkdir("./file0", 0777) = 0 [pid 5595] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5511] <... mount resumed>) = 0 [pid 5511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5511] chdir("./file0") = 0 [pid 5511] ioctl(4, LOOP_CLR_FD) = 0 [ 68.033971][ T5595] loop2: detected capacity change from 0 to 32768 [ 68.039210][ T5568] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.065170][ T5595] BTRFS: device /dev/loop2 using temp-fsid bf637cc1-f336-4bf9-872e-44fbd9088c0c [pid 5511] close(4) = 0 [pid 5511] open("./file0", O_RDONLY) = 4 [ 68.094922][ T5568] BTRFS info (device loop5): force clearing of disk cache [ 68.098979][ T5595] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5595) [pid 5511] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5511] <... ioctl resumed>) = 0 [pid 5511] open("./file0", O_RDONLY) = 5 [pid 5511] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5511] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5511] exit_group(0) = ? [pid 5511] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5511, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 68.139435][ T5568] BTRFS info (device loop5): setting nodatasum [ 68.145619][ T5568] BTRFS info (device loop5): allowing degraded mounts [ 68.165306][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 68.176934][ T5595] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5067] unlink("./4/binderfs") = 0 [ 68.202010][ T5595] BTRFS info (device loop2): force clearing of disk cache [ 68.214399][ T5568] BTRFS info (device loop5): enabling disk space caching [pid 5067] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5598] <... write resumed>) = 16777216 [pid 5598] munmap(0x7fda9371b000, 138412032) = 0 [ 68.249759][ T5568] BTRFS info (device loop5): disk space caching is enabled [ 68.258709][ T5595] BTRFS info (device loop2): setting nodatasum [ 68.271206][ T5595] BTRFS info (device loop2): allowing degraded mounts [pid 5067] <... umount2 resumed>) = 0 [pid 5598] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5598] ioctl(4, LOOP_SET_FD, 3 [pid 5067] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./4/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./4") = 0 [pid 5598] <... ioctl resumed>) = 0 [pid 5598] close(3) = 0 [pid 5067] mkdir("./5", 0777 [pid 5598] mkdir("./file0", 0777) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5598] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3) = 0 [ 68.319959][ T5595] BTRFS info (device loop2): enabling disk space caching [ 68.322709][ T5598] loop4: detected capacity change from 0 to 32768 [ 68.336765][ T5595] BTRFS info (device loop2): disk space caching is enabled [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5634 attached , child_tidptr=0x555557145750) = 5634 [pid 5634] set_robust_list(0x555557145760, 24) = 0 [pid 5634] chdir("./5") = 0 [pid 5634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5634] setpgid(0, 0) = 0 [pid 5634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5634] write(3, "1000", 4) = 4 [pid 5634] close(3) = 0 [pid 5634] symlink("/dev/binderfs", "./binderfs") = 0 [ 68.366954][ T5598] BTRFS: device /dev/loop4 using temp-fsid ec0ba859-c874-4d76-8df7-40bcf7eeb85b [pid 5634] memfd_create("syzkaller", 0) = 3 [pid 5634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 68.421954][ T5598] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5598) [pid 5599] <... write resumed>) = 16777216 [pid 5599] munmap(0x7fda9371b000, 138412032) = 0 [ 68.501539][ T5598] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5599] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5599] ioctl(4, LOOP_SET_FD, 3 [ 68.569883][ T5568] BTRFS info (device loop5): enabling ssd optimizations [ 68.577512][ T5598] BTRFS info (device loop4): force clearing of disk cache [ 68.588242][ T5595] BTRFS info (device loop2): enabling ssd optimizations [ 68.598859][ T5568] BTRFS info (device loop5): auto enabling async discard [ 68.599340][ T5599] loop1: detected capacity change from 0 to 32768 [pid 5634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5599] <... ioctl resumed>) = 0 [pid 5599] close(3) = 0 [pid 5599] mkdir("./file0", 0777) = 0 [ 68.621144][ T5568] BTRFS info (device loop5): rebuilding free space tree [ 68.628883][ T5595] BTRFS info (device loop2): auto enabling async discard [ 68.629695][ T5598] BTRFS info (device loop4): setting nodatasum [ 68.649051][ T5595] BTRFS info (device loop2): rebuilding free space tree [ 68.662557][ T5568] BTRFS info (device loop5): disabling free space tree [ 68.678894][ T5599] BTRFS: device /dev/loop1 using temp-fsid 1eae367a-6d36-4764-af44-97ee175eb667 [ 68.688132][ T5599] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5599) [ 68.688969][ T5568] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.701457][ T5598] BTRFS info (device loop4): allowing degraded mounts [ 68.711788][ T5595] BTRFS info (device loop2): disabling free space tree [pid 5599] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5616] <... write resumed>) = 16777216 [pid 5616] munmap(0x7fda9371b000, 138412032) = 0 [pid 5616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.734264][ T5595] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.739257][ T5598] BTRFS info (device loop4): enabling disk space caching [ 68.750972][ T5568] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.759686][ T5568] BTRFS info (device loop5): checking UUID tree [ 68.767637][ T5595] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5616] close(3) = 0 [pid 5616] mkdir("./file0", 0777) = 0 [pid 5616] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5595] <... mount resumed>) = 0 [pid 5568] <... mount resumed>) = 0 [pid 5595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5568] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 68.779910][ T5616] loop0: detected capacity change from 0 to 32768 [ 68.794105][ T5616] BTRFS: device /dev/loop0 using temp-fsid de0f227e-ead0-456e-bff2-11fa12c044d9 [ 68.801718][ T5595] BTRFS info (device loop2): checking UUID tree [ 68.806274][ T5599] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5595] <... openat resumed>) = 3 [pid 5568] chdir("./file0" [pid 5595] chdir("./file0") = 0 [pid 5568] <... chdir resumed>) = 0 [pid 5595] ioctl(4, LOOP_CLR_FD) = 0 [pid 5595] close(4 [pid 5568] ioctl(4, LOOP_CLR_FD [pid 5595] <... close resumed>) = 0 [pid 5568] <... ioctl resumed>) = 0 [pid 5568] close(4) = 0 [pid 5568] open("./file0", O_RDONLY [pid 5634] <... write resumed>) = 16777216 [pid 5595] open("./file0", O_RDONLY [pid 5568] <... open resumed>) = 4 [pid 5595] <... open resumed>) = 4 [ 68.830381][ T5599] BTRFS info (device loop1): force clearing of disk cache [ 68.837622][ T5616] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5616) [ 68.851545][ T5598] BTRFS info (device loop4): disk space caching is enabled [ 68.873290][ T5599] BTRFS info (device loop1): setting nodatasum [pid 5595] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5568] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 68.899112][ T5616] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.903858][ T5599] BTRFS info (device loop1): allowing degraded mounts [ 68.938698][ T5616] BTRFS info (device loop0): force clearing of disk cache [pid 5634] munmap(0x7fda9371b000, 138412032) = 0 [pid 5634] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5595] <... ioctl resumed>) = 0 [pid 5568] <... ioctl resumed>) = 0 [pid 5634] <... openat resumed>) = 4 [pid 5595] open("./file0", O_RDONLY [pid 5568] open("./file0", O_RDONLY [pid 5634] ioctl(4, LOOP_SET_FD, 3 [pid 5568] <... open resumed>) = 5 [pid 5595] <... open resumed>) = 5 [pid 5568] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [ 68.941330][ T5599] BTRFS info (device loop1): enabling disk space caching [ 68.969223][ T5616] BTRFS info (device loop0): setting nodatasum [ 68.977056][ T5634] loop3: detected capacity change from 0 to 32768 [ 68.988349][ T5616] BTRFS info (device loop0): allowing degraded mounts [pid 5595] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5568] <... ioctl resumed>) = 0 [pid 5568] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5634] <... ioctl resumed>) = 0 [pid 5568] exit_group(0 [pid 5634] close(3 [pid 5595] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5568] <... exit_group resumed>) = ? [pid 5568] +++ exited with 0 +++ [pid 5634] <... close resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5568, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 5634] mkdir("./file0", 0777) = 0 [pid 5595] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5634] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5595] exit_group(0) = ? [pid 5069] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5595] +++ exited with 0 +++ [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5595, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5069] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 68.990044][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 69.004520][ T5616] BTRFS info (device loop0): enabling disk space caching [ 69.009797][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 69.019034][ T5616] BTRFS info (device loop0): disk space caching is enabled [ 69.035876][ T5634] BTRFS: device /dev/loop3 using temp-fsid b5744b2b-bf2c-4579-a8c3-828d15f7c134 [pid 5069] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./5/binderfs") = 0 [pid 5066] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 69.059509][ T5599] BTRFS info (device loop1): disk space caching is enabled [ 69.070670][ T5634] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5634) [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./5/binderfs") = 0 [pid 5066] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.129860][ T5634] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 69.144608][ T5598] BTRFS info (device loop4): enabling ssd optimizations [pid 5069] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./5/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [ 69.178919][ T5634] BTRFS info (device loop3): force clearing of disk cache [ 69.190230][ T5634] BTRFS info (device loop3): setting nodatasum [ 69.196003][ T5598] BTRFS info (device loop4): auto enabling async discard [ 69.203506][ T5634] BTRFS info (device loop3): allowing degraded mounts [pid 5069] close(3) = 0 [pid 5069] rmdir("./5") = 0 [pid 5069] mkdir("./6", 0777) = 0 [ 69.222822][ T5599] BTRFS info (device loop1): enabling ssd optimizations [ 69.231570][ T5599] BTRFS info (device loop1): auto enabling async discard [ 69.232379][ T5634] BTRFS info (device loop3): enabling disk space caching [ 69.240531][ T5599] BTRFS info (device loop1): rebuilding free space tree [ 69.257385][ T5616] BTRFS info (device loop0): enabling ssd optimizations [ 69.263712][ T5599] BTRFS info (device loop1): disabling free space tree [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5700 attached ) = -1 EINVAL (Invalid argument) [ 69.275114][ T5599] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.279354][ T5598] BTRFS info (device loop4): rebuilding free space tree [ 69.312607][ T5616] BTRFS info (device loop0): auto enabling async discard [ 69.314523][ T5634] BTRFS info (device loop3): disk space caching is enabled [pid 5700] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 5700 [pid 5066] newfstatat(AT_FDCWD, "./5/file0", [pid 5700] <... set_robust_list resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5700] chdir("./6" [pid 5066] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5700] <... chdir resumed>) = 0 [pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5700] <... prctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5700] setpgid(0, 0 [pid 5066] newfstatat(4, "", [pid 5700] <... setpgid resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 69.333990][ T5616] BTRFS info (device loop0): rebuilding free space tree [ 69.347462][ T5598] BTRFS info (device loop4): disabling free space tree [ 69.355729][ T5599] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 69.366986][ T5616] BTRFS info (device loop0): disabling free space tree [pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] getdents64(4, [pid 5700] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5700] write(3, "1000", 4 [pid 5066] getdents64(4, [pid 5700] <... write resumed>) = 4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5700] close(3 [pid 5066] close(4 [pid 5700] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5700] symlink("/dev/binderfs", "./binderfs" [pid 5066] rmdir("./5/file0" [pid 5700] <... symlink resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5700] memfd_create("syzkaller", 0 [pid 5066] getdents64(3, [pid 5700] <... memfd_create resumed>) = 3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] close(3 [pid 5700] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... close resumed>) = 0 [ 69.386784][ T5598] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.397961][ T5598] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 69.424719][ T5599] BTRFS info (device loop1): checking UUID tree [pid 5066] rmdir("./5") = 0 [pid 5066] mkdir("./6", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5709 attached [pid 5709] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 5709 [pid 5709] chdir("./6") = 0 [pid 5709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5709] setpgid(0, 0) = 0 [pid 5709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5709] write(3, "1000", 4) = 4 [pid 5709] close(3) = 0 [pid 5709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5599] <... mount resumed>) = 0 [pid 5709] memfd_create("syzkaller", 0 [pid 5599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5598] <... mount resumed>) = 0 [pid 5599] <... openat resumed>) = 3 [ 69.461022][ T5616] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.474787][ T5598] BTRFS info (device loop4): checking UUID tree [pid 5709] <... memfd_create resumed>) = 3 [pid 5598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5598] chdir("./file0") = 0 [pid 5598] ioctl(4, LOOP_CLR_FD) = 0 [pid 5598] close(4) = 0 [pid 5598] open("./file0", O_RDONLY) = 4 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5599] chdir("./file0") = 0 [pid 5599] ioctl(4, LOOP_CLR_FD) = 0 [pid 5598] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5599] close(4 [pid 5709] <... mmap resumed>) = 0x7fda9371b000 [pid 5599] <... close resumed>) = 0 [pid 5599] open("./file0", O_RDONLY) = 4 [ 69.511773][ T5616] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5599] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5598] <... ioctl resumed>) = 0 [pid 5598] open("./file0", O_RDONLY) = 5 [pid 5598] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5599] <... ioctl resumed>) = 0 [pid 5599] open("./file0", O_RDONLY) = 5 [pid 5599] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5599] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5598] <... ioctl resumed>) = 0 [pid 5598] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5599] exit_group(0 [pid 5598] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5599] <... exit_group resumed>) = ? [pid 5598] exit_group(0 [pid 5599] +++ exited with 0 +++ [pid 5598] <... exit_group resumed>) = ? [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5599, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- [pid 5598] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5598, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 5065] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.613581][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 69.650786][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5065] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 5068] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(3, [pid 5068] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... openat resumed>) = 3 [pid 5065] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5068] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] unlink("./5/binderfs" [pid 5068] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./5/binderfs") = 0 [ 69.663608][ T5616] BTRFS info (device loop0): checking UUID tree [ 69.683541][ T5634] BTRFS info (device loop3): enabling ssd optimizations [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5616] <... mount resumed>) = 0 [pid 5616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5616] chdir("./file0") = 0 [pid 5616] ioctl(4, LOOP_CLR_FD) = 0 [pid 5616] close(4) = 0 [pid 5616] open("./file0", O_RDONLY) = 4 [ 69.710515][ T5634] BTRFS info (device loop3): auto enabling async discard [pid 5616] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5616] open("./file0", O_RDONLY) = 5 [pid 5616] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5616] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5616] exit_group(0) = ? [pid 5616] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5616, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [pid 5064] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./5/binderfs") = 0 [ 69.782789][ T5634] BTRFS info (device loop3): rebuilding free space tree [pid 5064] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5634] <... mount resumed>) = 0 [pid 5634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5634] chdir("./file0") = 0 [pid 5634] ioctl(4, LOOP_CLR_FD) = 0 [pid 5634] close(4) = 0 [pid 5634] open("./file0", O_RDONLY) = 4 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5634] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./5/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./5") = 0 [pid 5065] mkdir("./6", 0777 [pid 5634] <... ioctl resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5634] open("./file0", O_RDONLY) = 5 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 5634] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5068] newfstatat(AT_FDCWD, "./5/file0", [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5634] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5634] exit_group(0 [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 5634] <... exit_group resumed>) = ? [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5634] +++ exited with 0 +++ [pid 5065] <... close resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5634, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... openat resumed>) = 4 [pid 5067] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5724 attached [pid 5068] newfstatat(4, "", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5724] set_robust_list(0x555557145760, 24 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5724] <... set_robust_list resumed>) = 0 [pid 5068] getdents64(4, [pid 5067] <... openat resumed>) = 3 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 5724 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 5724] chdir("./6" [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5724] <... chdir resumed>) = 0 [pid 5068] getdents64(4, [pid 5067] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5724] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] rmdir("./5/file0" [pid 5067] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5724] <... prctl resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5724] setpgid(0, 0 [pid 5068] getdents64(3, [pid 5067] unlink("./5/binderfs" [pid 5724] <... setpgid resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] close(3 [pid 5724] <... openat resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 5724] write(3, "1000", 4 [pid 5068] rmdir("./5" [pid 5724] <... write resumed>) = 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5724] close(3) = 0 [pid 5068] mkdir("./6", 0777 [pid 5724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5724] memfd_create("syzkaller", 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5724] <... memfd_create resumed>) = 3 [pid 5068] <... openat resumed>) = 3 [pid 5724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5064] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5724] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(3 [pid 5064] newfstatat(AT_FDCWD, "./5/file0", [pid 5068] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5726 attached [pid 5064] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 5726 [pid 5726] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5726] chdir("./6" [pid 5064] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", [pid 5726] <... chdir resumed>) = 0 [pid 5726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5726] setpgid(0, 0 [pid 5064] <... close resumed>) = 0 [pid 5726] <... setpgid resumed>) = 0 [pid 5064] rmdir("./5/file0" [pid 5726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... rmdir resumed>) = 0 [pid 5726] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 5726] write(3, "1000", 4 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./5") = 0 [pid 5064] mkdir("./6", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5726] <... write resumed>) = 4 ./strace-static-x86_64: Process 5727 attached [pid 5726] close(3 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 5727 [pid 5727] set_robust_list(0x555557145760, 24 [pid 5726] <... close resumed>) = 0 [pid 5727] <... set_robust_list resumed>) = 0 [pid 5727] chdir("./6") = 0 [pid 5727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5727] setpgid(0, 0) = 0 [pid 5727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5727] write(3, "1000", 4) = 4 [pid 5727] close(3) = 0 [pid 5727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5727] memfd_create("syzkaller", 0) = 3 [pid 5726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5726] memfd_create("syzkaller", 0) = 3 [pid 5727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5709] <... write resumed>) = 16777216 [pid 5709] munmap(0x7fda9371b000, 138412032) = 0 [pid 5724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5709] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [ 70.619931][ T5709] loop2: detected capacity change from 0 to 32768 [pid 5709] mkdir("./file0", 0777) = 0 [pid 5709] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5700] <... write resumed>) = 16777216 [ 70.709473][ T5709] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5709) [pid 5700] munmap(0x7fda9371b000, 138412032) = 0 [pid 5700] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5700] close(3) = 0 [pid 5700] mkdir("./file0", 0777) = 0 [ 70.786680][ T5700] loop5: detected capacity change from 0 to 32768 [pid 5700] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 70.850772][ T5700] BTRFS: device /dev/loop5 using temp-fsid 5c3363c7-83f8-416f-9995-7e8dede9b924 [ 70.869255][ T5700] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5700) [pid 5067] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./5/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./5") = 0 [pid 5067] mkdir("./6", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5733 ./strace-static-x86_64: Process 5733 attached [pid 5733] set_robust_list(0x555557145760, 24) = 0 [pid 5733] chdir("./6") = 0 [pid 5733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5733] setpgid(0, 0) = 0 [pid 5733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5733] write(3, "1000", 4) = 4 [pid 5733] close(3) = 0 [pid 5733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5733] memfd_create("syzkaller", 0) = 3 [pid 5733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5726] <... write resumed>) = 16777216 [pid 5726] munmap(0x7fda9371b000, 138412032) = 0 [pid 5726] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5726] ioctl(4, LOOP_SET_FD, 3 [pid 5724] <... write resumed>) = 16777216 [pid 5724] munmap(0x7fda9371b000, 138412032 [pid 5727] <... write resumed>) = 16777216 [pid 5726] <... ioctl resumed>) = 0 [pid 5727] munmap(0x7fda9371b000, 138412032) = 0 [pid 5726] close(3 [pid 5724] <... munmap resumed>) = 0 [pid 5727] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5726] <... close resumed>) = 0 [pid 5724] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5727] <... openat resumed>) = 4 [pid 5726] mkdir("./file0", 0777 [pid 5724] <... openat resumed>) = 4 [pid 5700] <... mount resumed>) = 0 [pid 5726] <... mkdir resumed>) = 0 [pid 5727] ioctl(4, LOOP_SET_FD, 3 [pid 5724] ioctl(4, LOOP_SET_FD, 3 [pid 5700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5700] chdir("./file0") = 0 [pid 5700] ioctl(4, LOOP_CLR_FD) = 0 [pid 5700] close(4) = 0 [pid 5700] open("./file0", O_RDONLY) = 4 [pid 5700] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 71.265360][ T5726] loop4: detected capacity change from 0 to 32768 [ 71.302181][ T5724] loop1: detected capacity change from 0 to 32768 [pid 5700] open("./file0", O_RDONLY [pid 5726] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5700] <... open resumed>) = 5 [pid 5727] <... ioctl resumed>) = 0 [pid 5727] close(3 [pid 5700] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5727] <... close resumed>) = 0 [pid 5709] <... mount resumed>) = 0 [pid 5727] mkdir("./file0", 0777) = 0 [pid 5700] <... ioctl resumed>) = 0 [pid 5727] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5700] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5709] <... openat resumed>) = 3 [pid 5700] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5709] chdir("./file0" [pid 5700] exit_group(0 [pid 5709] <... chdir resumed>) = 0 [pid 5700] <... exit_group resumed>) = ? [ 71.317607][ T5727] loop0: detected capacity change from 0 to 32768 [ 71.320868][ T5726] BTRFS: device /dev/loop4 using temp-fsid f7be6473-e4b0-4396-b50e-dc361c4641d7 [pid 5733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5724] <... ioctl resumed>) = 0 [pid 5709] ioctl(4, LOOP_CLR_FD [pid 5700] +++ exited with 0 +++ [pid 5709] <... ioctl resumed>) = 0 [pid 5709] close(4) = 0 [pid 5709] open("./file0", O_RDONLY) = 4 [pid 5709] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5724] close(3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5700, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 5724] <... close resumed>) = 0 [pid 5724] mkdir("./file0", 0777 [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5724] <... mkdir resumed>) = 0 [pid 5069] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5724] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5709] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5709] open("./file0", O_RDONLY [pid 5069] <... openat resumed>) = 3 [pid 5709] <... open resumed>) = 5 [pid 5069] newfstatat(3, "", [pid 5709] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5709] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [ 71.358231][ T5726] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5726) [ 71.392733][ T5727] BTRFS: device /dev/loop0 using temp-fsid 979b41df-eb62-4ed2-b69d-b5677f164b93 [pid 5069] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5709] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5709] exit_group(0) = ? [pid 5709] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5709, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5066] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5066] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./6/binderfs" [pid 5066] <... openat resumed>) = 3 [pid 5069] <... unlink resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5069] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 71.415680][ T5727] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5727) [pid 5066] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./6/binderfs") = 0 [ 71.473967][ T5724] BTRFS: device /dev/loop1 using temp-fsid 177abe7b-02dc-43d8-a70d-65f50e800cb6 [ 71.509562][ T5724] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5724) [pid 5066] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5069] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./6/file0", [pid 5066] newfstatat(AT_FDCWD, "./6/file0", [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5726] <... mount resumed>) = 0 [pid 5069] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5726] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5726] chdir("./file0" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(4 [pid 5726] <... chdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5726] ioctl(4, LOOP_CLR_FD [pid 5069] <... openat resumed>) = 4 [pid 5066] rmdir("./6/file0" [pid 5726] <... ioctl resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 5726] close(4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5726] <... close resumed>) = 0 [pid 5069] getdents64(4, [pid 5726] open("./file0", O_RDONLY [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... rmdir resumed>) = 0 [pid 5726] <... open resumed>) = 4 [pid 5069] getdents64(4, [pid 5726] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 5066] getdents64(3, [pid 5069] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5726] <... ioctl resumed>) = 0 [pid 5069] rmdir("./6/file0" [pid 5066] close(3 [pid 5726] open("./file0", O_RDONLY) = 5 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5726] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] getdents64(3, [pid 5733] <... write resumed>) = 16777216 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] rmdir("./6" [pid 5069] close(3) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5069] rmdir("./6" [pid 5066] mkdir("./7", 0777 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5069] mkdir("./7", 0777 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5733] munmap(0x7fda9371b000, 138412032 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5733] <... munmap resumed>) = 0 [pid 5726] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5066] <... ioctl resumed>) = 0 [pid 5726] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5726] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5808 attached [pid 5726] exit_group(0 [pid 5069] <... ioctl resumed>) = 0 [pid 5808] set_robust_list(0x555557145760, 24 [pid 5726] <... exit_group resumed>) = ? [pid 5069] close(3 [pid 5808] <... set_robust_list resumed>) = 0 [pid 5727] <... mount resumed>) = 0 [pid 5726] +++ exited with 0 +++ [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 5808 [pid 5808] chdir("./7" [pid 5727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... close resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5726, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5727] <... openat resumed>) = 3 [pid 5727] chdir("./file0") = 0 [pid 5727] ioctl(4, LOOP_CLR_FD) = 0 [pid 5727] close(4 [pid 5808] <... chdir resumed>) = 0 [pid 5727] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5808] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5727] open("./file0", O_RDONLY [pid 5808] <... prctl resumed>) = 0 [pid 5727] <... open resumed>) = 4 [pid 5808] setpgid(0, 0 [pid 5068] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5810 attached [pid 5808] <... setpgid resumed>) = 0 [pid 5733] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5727] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 5810 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5733] <... openat resumed>) = 4 [pid 5068] <... openat resumed>) = 3 [pid 5810] set_robust_list(0x555557145760, 24 [pid 5733] ioctl(4, LOOP_SET_FD, 3 [pid 5068] newfstatat(3, "", [pid 5810] <... set_robust_list resumed>) = 0 [pid 5808] <... openat resumed>) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5810] chdir("./7" [pid 5808] write(3, "1000", 4 [pid 5727] <... ioctl resumed>) = 0 [pid 5068] getdents64(3, [pid 5808] <... write resumed>) = 4 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5808] close(3 [pid 5068] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5808] <... close resumed>) = 0 [pid 5727] open("./file0", O_RDONLY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5808] symlink("/dev/binderfs", "./binderfs" [pid 5068] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5810] <... chdir resumed>) = 0 [pid 5808] <... symlink resumed>) = 0 [pid 5727] <... open resumed>) = 5 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5808] memfd_create("syzkaller", 0 [pid 5810] <... prctl resumed>) = 0 [pid 5808] <... memfd_create resumed>) = 3 [pid 5068] unlink("./6/binderfs" [pid 5810] setpgid(0, 0 [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5810] <... setpgid resumed>) = 0 [pid 5808] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... unlink resumed>) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5727] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] <... openat resumed>) = 3 [pid 5727] <... ioctl resumed>) = 0 [pid 5810] write(3, "1000", 4 [pid 5727] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5810] <... write resumed>) = 4 [pid 5810] close(3 [pid 5727] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5810] <... close resumed>) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs" [pid 5727] exit_group(0 [pid 5810] <... symlink resumed>) = 0 [pid 5727] <... exit_group resumed>) = ? [pid 5810] memfd_create("syzkaller", 0 [pid 5727] +++ exited with 0 +++ [pid 5810] <... memfd_create resumed>) = 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5727, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5733] <... ioctl resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5733] close(3 [pid 5064] <... openat resumed>) = 3 [pid 5733] <... close resumed>) = 0 [ 71.755037][ T5733] loop3: detected capacity change from 0 to 32768 [pid 5064] newfstatat(3, "", [pid 5733] mkdir("./file0", 0777 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5733] <... mkdir resumed>) = 0 [pid 5064] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./6/binderfs") = 0 [pid 5064] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5733] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5724] <... mount resumed>) = 0 [pid 5724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5724] chdir("./file0") = 0 [pid 5724] ioctl(4, LOOP_CLR_FD) = 0 [ 71.840446][ T5733] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5733) [pid 5724] close(4) = 0 [pid 5724] open("./file0", O_RDONLY) = 4 [pid 5724] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5724] open("./file0", O_RDONLY) = 5 [pid 5724] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5724] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5724] exit_group(0) = ? [pid 5724] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5724, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5065] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./6/binderfs") = 0 [ 71.947033][ T5733] _btrfs_printk: 75 callbacks suppressed [ 71.947046][ T5733] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.984470][ T1047] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./6/file0") = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, [pid 5068] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5064] close(3) = 0 [pid 5064] rmdir("./6") = 0 [ 72.076417][ T5733] BTRFS info (device loop3): force clearing of disk cache [ 72.089501][ T5733] BTRFS info (device loop3): setting nodatasum [pid 5064] mkdir("./7", 0777 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5068] getdents64(4, [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5816 [pid 5068] getdents64(4, ./strace-static-x86_64: Process 5816 attached 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5816] set_robust_list(0x555557145760, 24) = 0 [pid 5816] chdir("./7" [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./6/file0" [pid 5816] <... chdir resumed>) = 0 [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5816] setpgid(0, 0) = 0 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5816] write(3, "1000", 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5816] <... write resumed>) = 4 [pid 5816] close(3) = 0 [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5816] memfd_create("syzkaller", 0 [pid 5068] close(3 [pid 5816] <... memfd_create resumed>) = 3 [pid 5816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... close resumed>) = 0 [ 72.127969][ T5733] BTRFS info (device loop3): allowing degraded mounts [ 72.166180][ T5733] BTRFS info (device loop3): enabling disk space caching [pid 5068] rmdir("./6") = 0 [pid 5068] mkdir("./7", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [ 72.201206][ T5733] BTRFS info (device loop3): disk space caching is enabled [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 5824 ./strace-static-x86_64: Process 5824 attached [pid 5824] set_robust_list(0x555557145760, 24) = 0 [pid 5824] chdir("./7") = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... umount2 resumed>) = 0 [pid 5824] <... prctl resumed>) = 0 [pid 5824] setpgid(0, 0 [pid 5065] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5824] <... setpgid resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./6/file0", [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 5824] <... openat resumed>) = 3 [pid 5810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5824] write(3, "1000", 4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5824] <... write resumed>) = 4 [pid 5065] getdents64(4, [pid 5824] close(3 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5824] <... close resumed>) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./6/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5824] symlink("/dev/binderfs", "./binderfs" [pid 5065] close(3) = 0 [pid 5824] <... symlink resumed>) = 0 [pid 5065] rmdir("./6") = 0 [pid 5065] mkdir("./7", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached [pid 5824] memfd_create("syzkaller", 0 [pid 5832] set_robust_list(0x555557145760, 24 [pid 5824] <... memfd_create resumed>) = 3 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 5832 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] chdir("./7" [pid 5824] <... mmap resumed>) = 0x7fda9371b000 [pid 5832] <... chdir resumed>) = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] memfd_create("syzkaller", 0) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 72.539008][ T5733] BTRFS info (device loop3): enabling ssd optimizations [ 72.545981][ T5733] BTRFS info (device loop3): auto enabling async discard [ 72.639850][ T5733] BTRFS info (device loop3): rebuilding free space tree [ 72.669903][ T5733] BTRFS info (device loop3): disabling free space tree [ 72.676814][ T5733] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5808] <... write resumed>) = 16777216 [pid 5808] munmap(0x7fda9371b000, 138412032) = 0 [pid 5808] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 72.750389][ T5733] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5808] close(3) = 0 [ 72.805150][ T5733] BTRFS info (device loop3): checking UUID tree [ 72.813837][ T5808] loop2: detected capacity change from 0 to 32768 [pid 5808] mkdir("./file0", 0777) = 0 [ 72.870569][ T5808] BTRFS: device /dev/loop2 using temp-fsid d158a297-2a78-4bc9-915b-cbffb2e69c53 [pid 5808] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5733] <... mount resumed>) = 0 [ 72.908921][ T5808] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5808) [pid 5733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5733] chdir("./file0") = 0 [pid 5733] ioctl(4, LOOP_CLR_FD) = 0 [pid 5733] close(4) = 0 [pid 5733] open("./file0", O_RDONLY) = 4 [pid 5733] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5733] <... ioctl resumed>) = 0 [pid 5733] open("./file0", O_RDONLY) = 5 [ 72.980218][ T5808] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5733] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5733] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5733] exit_group(0) = ? [pid 5733] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5733, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5067] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./6/binderfs") = 0 [ 73.020979][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 73.063818][ T5808] BTRFS info (device loop2): force clearing of disk cache [pid 5067] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] <... write resumed>) = 16777216 [pid 5810] munmap(0x7fda9371b000, 138412032) = 0 [pid 5810] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 73.131503][ T5808] BTRFS info (device loop2): setting nodatasum [ 73.150243][ T5808] BTRFS info (device loop2): allowing degraded mounts [ 73.170067][ T5808] BTRFS info (device loop2): enabling disk space caching [pid 5810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5810] close(3) = 0 [pid 5810] mkdir("./file0", 0777) = 0 [pid 5810] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.177359][ T5810] loop5: detected capacity change from 0 to 32768 [ 73.192878][ T5808] BTRFS info (device loop2): disk space caching is enabled [pid 5067] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./6/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./6") = 0 [pid 5067] mkdir("./7", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [ 73.227712][ T5810] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5810) [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached , child_tidptr=0x555557145750) = 5840 [pid 5840] set_robust_list(0x555557145760, 24) = 0 [pid 5840] chdir("./7") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5816] <... write resumed>) = 16777216 [pid 5840] memfd_create("syzkaller", 0 [pid 5816] munmap(0x7fda9371b000, 138412032 [pid 5840] <... memfd_create resumed>) = 3 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5816] <... munmap resumed>) = 0 [ 73.336765][ T5810] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.367991][ T5810] BTRFS info (device loop5): force clearing of disk cache [pid 5840] <... mmap resumed>) = 0x7fda9371b000 [pid 5816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5816] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5816] close(3) = 0 [pid 5816] mkdir("./file0", 0777) = 0 [ 73.382637][ T5810] BTRFS info (device loop5): setting nodatasum [ 73.391940][ T5816] loop0: detected capacity change from 0 to 32768 [ 73.409478][ T5810] BTRFS info (device loop5): allowing degraded mounts [ 73.416252][ T5810] BTRFS info (device loop5): enabling disk space caching [ 73.440482][ T5816] BTRFS: device /dev/loop0 using temp-fsid 02ed2f05-d1f9-43be-b271-b535e080fcdf [ 73.469204][ T5810] BTRFS info (device loop5): disk space caching is enabled [ 73.477804][ T5808] BTRFS info (device loop2): enabling ssd optimizations [ 73.490638][ T5816] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5816) [ 73.498820][ T5808] BTRFS info (device loop2): auto enabling async discard [ 73.517974][ T5808] BTRFS info (device loop2): rebuilding free space tree [pid 5816] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5832] <... write resumed>) = 16777216 [pid 5832] munmap(0x7fda9371b000, 138412032 [pid 5840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... munmap resumed>) = 0 [ 73.561432][ T5808] BTRFS info (device loop2): disabling free space tree [ 73.579236][ T5816] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.593872][ T5808] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5824] <... write resumed>) = 16777216 [pid 5832] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] mkdir("./file0", 0777) = 0 [ 73.605719][ T5832] loop1: detected capacity change from 0 to 32768 [ 73.612340][ T5816] BTRFS info (device loop0): force clearing of disk cache [ 73.620115][ T5816] BTRFS info (device loop0): setting nodatasum [ 73.626486][ T5816] BTRFS info (device loop0): allowing degraded mounts [ 73.633575][ T5816] BTRFS info (device loop0): enabling disk space caching [ 73.644894][ T5832] BTRFS: device /dev/loop1 using temp-fsid 0e31a779-c434-41b5-819f-2accc3352aa9 [pid 5832] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5824] munmap(0x7fda9371b000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 73.653954][ T5808] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.669946][ T5816] BTRFS info (device loop0): disk space caching is enabled [ 73.693163][ T5824] loop4: detected capacity change from 0 to 32768 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] mkdir("./file0", 0777) = 0 [pid 5824] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5808] <... mount resumed>) = 0 [pid 5808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5808] chdir("./file0") = 0 [pid 5808] ioctl(4, LOOP_CLR_FD) = 0 [ 73.700909][ T5832] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5832) [ 73.719658][ T5808] BTRFS info (device loop2): checking UUID tree [pid 5808] close(4) = 0 [pid 5808] open("./file0", O_RDONLY) = 4 [pid 5808] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 73.755830][ T5824] BTRFS: device /dev/loop4 using temp-fsid 031a4f16-8112-46bf-8bd7-b6851e88ed60 [ 73.777601][ T5832] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.797477][ T5810] BTRFS info (device loop5): enabling ssd optimizations [pid 5808] open("./file0", O_RDONLY) = 5 [pid 5808] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5808] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5808] exit_group(0) = ? [ 73.807795][ T5824] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5824) [ 73.835020][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 73.836181][ T5832] BTRFS info (device loop1): force clearing of disk cache [pid 5808] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5808, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./7/binderfs") = 0 [pid 5066] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5840] <... write resumed>) = 16777216 [ 73.851663][ T5810] BTRFS info (device loop5): auto enabling async discard [ 73.860438][ T5832] BTRFS info (device loop1): setting nodatasum [ 73.867475][ T5832] BTRFS info (device loop1): allowing degraded mounts [ 73.879775][ T5824] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.885789][ T5810] BTRFS info (device loop5): rebuilding free space tree [ 73.901621][ T5816] BTRFS info (device loop0): enabling ssd optimizations [ 73.906940][ T5832] BTRFS info (device loop1): enabling disk space caching [ 73.911725][ T5816] BTRFS info (device loop0): auto enabling async discard [ 73.920214][ T5810] BTRFS info (device loop5): disabling free space tree [ 73.922979][ T5824] BTRFS info (device loop4): force clearing of disk cache [ 73.936645][ T5824] BTRFS info (device loop4): setting nodatasum [ 73.943900][ T5824] BTRFS info (device loop4): allowing degraded mounts [ 73.951827][ T5816] BTRFS info (device loop0): rebuilding free space tree [pid 5840] munmap(0x7fda9371b000, 138412032) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 73.960474][ T5824] BTRFS info (device loop4): enabling disk space caching [ 73.967656][ T5824] BTRFS info (device loop4): disk space caching is enabled [ 73.967747][ T5832] BTRFS info (device loop1): disk space caching is enabled [ 73.975747][ T5810] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 73.987188][ T5840] loop3: detected capacity change from 0 to 32768 [ 73.995123][ T5810] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5840] close(3) = 0 [pid 5840] mkdir("./file0", 0777) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5840] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5810] <... mount resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./7/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] rmdir("./7" [pid 5810] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./8", 0777) = 0 [ 74.000593][ T5816] BTRFS info (device loop0): disabling free space tree [ 74.023514][ T5810] BTRFS info (device loop5): checking UUID tree [ 74.047369][ T5840] BTRFS: device /dev/loop3 using temp-fsid 3b877f29-33d5-45c0-b71b-10863dc05602 [pid 5810] chdir("./file0" [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5902 [pid 5810] <... chdir resumed>) = 0 [pid 5810] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 5902 attached [pid 5902] set_robust_list(0x555557145760, 24 [pid 5810] <... ioctl resumed>) = 0 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5810] close(4 [pid 5902] chdir("./8" [pid 5810] <... close resumed>) = 0 [pid 5902] <... chdir resumed>) = 0 [pid 5810] open("./file0", O_RDONLY) = 4 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [ 74.064467][ T5816] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.087459][ T5840] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5840) [ 74.101354][ T5816] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5902] symlink("/dev/binderfs", "./binderfs" [pid 5810] <... ioctl resumed>) = 0 [pid 5902] <... symlink resumed>) = 0 [pid 5810] open("./file0", O_RDONLY) = 5 [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5810] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5902] <... mmap resumed>) = 0x7fda9371b000 [pid 5810] <... ioctl resumed>) = 0 [pid 5810] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5810] exit_group(0) = ? [pid 5810] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5810, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=41 /* 0.41 s */} --- [ 74.128452][ T5840] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.143530][ T5840] BTRFS info (device loop3): force clearing of disk cache [ 74.156270][ T5840] BTRFS info (device loop3): setting nodatasum [ 74.165928][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./7/binderfs") = 0 [ 74.178960][ T5840] BTRFS info (device loop3): allowing degraded mounts [ 74.185734][ T5840] BTRFS info (device loop3): enabling disk space caching [ 74.197794][ T5824] BTRFS info (device loop4): enabling ssd optimizations [ 74.205211][ T5840] BTRFS info (device loop3): disk space caching is enabled [ 74.218665][ T5816] BTRFS info (device loop0): checking UUID tree [pid 5069] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5816] <... mount resumed>) = 0 [pid 5816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5816] chdir("./file0") = 0 [pid 5816] ioctl(4, LOOP_CLR_FD) = 0 [pid 5816] close(4) = 0 [pid 5816] open("./file0", O_RDONLY) = 4 [ 74.233383][ T5824] BTRFS info (device loop4): auto enabling async discard [ 74.259395][ T5832] BTRFS info (device loop1): enabling ssd optimizations [pid 5816] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5816] open("./file0", O_RDONLY) = 5 [pid 5816] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5816] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5816] exit_group(0) = ? [pid 5816] +++ exited with 0 +++ [ 74.278214][ T5824] BTRFS info (device loop4): rebuilding free space tree [ 74.303200][ T5832] BTRFS info (device loop1): auto enabling async discard [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5816, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./7/binderfs") = 0 [ 74.344281][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 74.355478][ T5832] BTRFS info (device loop1): rebuilding free space tree [pid 5064] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./7/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [ 74.396376][ T5840] BTRFS info (device loop3): enabling ssd optimizations [ 74.407019][ T5824] BTRFS info (device loop4): disabling free space tree [ 74.424073][ T5832] BTRFS info (device loop1): disabling free space tree [ 74.434547][ T5840] BTRFS info (device loop3): auto enabling async discard [pid 5069] rmdir("./7") = 0 [pid 5069] mkdir("./8", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5935 ./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x555557145760, 24) = 0 [ 74.461866][ T5824] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.482504][ T5832] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5935] chdir("./8") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [ 74.512352][ T5840] BTRFS info (device loop3): rebuilding free space tree [ 74.525456][ T5824] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.525644][ T5832] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5935] memfd_create("syzkaller", 0) = 3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 74.567758][ T5840] BTRFS info (device loop3): disabling free space tree [ 74.578863][ T5840] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.588516][ T5840] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./7/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./7") = 0 [pid 5064] mkdir("./8", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... mount resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 5937 [pid 5832] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5937 attached [pid 5832] chdir("./file0" [pid 5937] set_robust_list(0x555557145760, 24 [pid 5832] <... chdir resumed>) = 0 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5832] ioctl(4, LOOP_CLR_FD [pid 5937] chdir("./8" [pid 5832] <... ioctl resumed>) = 0 [ 74.631479][ T5832] BTRFS info (device loop1): checking UUID tree [ 74.650170][ T5824] BTRFS info (device loop4): checking UUID tree [pid 5937] <... chdir resumed>) = 0 [pid 5832] close(4 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... close resumed>) = 0 [pid 5937] <... prctl resumed>) = 0 [pid 5832] open("./file0", O_RDONLY [pid 5937] setpgid(0, 0 [pid 5832] <... open resumed>) = 4 [pid 5937] <... setpgid resumed>) = 0 [pid 5832] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] open("./file0", O_RDONLY [pid 5937] <... mmap resumed>) = 0x7fda9371b000 [pid 5832] <... open resumed>) = 5 [pid 5824] <... mount resumed>) = 0 [pid 5832] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5832] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5832] exit_group(0) = ? [pid 5832] +++ exited with 0 +++ [pid 5824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- [pid 5824] <... openat resumed>) = 3 [pid 5065] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5824] chdir("./file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 74.691889][ T5840] BTRFS info (device loop3): checking UUID tree [pid 5824] <... chdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5824] ioctl(4, LOOP_CLR_FD [pid 5065] <... openat resumed>) = 3 [pid 5840] <... mount resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] chdir("./file0") = 0 [pid 5840] ioctl(4, LOOP_CLR_FD) = 0 [pid 5840] close(4) = 0 [pid 5840] open("./file0", O_RDONLY) = 4 [pid 5065] newfstatat(3, "", [pid 5840] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5824] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5824] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5824] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5824] open("./file0", O_RDONLY [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] <... ioctl resumed>) = 0 [pid 5824] <... open resumed>) = 4 [pid 5065] unlink("./7/binderfs" [pid 5840] open("./file0", O_RDONLY) = 5 [pid 5840] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5840] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5840] exit_group(0 [ 74.769650][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5824] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5840] <... exit_group resumed>) = ? [pid 5840] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- [pid 5067] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5824] <... ioctl resumed>) = 0 [pid 5067] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5824] open("./file0", O_RDONLY) = 5 [pid 5824] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./7/binderfs" [pid 5824] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... unlink resumed>) = 0 [pid 5824] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5824] exit_group(0) = ? [pid 5824] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5824, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- [pid 5068] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.867601][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5068] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./7/binderfs") = 0 [ 74.941877][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./7/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./7") = 0 [pid 5067] mkdir("./8", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5943 attached [pid 5943] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 5943 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5943] chdir("./8") = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5943] write(3, "1000", 4 [pid 5065] <... umount2 resumed>) = 0 [pid 5943] <... write resumed>) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5943] memfd_create("syzkaller", 0) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5065] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./7/file0" [pid 5902] <... write resumed>) = 16777216 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./7") = 0 [pid 5065] mkdir("./8", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5902] munmap(0x7fda9371b000, 138412032 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 5944 [pid 5902] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5944 attached [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5944] set_robust_list(0x555557145760, 24 [pid 5902] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5944] <... set_robust_list resumed>) = 0 [pid 5902] <... openat resumed>) = 4 [pid 5944] chdir("./8" [pid 5902] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... umount2 resumed>) = 0 [pid 5944] <... chdir resumed>) = 0 [pid 5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./7/file0" [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5944] <... prctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5944] setpgid(0, 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./7") = 0 [pid 5068] mkdir("./8", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached [pid 5945] set_robust_list(0x555557145760, 24 [pid 5944] <... setpgid resumed>) = 0 [pid 5902] <... ioctl resumed>) = 0 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5902] close(3 [pid 5945] chdir("./8") = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 5945 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 75.273305][ T5902] loop2: detected capacity change from 0 to 32768 [pid 5945] setpgid(0, 0) = 0 [pid 5944] <... openat resumed>) = 3 [pid 5902] <... close resumed>) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5902] mkdir("./file0", 0777 [pid 5944] write(3, "1000", 4) = 4 [pid 5945] <... openat resumed>) = 3 [pid 5944] close(3 [pid 5902] <... mkdir resumed>) = 0 [pid 5944] <... close resumed>) = 0 [pid 5902] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3 [pid 5944] symlink("/dev/binderfs", "./binderfs" [pid 5945] <... close resumed>) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5944] <... symlink resumed>) = 0 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5944] memfd_create("syzkaller", 0) = 3 [ 75.323512][ T5902] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (5902) [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 75.456268][ T5902] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5937] <... write resumed>) = 16777216 [pid 5937] munmap(0x7fda9371b000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] mkdir("./file0", 0777) = 0 [ 75.752412][ T5937] loop0: detected capacity change from 0 to 32768 [ 75.789655][ T5937] BTRFS: device /dev/loop0 using temp-fsid 7f24d4e0-b25c-4c2d-ba54-22957953c6f2 [ 75.799120][ T5937] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5937) [pid 5937] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5902] <... mount resumed>) = 0 [pid 5902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./file0" [pid 5935] <... write resumed>) = 16777216 [pid 5902] <... chdir resumed>) = 0 [pid 5902] ioctl(4, LOOP_CLR_FD) = 0 [pid 5902] close(4) = 0 [pid 5902] open("./file0", O_RDONLY) = 4 [pid 5902] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5935] munmap(0x7fda9371b000, 138412032 [pid 5902] <... ioctl resumed>) = 0 [pid 5935] <... munmap resumed>) = 0 [pid 5902] open("./file0", O_RDONLY) = 5 [pid 5902] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5902] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5902] exit_group(0) = ? [pid 5902] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5066] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 76.000580][ T8] cfg80211: failed to load regulatory.db [pid 5066] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5935] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./8/binderfs" [pid 5935] <... openat resumed>) = 4 [pid 5066] <... unlink resumed>) = 0 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [pid 5066] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5945] <... write resumed>) = 16777216 [pid 5945] munmap(0x7fda9371b000, 138412032 [pid 5935] <... ioctl resumed>) = 0 [pid 5935] close(3) = 0 [pid 5935] mkdir("./file0", 0777) = 0 [pid 5945] <... munmap resumed>) = 0 [ 76.073266][ T5935] loop5: detected capacity change from 0 to 32768 [pid 5935] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5945] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5937] <... mount resumed>) = 0 [pid 5937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] <... openat resumed>) = 4 [pid 5937] chdir("./file0" [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5937] <... chdir resumed>) = 0 [pid 5937] ioctl(4, LOOP_CLR_FD) = 0 [pid 5937] close(4) = 0 [pid 5937] open("./file0", O_RDONLY) = 4 [pid 5937] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5945] <... ioctl resumed>) = 0 [pid 5937] open("./file0", O_RDONLY) = 5 [pid 5937] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5945] close(3) = 0 [pid 5945] mkdir("./file0", 0777 [pid 5937] <... ioctl resumed>) = 0 [pid 5945] <... mkdir resumed>) = 0 [pid 5937] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [ 76.131042][ T5935] BTRFS: device /dev/loop5 using temp-fsid 6eb2035c-b047-454d-9b58-dd35a5624ffb [ 76.159856][ T5945] loop4: detected capacity change from 0 to 32768 [pid 5945] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5937] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5937] exit_group(0) = ? [pid 5937] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5064] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./8/binderfs") = 0 [ 76.191995][ T5935] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (5935) [ 76.243642][ T5945] BTRFS: device /dev/loop4 using temp-fsid a8bde173-49b7-4900-a70e-c2bcdea3e601 [pid 5064] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] <... write resumed>) = 16777216 [pid 5943] munmap(0x7fda9371b000, 138412032) = 0 [ 76.297293][ T5945] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (5945) [pid 5943] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 5943] <... ioctl resumed>) = 0 [pid 5066] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5943] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] newfstatat(AT_FDCWD, "./8/file0", [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] close(4 [pid 5943] <... close resumed>) = 0 [pid 5066] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5943] mkdir("./file0", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./8/file0" [pid 5943] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5943] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... openat resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 76.383652][ T5943] loop3: detected capacity change from 0 to 32768 [pid 5064] close(3 [pid 5944] <... write resumed>) = 16777216 [pid 5066] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] rmdir("./8" [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./8/file0" [pid 5064] mkdir("./9", 0777 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5066] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5944] munmap(0x7fda9371b000, 138412032 [pid 5066] <... close resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5944] <... munmap resumed>) = 0 [pid 5066] rmdir("./8" [pid 5064] close(3 [pid 5944] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5944] <... openat resumed>) = 4 [pid 5066] mkdir("./9", 0777 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6008 attached [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6008] set_robust_list(0x555557145760, 24 [pid 5066] <... openat resumed>) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 6008 [pid 6008] <... set_robust_list resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6008] chdir("./9") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 6010 attached [pid 6010] set_robust_list(0x555557145760, 24 [pid 6008] <... prctl resumed>) = 0 [pid 6008] setpgid(0, 0 [pid 6010] <... set_robust_list resumed>) = 0 [pid 6008] <... setpgid resumed>) = 0 [pid 6010] chdir("./9" [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 6010 [pid 6010] <... chdir resumed>) = 0 [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] <... ioctl resumed>) = 0 [pid 6010] setpgid(0, 0 [pid 5944] close(3 [pid 6010] <... setpgid resumed>) = 0 [pid 5944] <... close resumed>) = 0 [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5944] mkdir("./file0", 0777 [pid 6010] <... openat resumed>) = 3 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5935] <... mount resumed>) = 0 [pid 6008] <... openat resumed>) = 3 [pid 5935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6008] write(3, "1000", 4 [pid 5935] <... openat resumed>) = 3 [pid 6008] <... write resumed>) = 4 [pid 5935] chdir("./file0") = 0 [pid 5935] ioctl(4, LOOP_CLR_FD [pid 6008] close(3 [pid 5935] <... ioctl resumed>) = 0 [pid 6008] <... close resumed>) = 0 [pid 5935] close(4 [pid 6008] symlink("/dev/binderfs", "./binderfs" [pid 5935] <... close resumed>) = 0 [pid 6008] <... symlink resumed>) = 0 [pid 5935] open("./file0", O_RDONLY) = 4 [pid 6008] memfd_create("syzkaller", 0 [pid 5935] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6010] write(3, "1000", 4 [pid 6008] <... memfd_create resumed>) = 3 [pid 5944] <... mkdir resumed>) = 0 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6010] <... write resumed>) = 4 [pid 5944] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6010] close(3) = 0 [ 76.433043][ T5943] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (5943) [ 76.468206][ T5944] loop1: detected capacity change from 0 to 32768 [pid 6010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6010] memfd_create("syzkaller", 0) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 76.513761][ T5944] BTRFS: device /dev/loop1 using temp-fsid a0cfa157-26bc-4316-aca2-3bc0cb469640 [ 76.523560][ T5944] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (5944) [pid 5935] <... ioctl resumed>) = 0 [pid 5935] open("./file0", O_RDONLY) = 5 [pid 5935] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5935] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5935] exit_group(0) = ? [pid 6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5935] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5069] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", [pid 5945] <... mount resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5945] <... openat resumed>) = 3 [pid 5069] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5945] chdir("./file0" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5945] <... chdir resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5945] ioctl(4, LOOP_CLR_FD [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./8/binderfs") = 0 [pid 5069] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5945] <... ioctl resumed>) = 0 [pid 5945] close(4) = 0 [pid 5945] open("./file0", O_RDONLY) = 4 [pid 5945] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5945] open("./file0", O_RDONLY) = 5 [pid 5945] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5945] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5945] exit_group(0) = ? [pid 5945] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- [pid 5068] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./8/binderfs") = 0 [pid 5068] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./file0") = 0 [pid 5943] ioctl(4, LOOP_CLR_FD) = 0 [pid 5943] close(4) = 0 [pid 5069] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] open("./file0", O_RDONLY) = 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5943] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./8/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5943] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 5943] open("./file0", O_RDONLY [pid 5069] <... close resumed>) = 0 [pid 5943] <... open resumed>) = 5 [pid 5069] rmdir("./8" [pid 5943] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./9", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5943] <... ioctl resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5943] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5943] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5943] exit_group(0) = ? [pid 5943] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 6047 [pid 5067] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6047 attached ) = -1 EINVAL (Invalid argument) [pid 6047] set_robust_list(0x555557145760, 24 [pid 5067] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6047] <... set_robust_list resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 6047] chdir("./9" [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 6047] <... chdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6047] <... prctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6047] setpgid(0, 0 [pid 5067] newfstatat(AT_FDCWD, "./8/binderfs", [pid 6047] <... setpgid resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] unlink("./8/binderfs" [pid 6047] <... openat resumed>) = 3 [pid 5067] <... unlink resumed>) = 0 [pid 6047] write(3, "1000", 4 [pid 5067] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6047] <... write resumed>) = 4 [pid 6047] close(3) = 0 [pid 6047] symlink("/dev/binderfs", "./binderfs") = 0 [ 76.975748][ T5944] _btrfs_printk: 78 callbacks suppressed [ 76.975761][ T5944] BTRFS info (device loop1): disabling free space tree [pid 6047] memfd_create("syzkaller", 0) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 77.018913][ T5944] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 77.048838][ T5944] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.117553][ T5944] BTRFS info (device loop1): checking UUID tree [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./8/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./8") = 0 [pid 5068] mkdir("./9", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6050 attached , child_tidptr=0x555557145750) = 6050 [pid 6050] set_robust_list(0x555557145760, 24) = 0 [pid 6050] chdir("./9") = 0 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6050] setpgid(0, 0) = 0 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6050] write(3, "1000", 4) = 4 [pid 6050] close(3) = 0 [pid 6050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6050] memfd_create("syzkaller", 0 [pid 5944] <... mount resumed>) = 0 [pid 5944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5944] chdir("./file0") = 0 [pid 5944] ioctl(4, LOOP_CLR_FD) = 0 [pid 5944] close(4) = 0 [pid 5944] open("./file0", O_RDONLY [pid 6050] <... memfd_create resumed>) = 3 [pid 5944] <... open resumed>) = 4 [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5944] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6050] <... mmap resumed>) = 0x7fda9371b000 [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6008] <... write resumed>) = 16777216 [pid 6008] munmap(0x7fda9371b000, 138412032 [pid 5944] <... ioctl resumed>) = 0 [pid 5944] open("./file0", O_RDONLY) = 5 [pid 5944] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6008] <... munmap resumed>) = 0 [pid 5944] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5944] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5067] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5944] exit_group(0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5944] <... exit_group resumed>) = ? [pid 5067] newfstatat(AT_FDCWD, "./8/file0", [pid 5944] +++ exited with 0 +++ [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./8/binderfs") = 0 [pid 5065] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] getdents64(4, [pid 6008] <... openat resumed>) = 4 [pid 6008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./8/file0" [pid 6008] close(3) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 6008] mkdir("./file0", 0777 [ 77.364841][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 77.381710][ T6008] loop0: detected capacity change from 0 to 32768 [pid 5067] getdents64(3, [pid 6008] <... mkdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 6008] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] rmdir("./8") = 0 [pid 5067] mkdir("./9", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 6051 [pid 6051] <... set_robust_list resumed>) = 0 [ 77.440675][ T6008] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6008) [pid 6051] chdir("./9") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] memfd_create("syzkaller", 0) = 3 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 77.631588][ T6008] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.698984][ T6008] BTRFS info (device loop0): force clearing of disk cache [ 77.706299][ T6008] BTRFS info (device loop0): setting nodatasum [ 77.738848][ T6008] BTRFS info (device loop0): allowing degraded mounts [pid 5065] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./8/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./8") = 0 [ 77.761272][ T6008] BTRFS info (device loop0): enabling disk space caching [ 77.768452][ T6008] BTRFS info (device loop0): disk space caching is enabled [pid 5065] mkdir("./9", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6058 ./strace-static-x86_64: Process 6058 attached [pid 6058] set_robust_list(0x555557145760, 24 [pid 6050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6058] <... set_robust_list resumed>) = 0 [pid 6058] chdir("./9") = 0 [pid 6058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6058] setpgid(0, 0) = 0 [pid 6058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6058] write(3, "1000", 4) = 4 [pid 6058] close(3) = 0 [pid 6058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6058] memfd_create("syzkaller", 0) = 3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6047] <... write resumed>) = 16777216 [pid 6047] munmap(0x7fda9371b000, 138412032) = 0 [pid 6010] <... write resumed>) = 16777216 [ 78.111478][ T6008] BTRFS info (device loop0): enabling ssd optimizations [ 78.118640][ T6008] BTRFS info (device loop0): auto enabling async discard [pid 6010] munmap(0x7fda9371b000, 138412032 [pid 6047] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3 [pid 6051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6047] <... ioctl resumed>) = 0 [pid 6010] <... munmap resumed>) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6047] close(3) = 0 [pid 6010] <... openat resumed>) = 4 [pid 6047] mkdir("./file0", 0777 [pid 6010] ioctl(4, LOOP_SET_FD, 3 [pid 6047] <... mkdir resumed>) = 0 [ 78.172580][ T6047] loop5: detected capacity change from 0 to 32768 [ 78.181712][ T6008] BTRFS info (device loop0): rebuilding free space tree [ 78.207934][ T6010] loop2: detected capacity change from 0 to 32768 [pid 6047] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6010] <... ioctl resumed>) = 0 [pid 6010] close(3) = 0 [pid 6010] mkdir("./file0", 0777) = 0 [ 78.224193][ T6047] BTRFS: device /dev/loop5 using temp-fsid 10f254dc-73f4-4014-ab78-744eda866d99 [ 78.253829][ T6008] BTRFS info (device loop0): disabling free space tree [ 78.255901][ T6047] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6047) [ 78.278893][ T6008] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.288534][ T6008] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.348934][ T6010] BTRFS: device /dev/loop2 using temp-fsid 396fc313-ed25-43bb-9103-187c1b50c950 [ 78.349821][ T6047] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.358143][ T6010] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6010) [pid 6010] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 78.393838][ T6047] BTRFS info (device loop5): force clearing of disk cache [ 78.412733][ T6008] BTRFS info (device loop0): checking UUID tree [ 78.431803][ T6010] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.434528][ T6047] BTRFS info (device loop5): setting nodatasum [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6008] <... mount resumed>) = 0 [pid 6008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6050] <... write resumed>) = 16777216 [pid 6008] chdir("./file0") = 0 [pid 6008] ioctl(4, LOOP_CLR_FD) = 0 [pid 6008] close(4) = 0 [pid 6050] munmap(0x7fda9371b000, 138412032) = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6008] open("./file0", O_RDONLY [pid 6050] <... openat resumed>) = 4 [pid 6008] <... open resumed>) = 4 [ 78.466250][ T6047] BTRFS info (device loop5): allowing degraded mounts [ 78.473257][ T6010] BTRFS info (device loop2): force clearing of disk cache [ 78.473276][ T6010] BTRFS info (device loop2): setting nodatasum [ 78.473292][ T6010] BTRFS info (device loop2): allowing degraded mounts [ 78.473309][ T6010] BTRFS info (device loop2): enabling disk space caching [ 78.485972][ T6047] BTRFS info (device loop5): enabling disk space caching [pid 6050] ioctl(4, LOOP_SET_FD, 3 [pid 6008] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6050] <... ioctl resumed>) = 0 [pid 6008] <... ioctl resumed>) = 0 [pid 6008] open("./file0", O_RDONLY) = 5 [pid 6008] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6008] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6008] exit_group(0) = ? [pid 6008] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./9/binderfs") = 0 [pid 5064] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6050] close(3) = 0 [pid 6050] mkdir("./file0", 0777) = 0 [ 78.510296][ T6050] loop4: detected capacity change from 0 to 32768 [ 78.519245][ T6010] BTRFS info (device loop2): disk space caching is enabled [ 78.552709][ T6047] BTRFS info (device loop5): disk space caching is enabled [ 78.557675][ T6050] BTRFS: device /dev/loop4 using temp-fsid 3b652b11-232a-457a-ac8d-95fc055a7a3f [ 78.592810][ T6050] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6050) [ 78.595799][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 6050] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6051] <... write resumed>) = 16777216 [ 78.650086][ T6050] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.678885][ T6050] BTRFS info (device loop4): force clearing of disk cache [ 78.686133][ T6050] BTRFS info (device loop4): setting nodatasum [ 78.688746][ T6010] BTRFS info (device loop2): enabling ssd optimizations [pid 6051] munmap(0x7fda9371b000, 138412032) = 0 [pid 6051] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 78.701283][ T6010] BTRFS info (device loop2): auto enabling async discard [ 78.711245][ T6010] BTRFS info (device loop2): rebuilding free space tree [ 78.729962][ T6050] BTRFS info (device loop4): allowing degraded mounts [ 78.739303][ T6050] BTRFS info (device loop4): enabling disk space caching [pid 6051] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.741250][ T6010] BTRFS info (device loop2): disabling free space tree [ 78.746345][ T6050] BTRFS info (device loop4): disk space caching is enabled [ 78.763534][ T6051] loop3: detected capacity change from 0 to 32768 [ 78.763803][ T6010] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.779683][ T6010] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.794204][ T6047] BTRFS info (device loop5): enabling ssd optimizations [pid 5064] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6051] <... ioctl resumed>) = 0 [pid 6010] <... mount resumed>) = 0 [pid 6051] close(3) = 0 [pid 6010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6051] mkdir("./file0", 0777 [pid 6010] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 4 [pid 6051] <... mkdir resumed>) = 0 [pid 5064] newfstatat(4, "", [ 78.795387][ T6010] BTRFS info (device loop2): checking UUID tree [ 78.809020][ T6047] BTRFS info (device loop5): auto enabling async discard [ 78.819484][ T6047] BTRFS info (device loop5): rebuilding free space tree [ 78.834720][ T6051] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6051) [pid 6051] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6010] chdir("./file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 6010] <... chdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6010] ioctl(4, LOOP_CLR_FD) = 0 [ 78.836573][ T6047] BTRFS info (device loop5): disabling free space tree [ 78.856329][ T6047] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.866434][ T6047] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.886088][ T6047] BTRFS info (device loop5): checking UUID tree [pid 5064] getdents64(4, [pid 6010] close(4 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./9/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./9") = 0 [pid 5064] mkdir("./10", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6109 [pid 6010] <... close resumed>) = 0 [pid 6010] open("./file0", O_RDONLY) = 4 ./strace-static-x86_64: Process 6109 attached [pid 6010] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6109] set_robust_list(0x555557145760, 24) = 0 [pid 6109] chdir("./10") = 0 [pid 6109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6109] setpgid(0, 0) = 0 [pid 6109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6109] write(3, "1000", 4) = 4 [pid 6109] close(3) = 0 [pid 6109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6109] memfd_create("syzkaller", 0) = 3 [pid 6010] <... ioctl resumed>) = 0 [ 78.895223][ T6051] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6010] open("./file0", O_RDONLY [pid 6109] <... mmap resumed>) = 0x7fda9371b000 [pid 6010] <... open resumed>) = 5 [pid 6047] <... mount resumed>) = 0 [pid 6010] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6010] <... ioctl resumed>) = 0 [pid 6047] chdir("./file0" [pid 6010] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6047] <... chdir resumed>) = 0 [pid 6010] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6047] ioctl(4, LOOP_CLR_FD) = 0 [pid 6010] exit_group(0 [pid 6047] close(4) = 0 [pid 6047] open("./file0", O_RDONLY [pid 6010] <... exit_group resumed>) = ? [ 78.943215][ T6051] BTRFS info (device loop3): force clearing of disk cache [ 78.961967][ T2855] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 78.969453][ T6051] BTRFS info (device loop3): setting nodatasum [pid 6010] +++ exited with 0 +++ [pid 6047] <... open resumed>) = 4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6010, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 6058] <... write resumed>) = 16777216 [pid 6047] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6058] munmap(0x7fda9371b000, 138412032 [pid 6047] <... ioctl resumed>) = 0 [pid 6058] <... munmap resumed>) = 0 [pid 6047] open("./file0", O_RDONLY [pid 5066] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6047] <... open resumed>) = 5 [pid 5066] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6047] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5066] <... openat resumed>) = 3 [pid 6047] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] newfstatat(3, "", [pid 6047] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6047] exit_group(0 [pid 5066] getdents64(3, [pid 6047] <... exit_group resumed>) = ? [pid 6047] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- [pid 5066] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 78.989507][ T6051] BTRFS info (device loop3): allowing degraded mounts [ 79.010962][ T6051] BTRFS info (device loop3): enabling disk space caching [ 79.018009][ T6051] BTRFS info (device loop3): disk space caching is enabled [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6058] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... openat resumed>) = 3 [pid 5066] unlink("./9/binderfs" [pid 5069] newfstatat(3, "", [pid 5066] <... unlink resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6058] <... openat resumed>) = 4 [pid 5069] getdents64(3, [pid 6058] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6058] <... ioctl resumed>) = 0 [pid 5069] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6058] close(3) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6058] mkdir("./file0", 0777 [pid 5069] newfstatat(AT_FDCWD, "./9/binderfs", [pid 6058] <... mkdir resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6058] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] unlink("./9/binderfs") = 0 [ 79.083546][ T6050] BTRFS info (device loop4): enabling ssd optimizations [ 79.083607][ T6058] loop1: detected capacity change from 0 to 32768 [ 79.099651][ T12] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 79.108817][ T6050] BTRFS info (device loop4): auto enabling async discard [ 79.117873][ T6058] BTRFS: device /dev/loop1 using temp-fsid 7ce21ac0-b132-4fb0-9d2e-f142a9a3c6aa [ 79.130535][ T6050] BTRFS info (device loop4): rebuilding free space tree [ 79.172052][ T6050] BTRFS info (device loop4): disabling free space tree [ 79.196471][ T6058] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6058) [pid 5069] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 79.214698][ T6050] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 79.248979][ T6050] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6050] <... mount resumed>) = 0 [pid 6050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6050] chdir("./file0") = 0 [pid 6050] ioctl(4, LOOP_CLR_FD) = 0 [pid 6050] close(4) = 0 [pid 6050] open("./file0", O_RDONLY) = 4 [ 79.291914][ T6050] BTRFS info (device loop4): checking UUID tree [ 79.298312][ T6058] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 79.308837][ T6051] BTRFS info (device loop3): enabling ssd optimizations [ 79.315777][ T6051] BTRFS info (device loop3): auto enabling async discard [pid 6050] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5069] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./9/file0", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] <... ioctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 6050] open("./file0", O_RDONLY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6050] <... open resumed>) = 5 [pid 5066] getdents64(4, [pid 6050] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6050] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6050] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] close(4 [pid 6050] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 6050] exit_group(0 [pid 5066] rmdir("./9/file0" [pid 6050] <... exit_group resumed>) = ? [pid 5066] <... rmdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6050] +++ exited with 0 +++ [pid 5069] <... openat resumed>) = 4 [pid 5066] getdents64(3, [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 79.335627][ T6058] BTRFS info (device loop1): force clearing of disk cache [ 79.346590][ T6058] BTRFS info (device loop1): setting nodatasum [ 79.352896][ T6051] BTRFS info (device loop3): rebuilding free space tree [ 79.368726][ T6058] BTRFS info (device loop1): allowing degraded mounts [pid 5069] getdents64(4, [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3) = 0 [pid 5066] rmdir("./9") = 0 [pid 5069] getdents64(4, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] mkdir("./10", 0777 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... mkdir resumed>) = 0 [pid 5069] close(4 [pid 5068] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6141 attached [ 79.397002][ T6058] BTRFS info (device loop1): enabling disk space caching [ 79.407810][ T6058] BTRFS info (device loop1): disk space caching is enabled [ 79.411141][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 79.416049][ T6051] BTRFS info (device loop3): disabling free space tree [ 79.434840][ T6051] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] newfstatat(3, "", [pid 6141] set_robust_list(0x555557145760, 24 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6141] <... set_robust_list resumed>) = 0 [pid 5068] getdents64(3, [pid 6141] chdir("./10" [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6141] <... chdir resumed>) = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 6141 [pid 6141] <... prctl resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./9/binderfs", [pid 6141] setpgid(0, 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6141] <... setpgid resumed>) = 0 [pid 5068] unlink("./9/binderfs") = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... close resumed>) = 0 [pid 5068] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6141] <... openat resumed>) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 5069] rmdir("./9/file0" [pid 6141] close(3) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] getdents64(3, [pid 6141] memfd_create("syzkaller", 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 6141] <... memfd_create resumed>) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 79.445339][ T6051] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 79.462286][ T6051] BTRFS info (device loop3): checking UUID tree [pid 5069] close(3) = 0 [pid 6051] <... mount resumed>) = 0 [pid 5069] rmdir("./9" [pid 6051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... rmdir resumed>) = 0 [pid 6051] <... openat resumed>) = 3 [pid 6051] chdir("./file0") = 0 [pid 6051] ioctl(4, LOOP_CLR_FD) = 0 [pid 6051] close(4) = 0 [pid 5069] mkdir("./10", 0777 [pid 6051] open("./file0", O_RDONLY [pid 5069] <... mkdir resumed>) = 0 [pid 6051] <... open resumed>) = 4 [pid 6051] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6149 attached [pid 6149] set_robust_list(0x555557145760, 24) = 0 [pid 6149] chdir("./10") = 0 [pid 6149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6149] setpgid(0, 0 [pid 6051] <... ioctl resumed>) = 0 [pid 6149] <... setpgid resumed>) = 0 [pid 6149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] open("./file0", O_RDONLY [pid 6149] write(3, "1000", 4 [pid 6051] <... open resumed>) = 5 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 6149 [pid 6149] <... write resumed>) = 4 [pid 6051] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6149] close(3) = 0 [pid 6149] symlink("/dev/binderfs", "./binderfs" [pid 6051] <... ioctl resumed>) = 0 [pid 6051] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6149] <... symlink resumed>) = 0 [pid 6051] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6149] memfd_create("syzkaller", 0 [pid 6051] exit_group(0) = ? [pid 6149] <... memfd_create resumed>) = 3 [pid 6051] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [pid 6149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./9/binderfs") = 0 [ 79.614830][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./9/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [ 79.769267][ T6058] BTRFS info (device loop1): enabling ssd optimizations [ 79.776381][ T6058] BTRFS info (device loop1): auto enabling async discard [pid 5068] rmdir("./9") = 0 [pid 5068] mkdir("./10", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6158 ./strace-static-x86_64: Process 6158 attached [pid 6158] set_robust_list(0x555557145760, 24) = 0 [pid 6158] chdir("./10") = 0 [pid 6158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6158] setpgid(0, 0) = 0 [pid 6158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6158] write(3, "1000", 4) = 4 [pid 6158] close(3) = 0 [ 79.831224][ T6058] BTRFS info (device loop1): rebuilding free space tree [pid 6158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6158] memfd_create("syzkaller", 0) = 3 [pid 6109] <... write resumed>) = 16777216 [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] <... umount2 resumed>) = 0 [pid 6109] munmap(0x7fda9371b000, 138412032 [pid 5067] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6109] <... munmap resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 79.933950][ T6058] BTRFS info (device loop1): disabling free space tree [pid 5067] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./9/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./9") = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] mkdir("./10", 0777 [pid 6109] <... openat resumed>) = 4 [pid 5067] <... mkdir resumed>) = 0 [pid 6109] ioctl(4, LOOP_SET_FD, 3 [ 79.989875][ T6058] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 80.008848][ T6058] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6159 ./strace-static-x86_64: Process 6159 attached [pid 6159] set_robust_list(0x555557145760, 24) = 0 [pid 6159] chdir("./10") = 0 [ 80.034133][ T6109] loop0: detected capacity change from 0 to 32768 [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6159] setpgid(0, 0 [pid 6109] <... ioctl resumed>) = 0 [pid 6159] <... setpgid resumed>) = 0 [pid 6109] close(3 [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6109] <... close resumed>) = 0 [pid 6159] <... openat resumed>) = 3 [pid 6109] mkdir("./file0", 0777 [pid 6159] write(3, "1000", 4 [pid 6109] <... mkdir resumed>) = 0 [pid 6159] <... write resumed>) = 4 [pid 6109] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6159] close(3) = 0 [pid 6159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6159] memfd_create("syzkaller", 0) = 3 [pid 6159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 80.069304][ T6058] BTRFS info (device loop1): checking UUID tree [ 80.095535][ T6109] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6109) [pid 6058] <... mount resumed>) = 0 [pid 6058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6058] chdir("./file0") = 0 [pid 6058] ioctl(4, LOOP_CLR_FD) = 0 [pid 6058] close(4) = 0 [pid 6058] open("./file0", O_RDONLY) = 4 [ 80.179505][ T6109] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6058] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6141] <... write resumed>) = 16777216 [pid 6058] open("./file0", O_RDONLY) = 5 [pid 6058] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6058] <... ioctl resumed>) = 0 [ 80.245876][ T6109] BTRFS info (device loop0): force clearing of disk cache [ 80.271485][ T2855] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 6141] munmap(0x7fda9371b000, 138412032 [pid 6058] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6141] <... munmap resumed>) = 0 [pid 6058] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6058] exit_group(0) = ? [pid 6058] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6058, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [pid 5065] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 6141] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6141] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 80.301935][ T6109] BTRFS info (device loop0): setting nodatasum [ 80.340301][ T6109] BTRFS info (device loop0): allowing degraded mounts [pid 6141] ioctl(4, LOOP_SET_FD, 3 [pid 5065] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./9/binderfs" [pid 6141] <... ioctl resumed>) = 0 [pid 6141] close(3 [pid 5065] <... unlink resumed>) = 0 [pid 6141] <... close resumed>) = 0 [pid 5065] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 80.359722][ T6141] loop2: detected capacity change from 0 to 32768 [ 80.366469][ T6109] BTRFS info (device loop0): enabling disk space caching [pid 6141] mkdir("./file0", 0777) = 0 [ 80.409632][ T6109] BTRFS info (device loop0): disk space caching is enabled [ 80.420981][ T6141] BTRFS: device /dev/loop2 using temp-fsid 020dd9f4-5de1-4295-ae7b-b9fd841a0ded [ 80.452760][ T6141] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6141) [pid 6141] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6149] <... write resumed>) = 16777216 [pid 6149] munmap(0x7fda9371b000, 138412032) = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6149] close(3) = 0 [pid 6149] mkdir("./file0", 0777) = 0 [pid 5065] <... umount2 resumed>) = 0 [ 80.581400][ T6149] loop5: detected capacity change from 0 to 32768 [ 80.590356][ T6141] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 80.605318][ T6141] BTRFS info (device loop2): force clearing of disk cache [ 80.621119][ T6141] BTRFS info (device loop2): setting nodatasum [pid 6149] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./9/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./9") = 0 [pid 5065] mkdir("./10", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [ 80.633698][ T6149] BTRFS: device /dev/loop5 using temp-fsid 0eb9101b-e861-4639-a613-f4e2540c7c78 [ 80.640480][ T6141] BTRFS info (device loop2): allowing degraded mounts [ 80.661559][ T6141] BTRFS info (device loop2): enabling disk space caching [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6175 attached [pid 6159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 6175 [pid 6175] set_robust_list(0x555557145760, 24) = 0 [pid 6175] chdir("./10") = 0 [pid 6175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6175] setpgid(0, 0) = 0 [pid 6175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6175] write(3, "1000", 4) = 4 [pid 6175] close(3) = 0 [pid 6175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6175] memfd_create("syzkaller", 0) = 3 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 80.673409][ T6149] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6149) [pid 6158] <... write resumed>) = 16777216 [pid 6158] munmap(0x7fda9371b000, 138412032) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] <... mount resumed>) = 0 [pid 6109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] close(3 [pid 6109] chdir("./file0") = 0 [pid 6109] ioctl(4, LOOP_CLR_FD [pid 6158] <... close resumed>) = 0 [pid 6158] mkdir("./file0", 0777) = 0 [pid 6158] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6109] <... ioctl resumed>) = 0 [pid 6109] close(4) = 0 [pid 6109] open("./file0", O_RDONLY) = 4 [pid 6141] <... mount resumed>) = 0 [pid 6109] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6141] chdir("./file0") = 0 [pid 6141] ioctl(4, LOOP_CLR_FD) = 0 [pid 6141] close(4) = 0 [pid 6141] open("./file0", O_RDONLY) = 4 [pid 6141] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6109] <... ioctl resumed>) = 0 [ 80.880319][ T6158] loop4: detected capacity change from 0 to 32768 [ 80.899166][ T6158] BTRFS: device /dev/loop4 using temp-fsid 00232ab8-3b32-4761-babf-8efe0d21b0b9 [pid 6109] open("./file0", O_RDONLY) = 5 [pid 6141] <... ioctl resumed>) = 0 [pid 6109] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6141] open("./file0", O_RDONLY) = 5 [pid 6141] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6109] <... ioctl resumed>) = 0 [pid 6141] <... ioctl resumed>) = 0 [pid 6109] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6109] exit_group(0) = ? [pid 6141] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6141] exit_group(0 [pid 6109] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6109, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- [pid 5064] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6141] <... exit_group resumed>) = ? [pid 5064] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6141] +++ exited with 0 +++ [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 5064] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 80.908244][ T6158] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6158) [pid 5066] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./10/binderfs" [pid 5066] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] <... unlink resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5064] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6159] <... write resumed>) = 16777216 [pid 5066] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./10/binderfs", [pid 6159] munmap(0x7fda9371b000, 138412032 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./10/binderfs") = 0 [pid 5066] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6159] <... munmap resumed>) = 0 [pid 6159] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6159] close(3) = 0 [pid 6159] mkdir("./file0", 0777) = 0 [ 81.061105][ T6159] loop3: detected capacity change from 0 to 32768 [ 81.125862][ T6159] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6159) [pid 6159] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6149] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 6149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6149] chdir("./file0") = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6149] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] newfstatat(AT_FDCWD, "./10/file0", [pid 6149] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6149] <... close resumed>) = 0 [pid 5064] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6149] open("./file0", O_RDONLY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6149] <... open resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6149] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./10/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 6149] <... ioctl resumed>) = 0 [pid 5064] rmdir("./10") = 0 [pid 5064] mkdir("./11", 0777 [pid 6149] open("./file0", O_RDONLY) = 5 [pid 5064] <... mkdir resumed>) = 0 [pid 6149] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6149] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] <... openat resumed>) = 3 [pid 6149] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 6149] exit_group(0 [pid 5064] <... ioctl resumed>) = 0 [pid 6149] <... exit_group resumed>) = ? [pid 5064] close(3 [pid 6149] +++ exited with 0 +++ [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6149, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 5069] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 6237 ./strace-static-x86_64: Process 6237 attached [pid 6237] set_robust_list(0x555557145760, 24 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6237] <... set_robust_list resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5066] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] getdents64(3, [pid 5066] newfstatat(AT_FDCWD, "./10/file0", [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6237] chdir("./11" [pid 6158] <... mount resumed>) = 0 [pid 5069] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./10/binderfs", [pid 6158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6237] <... chdir resumed>) = 0 [pid 6158] <... openat resumed>) = 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] unlink("./10/binderfs" [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... unlink resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6237] <... prctl resumed>) = 0 [pid 6158] chdir("./file0" [pid 5066] <... openat resumed>) = 4 [pid 6237] setpgid(0, 0 [pid 6158] <... chdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 6237] <... setpgid resumed>) = 0 [pid 6158] ioctl(4, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6158] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, [pid 6237] <... openat resumed>) = 3 [pid 6158] close(4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6237] write(3, "1000", 4 [pid 6158] <... close resumed>) = 0 [pid 6237] <... write resumed>) = 4 [pid 6158] open("./file0", O_RDONLY [pid 5066] getdents64(4, [pid 6237] close(3 [pid 6158] <... open resumed>) = 4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6237] <... close resumed>) = 0 [pid 6158] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] close(4 [pid 6237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] <... close resumed>) = 0 [pid 6237] memfd_create("syzkaller", 0 [pid 5066] rmdir("./10/file0" [pid 6237] <... memfd_create resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 6237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] getdents64(3, [pid 6237] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./10") = 0 [pid 5066] mkdir("./11", 0777 [pid 6158] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 6158] open("./file0", O_RDONLY [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6158] <... open resumed>) = 5 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 6158] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] close(3 [pid 6158] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6158] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 6246 [pid 6158] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 6246 attached [pid 6158] exit_group(0) = ? [pid 6246] set_robust_list(0x555557145760, 24) = 0 [pid 6246] chdir("./11") = 0 [pid 6158] +++ exited with 0 +++ [pid 6246] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6158, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [pid 5068] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6246] <... prctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 6246] setpgid(0, 0 [pid 5068] newfstatat(3, "", [pid 6246] <... setpgid resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] getdents64(3, [pid 6246] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6246] write(3, "1000", 4 [pid 5068] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6246] <... write resumed>) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6246] close(3 [pid 5068] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./10/binderfs") = 0 [pid 5068] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6246] <... close resumed>) = 0 [pid 6246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6246] memfd_create("syzkaller", 0) = 3 [pid 6246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6159] <... mount resumed>) = 0 [pid 6159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6175] <... write resumed>) = 16777216 [pid 6159] <... openat resumed>) = 3 [pid 6159] chdir("./file0") = 0 [pid 6159] ioctl(4, LOOP_CLR_FD) = 0 [pid 6159] close(4) = 0 [pid 6159] open("./file0", O_RDONLY) = 4 [pid 6159] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6159] open("./file0", O_RDONLY) = 5 [pid 6159] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6175] munmap(0x7fda9371b000, 138412032) = 0 [pid 6159] <... ioctl resumed>) = 0 [pid 6159] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6159] exit_group(0) = ? [pid 5069] <... umount2 resumed>) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6159] +++ exited with 0 +++ [pid 5069] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6175] <... openat resumed>) = 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 6175] ioctl(4, LOOP_SET_FD, 3 [pid 5069] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] newfstatat(4, "", [pid 5067] <... openat resumed>) = 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] newfstatat(3, "", [pid 5069] getdents64(4, [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(3, [pid 5069] getdents64(4, [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] close(4) = 0 [pid 5069] rmdir("./10/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./10") = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./10/binderfs" [pid 5069] mkdir("./11", 0777 [pid 5067] <... unlink resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5067] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6175] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 6175] close(3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 6175] <... close resumed>) = 0 [pid 5069] <... ioctl resumed>) = 0 [pid 6175] mkdir("./file0", 0777 [pid 5069] close(3 [pid 6175] <... mkdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 6175] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6249 [ 81.677963][ T6175] loop1: detected capacity change from 0 to 32768 ./strace-static-x86_64: Process 6249 attached [pid 6249] set_robust_list(0x555557145760, 24) = 0 [ 81.727941][ T6175] BTRFS: device /dev/loop1 using temp-fsid ef5ab625-2d2d-4d7f-98c1-8ac96098c8b7 [pid 6249] chdir("./11") = 0 [pid 6249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6249] setpgid(0, 0) = 0 [pid 6249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6249] write(3, "1000", 4) = 4 [pid 6249] close(3) = 0 [pid 6249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6249] memfd_create("syzkaller", 0) = 3 [ 81.779141][ T6175] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6175) [pid 6249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./10/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./10") = 0 [pid 5068] mkdir("./11", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6264 ./strace-static-x86_64: Process 6264 attached [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 82.053661][ T6175] _btrfs_printk: 65 callbacks suppressed [ 82.053674][ T6175] BTRFS info (device loop1): enabling ssd optimizations [pid 5067] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6264] set_robust_list(0x555557145760, 24 [pid 6246] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6246] munmap(0x7fda9371b000, 138412032 [pid 5067] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6264] <... set_robust_list resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", [pid 6264] chdir("./11" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6264] <... chdir resumed>) = 0 [pid 5067] getdents64(4, [pid 6264] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6264] <... prctl resumed>) = 0 [pid 5067] close(4) = 0 [pid 6264] setpgid(0, 0) = 0 [pid 6264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] rmdir("./10/file0" [pid 6264] write(3, "1000", 4 [pid 6246] <... munmap resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 6264] <... write resumed>) = 4 [pid 6264] close(3) = 0 [pid 6264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6246] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] getdents64(3, [pid 6264] memfd_create("syzkaller", 0) = 3 [pid 6246] <... openat resumed>) = 4 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 6246] ioctl(4, LOOP_SET_FD, 3 [pid 5067] close(3) = 0 [pid 6264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 82.108970][ T6175] BTRFS info (device loop1): auto enabling async discard [pid 5067] rmdir("./10" [pid 6264] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./11", 0777 [pid 6246] <... ioctl resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 6246] close(3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6246] <... close resumed>) = 0 [pid 6246] mkdir("./file0", 0777 [pid 5067] <... openat resumed>) = 3 [pid 6246] <... mkdir resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 6246] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... ioctl resumed>) = 0 [ 82.165027][ T6246] loop2: detected capacity change from 0 to 32768 [ 82.173663][ T6175] BTRFS info (device loop1): rebuilding free space tree [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6267 ./strace-static-x86_64: Process 6267 attached [pid 6267] set_robust_list(0x555557145760, 24) = 0 [pid 6267] chdir("./11") = 0 [ 82.210653][ T6246] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6246) [pid 6267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6267] setpgid(0, 0) = 0 [ 82.257821][ T6246] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.288706][ T6246] BTRFS info (device loop2): force clearing of disk cache [ 82.289461][ T6175] BTRFS info (device loop1): disabling free space tree [pid 6267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6267] write(3, "1000", 4) = 4 [ 82.318861][ T6246] BTRFS info (device loop2): setting nodatasum [ 82.325029][ T6246] BTRFS info (device loop2): allowing degraded mounts [pid 6267] close(3) = 0 [pid 6267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6267] memfd_create("syzkaller", 0) = 3 [ 82.362889][ T6175] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 82.378994][ T6246] BTRFS info (device loop2): enabling disk space caching [pid 6267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 82.403675][ T6246] BTRFS info (device loop2): disk space caching is enabled [ 82.420432][ T6175] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 82.491283][ T6175] BTRFS info (device loop1): checking UUID tree [pid 6249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6237] <... write resumed>) = 16777216 [pid 6175] <... mount resumed>) = 0 [pid 6175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6175] chdir("./file0") = 0 [pid 6175] ioctl(4, LOOP_CLR_FD) = 0 [pid 6175] close(4) = 0 [pid 6175] open("./file0", O_RDONLY) = 4 [pid 6175] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6237] munmap(0x7fda9371b000, 138412032 [pid 6175] <... ioctl resumed>) = 0 [pid 6237] <... munmap resumed>) = 0 [pid 6175] open("./file0", O_RDONLY [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6175] <... open resumed>) = 5 [pid 6237] <... openat resumed>) = 4 [pid 6264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6237] ioctl(4, LOOP_SET_FD, 3 [pid 6175] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6175] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6175] exit_group(0) = ? [ 82.642509][ T2855] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 82.655303][ T6237] loop0: detected capacity change from 0 to 32768 [pid 6237] <... ioctl resumed>) = 0 [pid 6237] close(3) = 0 [pid 6237] mkdir("./file0", 0777 [pid 6175] +++ exited with 0 +++ [pid 6237] <... mkdir resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6175, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 6237] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 82.757096][ T6237] BTRFS: device /dev/loop0 using temp-fsid 4a689b24-29ba-4b79-a82c-1bb985acc807 [ 82.778195][ T6246] BTRFS info (device loop2): enabling ssd optimizations [ 82.785535][ T6246] BTRFS info (device loop2): auto enabling async discard [ 82.794509][ T6246] BTRFS info (device loop2): rebuilding free space tree [pid 5065] unlink("./10/binderfs") = 0 [ 82.813113][ T6246] BTRFS info (device loop2): disabling free space tree [ 82.822839][ T6237] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6237) [ 82.836996][ T6246] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5065] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6264] <... write resumed>) = 16777216 [pid 6264] munmap(0x7fda9371b000, 138412032) = 0 [ 82.874999][ T6237] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.895082][ T6246] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 82.913168][ T6237] BTRFS info (device loop0): force clearing of disk cache [pid 6264] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = 0 [ 82.935606][ T6237] BTRFS info (device loop0): setting nodatasum [ 82.948489][ T6237] BTRFS info (device loop0): allowing degraded mounts [ 82.959085][ T6264] loop4: detected capacity change from 0 to 32768 [ 82.966301][ T6237] BTRFS info (device loop0): enabling disk space caching [ 82.974057][ T6246] BTRFS info (device loop2): checking UUID tree [pid 6264] close(3 [pid 5065] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6264] <... close resumed>) = 0 [pid 6264] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./10/file0", [pid 6264] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6264] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6246] <... mount resumed>) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./10/file0") = 0 [pid 6246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6246] chdir("./file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 6246] ioctl(4, LOOP_CLR_FD) = 0 [pid 6246] close(4) = 0 [pid 6246] open("./file0", O_RDONLY [pid 5065] rmdir("./10") = 0 [pid 6246] <... open resumed>) = 4 [pid 5065] mkdir("./11", 0777 [pid 6246] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... mkdir resumed>) = 0 [ 82.999833][ T6237] BTRFS info (device loop0): disk space caching is enabled [ 83.023121][ T6264] BTRFS: device /dev/loop4 using temp-fsid 39b367e2-34c4-47ee-b008-417b767d7ed9 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6246] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6299 attached [pid 6299] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 6299 [pid 6299] <... set_robust_list resumed>) = 0 [pid 6246] open("./file0", O_RDONLY [pid 6299] chdir("./11" [pid 6246] <... open resumed>) = 5 [pid 6299] <... chdir resumed>) = 0 [ 83.091005][ T6264] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6264) [pid 6299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6246] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6299] setpgid(0, 0) = 0 [pid 6299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6246] <... ioctl resumed>) = 0 [pid 6299] <... openat resumed>) = 3 [pid 6299] write(3, "1000", 4) = 4 [pid 6299] close(3) = 0 [pid 6299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6299] memfd_create("syzkaller", 0) = 3 [pid 6299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6246] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6246] exit_group(0) = ? [pid 6246] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6246, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5066] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 83.153289][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./11/binderfs") = 0 [pid 5066] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6249] <... write resumed>) = 16777216 [pid 6249] munmap(0x7fda9371b000, 138412032) = 0 [ 83.201911][ T6264] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.241553][ T6237] BTRFS info (device loop0): enabling ssd optimizations [pid 6249] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6249] close(3) = 0 [ 83.279966][ T6264] BTRFS info (device loop4): force clearing of disk cache [ 83.287885][ T6237] BTRFS info (device loop0): auto enabling async discard [ 83.295729][ T6249] loop5: detected capacity change from 0 to 32768 [ 83.318987][ T6264] BTRFS info (device loop4): setting nodatasum [pid 6249] mkdir("./file0", 0777) = 0 [pid 6299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 83.333089][ T6237] BTRFS info (device loop0): rebuilding free space tree [ 83.344673][ T6264] BTRFS info (device loop4): allowing degraded mounts [ 83.360323][ T6249] BTRFS: device /dev/loop5 using temp-fsid f3c78dce-66f3-4e09-bd2e-25010314d717 [ 83.382978][ T6264] BTRFS info (device loop4): enabling disk space caching [ 83.390859][ T6249] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6249) [ 83.408822][ T6264] BTRFS info (device loop4): disk space caching is enabled [ 83.420598][ T6237] BTRFS info (device loop0): disabling free space tree [pid 6249] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6267] <... write resumed>) = 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6267] munmap(0x7fda9371b000, 138412032 [pid 5066] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6267] <... munmap resumed>) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./11/file0") = 0 [ 83.448850][ T6237] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 83.458492][ T6237] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.482466][ T6249] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./11") = 0 [pid 5066] mkdir("./12", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6313 ./strace-static-x86_64: Process 6313 attached [pid 6313] set_robust_list(0x555557145760, 24 [pid 6267] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6313] <... set_robust_list resumed>) = 0 [pid 6267] <... openat resumed>) = 4 [pid 6313] chdir("./12" [ 83.524989][ T6249] BTRFS info (device loop5): force clearing of disk cache [ 83.534883][ T6237] BTRFS info (device loop0): checking UUID tree [ 83.562434][ T6267] loop3: detected capacity change from 0 to 32768 [pid 6267] ioctl(4, LOOP_SET_FD, 3 [pid 6313] <... chdir resumed>) = 0 [pid 6313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6313] setpgid(0, 0) = 0 [pid 6313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6313] write(3, "1000", 4) = 4 [pid 6313] close(3) = 0 [pid 6313] symlink("/dev/binderfs", "./binderfs" [pid 6267] <... ioctl resumed>) = 0 [pid 6313] <... symlink resumed>) = 0 [pid 6267] close(3 [pid 6313] memfd_create("syzkaller", 0 [pid 6267] <... close resumed>) = 0 [pid 6237] <... mount resumed>) = 0 [pid 6313] <... memfd_create resumed>) = 3 [pid 6267] mkdir("./file0", 0777 [pid 6313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6313] <... mmap resumed>) = 0x7fda9371b000 [pid 6267] <... mkdir resumed>) = 0 [pid 6237] <... openat resumed>) = 3 [ 83.571538][ T6249] BTRFS info (device loop5): setting nodatasum [ 83.577717][ T6249] BTRFS info (device loop5): allowing degraded mounts [ 83.613479][ T6264] BTRFS info (device loop4): enabling ssd optimizations [pid 6267] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6237] chdir("./file0") = 0 [pid 6237] ioctl(4, LOOP_CLR_FD) = 0 [pid 6237] close(4) = 0 [pid 6237] open("./file0", O_RDONLY) = 4 [ 83.628834][ T6249] BTRFS info (device loop5): enabling disk space caching [ 83.634310][ T6264] BTRFS info (device loop4): auto enabling async discard [ 83.636823][ T6267] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6267) [ 83.656575][ T6249] BTRFS info (device loop5): disk space caching is enabled [pid 6237] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6237] open("./file0", O_RDONLY) = 5 [ 83.684078][ T6264] BTRFS info (device loop4): rebuilding free space tree [ 83.721332][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 6237] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6237] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6237] exit_group(0) = ? [pid 6237] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 5064] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 83.740520][ T6267] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.779669][ T6264] BTRFS info (device loop4): disabling free space tree [pid 6313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./11/binderfs") = 0 [ 83.786578][ T6264] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 83.813581][ T6267] BTRFS info (device loop3): force clearing of disk cache [ 83.849016][ T6264] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.880693][ T6267] BTRFS info (device loop3): setting nodatasum [pid 5064] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6264] <... mount resumed>) = 0 [pid 6264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6264] chdir("./file0") = 0 [pid 6264] ioctl(4, LOOP_CLR_FD) = 0 [pid 6264] close(4) = 0 [pid 6264] open("./file0", O_RDONLY) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 6264] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 83.899872][ T6264] BTRFS info (device loop4): checking UUID tree [ 83.918867][ T6267] BTRFS info (device loop3): allowing degraded mounts [ 83.927555][ T6267] BTRFS info (device loop3): enabling disk space caching [ 83.935279][ T6267] BTRFS info (device loop3): disk space caching is enabled [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6264] <... ioctl resumed>) = 0 [pid 6264] open("./file0", O_RDONLY [pid 5064] getdents64(4, [pid 6264] <... open resumed>) = 5 [pid 6264] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6264] <... ioctl resumed>) = 0 [pid 5064] close(4 [pid 6264] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./11/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./11") = 0 [pid 5064] mkdir("./12", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6299] <... write resumed>) = 16777216 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6347 attached [pid 6264] exit_group(0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 6347 [pid 6347] set_robust_list(0x555557145760, 24 [pid 6299] munmap(0x7fda9371b000, 138412032 [pid 6264] <... exit_group resumed>) = ? [pid 6347] <... set_robust_list resumed>) = 0 [pid 6299] <... munmap resumed>) = 0 [pid 6264] +++ exited with 0 +++ [pid 6347] chdir("./12") = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6264, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [ 83.979952][ T6249] BTRFS info (device loop5): enabling ssd optimizations [ 83.986901][ T6249] BTRFS info (device loop5): auto enabling async discard [ 84.000503][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 6347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6347] setpgid(0, 0) = 0 [pid 6347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6299] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5068] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6347] <... openat resumed>) = 3 [pid 6347] write(3, "1000", 4 [pid 6299] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6347] <... write resumed>) = 4 [pid 6347] close(3) = 0 [pid 6347] symlink("/dev/binderfs", "./binderfs" [pid 6313] <... write resumed>) = 16777216 [pid 5068] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6347] <... symlink resumed>) = 0 [pid 6313] munmap(0x7fda9371b000, 138412032 [pid 6347] memfd_create("syzkaller", 0 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 84.071970][ T6249] BTRFS info (device loop5): rebuilding free space tree [ 84.087355][ T6299] loop1: detected capacity change from 0 to 32768 [pid 5068] getdents64(3, [pid 6347] <... memfd_create resumed>) = 3 [pid 6313] <... munmap resumed>) = 0 [pid 6299] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6299] close(3 [pid 6347] <... mmap resumed>) = 0x7fda9371b000 [pid 6299] <... close resumed>) = 0 [pid 5068] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./11/binderfs") = 0 [pid 5068] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6299] mkdir("./file0", 0777 [pid 6313] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6299] <... mkdir resumed>) = 0 [pid 6299] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6313] <... openat resumed>) = 4 [ 84.130068][ T6249] BTRFS info (device loop5): disabling free space tree [ 84.153362][ T6299] BTRFS: device /dev/loop1 using temp-fsid 664efcbb-37c7-4948-a6f6-3c23a90698fb [ 84.167413][ T6267] BTRFS info (device loop3): enabling ssd optimizations [pid 6313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6313] close(3) = 0 [pid 6313] mkdir("./file0", 0777) = 0 [ 84.175071][ T6313] loop2: detected capacity change from 0 to 32768 [ 84.186716][ T6249] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.195086][ T6267] BTRFS info (device loop3): auto enabling async discard [ 84.196449][ T6249] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.199667][ T6299] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6299) [pid 6313] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6249] <... mount resumed>) = 0 [pid 6249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6249] chdir("./file0") = 0 [pid 6249] ioctl(4, LOOP_CLR_FD) = 0 [ 84.240148][ T6249] BTRFS info (device loop5): checking UUID tree [ 84.249877][ T6267] BTRFS info (device loop3): rebuilding free space tree [ 84.278876][ T6267] BTRFS info (device loop3): disabling free space tree [pid 6249] close(4) = 0 [ 84.285870][ T6267] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.304873][ T6299] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.329175][ T6267] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6249] open("./file0", O_RDONLY) = 4 [pid 6249] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 84.343210][ T6313] BTRFS: device /dev/loop2 using temp-fsid aceb4ccf-0050-4b3d-9488-c59d844df85e [ 84.352442][ T6313] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6313) [ 84.365463][ T6299] BTRFS info (device loop1): force clearing of disk cache [ 84.372658][ T6299] BTRFS info (device loop1): setting nodatasum [ 84.378854][ T6299] BTRFS info (device loop1): allowing degraded mounts [ 84.385653][ T6299] BTRFS info (device loop1): enabling disk space caching [pid 6249] open("./file0", O_RDONLY) = 5 [pid 6249] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6249] <... ioctl resumed>) = 0 [ 84.394149][ T6299] BTRFS info (device loop1): disk space caching is enabled [ 84.400074][ T6313] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.425207][ T2855] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 84.425656][ T6267] BTRFS info (device loop3): checking UUID tree [pid 5068] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6249] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6249] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6249] exit_group(0 [pid 5068] <... openat resumed>) = 4 [pid 6249] <... exit_group resumed>) = ? [pid 5068] newfstatat(4, "", [pid 6249] +++ exited with 0 +++ [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6249, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6267] <... mount resumed>) = 0 [pid 5068] getdents64(4, [pid 6267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6267] <... openat resumed>) = 3 [pid 5068] close(4) = 0 [ 84.457278][ T6313] BTRFS info (device loop2): force clearing of disk cache [pid 6267] chdir("./file0" [pid 5068] rmdir("./11/file0" [pid 6267] <... chdir resumed>) = 0 [pid 6267] ioctl(4, LOOP_CLR_FD [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5069] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(3 [pid 5069] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... close resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5068] rmdir("./11" [pid 5069] newfstatat(3, "", [pid 5068] <... rmdir resumed>) = 0 [pid 6267] <... ioctl resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] mkdir("./12", 0777 [pid 6267] close(4 [pid 5069] getdents64(3, [pid 5068] <... mkdir resumed>) = 0 [pid 6267] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6267] open("./file0", O_RDONLY [pid 5069] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 3 [pid 6267] <... open resumed>) = 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] ioctl(3, LOOP_CLR_FD [pid 6267] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5068] <... ioctl resumed>) = 0 [ 84.500472][ T6313] BTRFS info (device loop2): setting nodatasum [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] close(3) = 0 [pid 5069] unlink("./11/binderfs") = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6371 attached [pid 6371] set_robust_list(0x555557145760, 24) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 6371 [pid 6371] chdir("./12" [pid 6347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6371] <... chdir resumed>) = 0 [pid 6371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 84.545651][ T6313] BTRFS info (device loop2): allowing degraded mounts [ 84.569234][ T6313] BTRFS info (device loop2): enabling disk space caching [ 84.588917][ T6313] BTRFS info (device loop2): disk space caching is enabled [pid 6371] setpgid(0, 0 [pid 6267] <... ioctl resumed>) = 0 [pid 6371] <... setpgid resumed>) = 0 [pid 6267] open("./file0", O_RDONLY [pid 6371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6267] <... open resumed>) = 5 [pid 6267] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6371] <... openat resumed>) = 3 [pid 6371] write(3, "1000", 4) = 4 [pid 6371] close(3) = 0 [pid 6371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6267] <... ioctl resumed>) = 0 [pid 6371] memfd_create("syzkaller", 0) = 3 [pid 6267] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6267] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6267] exit_group(0) = ? [pid 6267] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6267, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- [pid 5067] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.648909][ T6299] BTRFS info (device loop1): enabling ssd optimizations [ 84.658916][ T6299] BTRFS info (device loop1): auto enabling async discard [ 84.680787][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./11/binderfs") = 0 [ 84.693814][ T6299] BTRFS info (device loop1): rebuilding free space tree [ 84.781236][ T6299] BTRFS info (device loop1): disabling free space tree [ 84.818895][ T6299] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.828545][ T6299] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.850559][ T6313] BTRFS info (device loop2): enabling ssd optimizations [ 84.862840][ T6299] BTRFS info (device loop1): checking UUID tree [ 84.879712][ T6313] BTRFS info (device loop2): auto enabling async discard [pid 5067] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6299] <... mount resumed>) = 0 [pid 6299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6299] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./11/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./11" [pid 6299] chdir("./file0") = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 6299] ioctl(4, LOOP_CLR_FD) = 0 [ 84.904395][ T6313] BTRFS info (device loop2): rebuilding free space tree [pid 5067] mkdir("./12", 0777 [pid 6299] close(4 [pid 5067] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6299] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 6299] open("./file0", O_RDONLY [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3 [pid 6299] <... open resumed>) = 4 [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6299] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 6391 ./strace-static-x86_64: Process 6391 attached [pid 6391] set_robust_list(0x555557145760, 24) = 0 [pid 6391] chdir("./12") = 0 [pid 6391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6391] setpgid(0, 0) = 0 [pid 6391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6391] write(3, "1000", 4) = 4 [pid 6391] close(3) = 0 [pid 6391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6391] memfd_create("syzkaller", 0) = 3 [pid 6313] <... mount resumed>) = 0 [pid 6299] <... ioctl resumed>) = 0 [pid 6313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6299] open("./file0", O_RDONLY) = 5 [pid 6299] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6313] <... openat resumed>) = 3 [pid 6299] <... ioctl resumed>) = 0 [pid 6299] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6313] chdir("./file0" [pid 6299] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6391] <... mmap resumed>) = 0x7fda9371b000 [pid 6313] <... chdir resumed>) = 0 [pid 6299] exit_group(0 [pid 6313] ioctl(4, LOOP_CLR_FD [pid 6299] <... exit_group resumed>) = ? [pid 6313] <... ioctl resumed>) = 0 [pid 6371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6313] close(4 [pid 6299] +++ exited with 0 +++ [pid 6313] <... close resumed>) = 0 [pid 6313] open("./file0", O_RDONLY [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6299, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6313] <... open resumed>) = 4 [pid 6313] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6313] <... ioctl resumed>) = 0 [pid 5069] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 6313] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6313] <... open resumed>) = 5 [pid 5069] newfstatat(AT_FDCWD, "./11/file0", [pid 5065] newfstatat(AT_FDCWD, "./11/binderfs", [pid 6313] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./11/binderfs" [pid 5069] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 6313] <... ioctl resumed>) = 0 [pid 5065] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6313] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6313] exit_group(0 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", [pid 6313] <... exit_group resumed>) = ? [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6313] +++ exited with 0 +++ [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6313, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] close(4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] rmdir("./11/file0" [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 6347] <... write resumed>) = 16777216 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6347] munmap(0x7fda9371b000, 138412032 [pid 5069] getdents64(3, [pid 5066] getdents64(3, [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] close(3 [pid 5066] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5069] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6347] <... munmap resumed>) = 0 [pid 5069] rmdir("./11" [pid 5066] unlink("./12/binderfs" [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5069] mkdir("./12", 0777 [pid 5066] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6347] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] <... mkdir resumed>) = 0 [pid 6347] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6347] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6347] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 6347] close(3) = 0 [pid 5069] <... close resumed>) = 0 [pid 6347] mkdir("./file0", 0777 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6347] <... mkdir resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 6395 ./strace-static-x86_64: Process 6395 attached [pid 6347] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6395] set_robust_list(0x555557145760, 24) = 0 [ 85.263579][ T6347] loop0: detected capacity change from 0 to 32768 [pid 6395] chdir("./12") = 0 [pid 6395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 6395] setpgid(0, 0 [pid 5065] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./11/file0", [pid 6395] <... setpgid resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6395] <... openat resumed>) = 3 [pid 6395] write(3, "1000", 4 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6395] <... write resumed>) = 4 [pid 5066] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 6395] close(3) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./12/file0", [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./11/file0" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 6395] symlink("/dev/binderfs", "./binderfs" [pid 5066] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [ 85.331812][ T6347] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6347) [pid 5065] rmdir("./11" [pid 6395] <... symlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6395] memfd_create("syzkaller", 0 [pid 5066] <... openat resumed>) = 4 [pid 5065] mkdir("./12", 0777 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5066] getdents64(4, [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6395] <... memfd_create resumed>) = 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] getdents64(4, [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 6400 ./strace-static-x86_64: Process 6400 attached [pid 6395] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6400] set_robust_list(0x555557145760, 24 [pid 5066] close(4) = 0 [pid 6400] <... set_robust_list resumed>) = 0 [pid 5066] rmdir("./12/file0" [pid 6400] chdir("./12") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 6400] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 6400] <... prctl resumed>) = 0 [pid 5066] close(3 [pid 6400] setpgid(0, 0 [pid 5066] <... close resumed>) = 0 [pid 6400] <... setpgid resumed>) = 0 [pid 5066] rmdir("./12" [pid 6400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... rmdir resumed>) = 0 [pid 6400] <... openat resumed>) = 3 [pid 6400] write(3, "1000", 4 [pid 5066] mkdir("./13", 0777 [pid 6400] <... write resumed>) = 4 [pid 5066] <... mkdir resumed>) = 0 [pid 6400] close(3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6400] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 6400] symlink("/dev/binderfs", "./binderfs" [pid 5066] ioctl(3, LOOP_CLR_FD [pid 6400] <... symlink resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 6400] memfd_create("syzkaller", 0) = 3 [pid 5066] close(3 [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 6400] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6412 attached [pid 6412] set_robust_list(0x555557145760, 24) = 0 [pid 6412] chdir("./13" [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 6412 [pid 6412] <... chdir resumed>) = 0 [pid 6412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6412] setpgid(0, 0) = 0 [pid 6412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6412] write(3, "1000", 4) = 4 [pid 6412] close(3) = 0 [pid 6412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6412] memfd_create("syzkaller", 0 [pid 6391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6412] <... memfd_create resumed>) = 3 [pid 6412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6347] <... mount resumed>) = 0 [pid 6347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6347] chdir("./file0") = 0 [pid 6347] ioctl(4, LOOP_CLR_FD) = 0 [pid 6347] close(4) = 0 [pid 6347] open("./file0", O_RDONLY) = 4 [pid 6347] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6347] open("./file0", O_RDONLY) = 5 [pid 6347] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6347] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6347] exit_group(0) = ? [pid 6347] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6347, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 5064] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6371] <... write resumed>) = 16777216 [pid 5064] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./12/binderfs") = 0 [pid 5064] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6371] munmap(0x7fda9371b000, 138412032) = 0 [pid 6371] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6371] close(3) = 0 [ 85.847248][ T6371] loop4: detected capacity change from 0 to 32768 [pid 6371] mkdir("./file0", 0777) = 0 [pid 6371] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [ 85.921483][ T6371] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6371) [pid 5064] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 6412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] rmdir("./12/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./12") = 0 [pid 5064] mkdir("./13", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x555557145760, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 6429 [pid 6429] <... set_robust_list resumed>) = 0 [pid 6429] chdir("./13") = 0 [pid 6429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6429] setpgid(0, 0) = 0 [pid 6400] <... write resumed>) = 16777216 [pid 6429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6400] munmap(0x7fda9371b000, 138412032 [pid 6429] <... openat resumed>) = 3 [pid 6429] write(3, "1000", 4) = 4 [pid 6429] close(3) = 0 [pid 6429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6400] <... munmap resumed>) = 0 [pid 6400] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6429] memfd_create("syzkaller", 0 [pid 6400] <... openat resumed>) = 4 [pid 6429] <... memfd_create resumed>) = 3 [pid 6400] ioctl(4, LOOP_SET_FD, 3 [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6400] <... ioctl resumed>) = 0 [pid 6400] close(3) = 0 [pid 6371] <... mount resumed>) = 0 [pid 6400] mkdir("./file0", 0777 [pid 6371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] <... mkdir resumed>) = 0 [pid 6371] chdir("./file0") = 0 [pid 6400] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6371] ioctl(4, LOOP_CLR_FD) = 0 [pid 6371] close(4) = 0 [pid 6371] open("./file0", O_RDONLY) = 4 [pid 6371] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6371] open("./file0", O_RDONLY) = 5 [ 86.171919][ T6400] loop1: detected capacity change from 0 to 32768 [ 86.185394][ T6400] BTRFS: device /dev/loop1 using temp-fsid fb1fe2ee-21c3-4789-bf1c-174a43241cb7 [ 86.201020][ T6400] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6400) [pid 6371] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6371] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6371] exit_group(0) = ? [pid 6371] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6371, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=22 /* 0.22 s */} --- [pid 5068] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6391] <... write resumed>) = 16777216 [pid 5068] unlink("./12/binderfs" [pid 6391] munmap(0x7fda9371b000, 138412032 [pid 5068] <... unlink resumed>) = 0 [pid 5068] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6391] <... munmap resumed>) = 0 [pid 6391] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6391] ioctl(4, LOOP_SET_FD, 3) = 0 [ 86.389713][ T6391] loop3: detected capacity change from 0 to 32768 [pid 6391] close(3) = 0 [pid 6391] mkdir("./file0", 0777) = 0 [pid 6391] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6395] <... write resumed>) = 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 6395] munmap(0x7fda9371b000, 138412032 [pid 5068] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./12/file0", [pid 6412] <... write resumed>) = 16777216 [pid 6395] <... munmap resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6395] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5068] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6395] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 86.463416][ T6391] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6391) [pid 5068] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 6395] <... ioctl resumed>) = 0 [pid 6395] close(3 [pid 5068] rmdir("./12/file0" [pid 6395] <... close resumed>) = 0 [pid 6395] mkdir("./file0", 0777 [pid 5068] <... rmdir resumed>) = 0 [pid 6412] munmap(0x7fda9371b000, 138412032 [pid 6395] <... mkdir resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 6395] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] rmdir("./12") = 0 [pid 5068] mkdir("./13", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6448 ./strace-static-x86_64: Process 6448 attached [pid 6448] set_robust_list(0x555557145760, 24) = 0 [pid 6448] chdir("./13" [pid 6412] <... munmap resumed>) = 0 [pid 6448] <... chdir resumed>) = 0 [pid 6448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6448] setpgid(0, 0) = 0 [ 86.510847][ T6395] loop5: detected capacity change from 0 to 32768 [ 86.550479][ T6395] BTRFS: device /dev/loop5 using temp-fsid a0ed972c-c00c-469c-bb78-c2e3ee928208 [pid 6448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6412] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6412] ioctl(4, LOOP_SET_FD, 3 [pid 6448] write(3, "1000", 4) = 4 [pid 6448] close(3) = 0 [pid 6448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6448] memfd_create("syzkaller", 0) = 3 [pid 6448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6400] <... mount resumed>) = 0 [pid 6400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] chdir("./file0" [pid 6412] <... ioctl resumed>) = 0 [pid 6412] close(3 [pid 6400] <... chdir resumed>) = 0 [pid 6412] <... close resumed>) = 0 [pid 6400] ioctl(4, LOOP_CLR_FD [pid 6412] mkdir("./file0", 0777 [pid 6400] <... ioctl resumed>) = 0 [pid 6400] close(4 [pid 6412] <... mkdir resumed>) = 0 [pid 6400] <... close resumed>) = 0 [pid 6412] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6400] open("./file0", O_RDONLY) = 4 [pid 6400] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 86.575666][ T6395] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6395) [ 86.591884][ T6412] loop2: detected capacity change from 0 to 32768 [pid 6400] open("./file0", O_RDONLY) = 5 [pid 6400] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6400] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6400] exit_group(0) = ? [pid 6400] +++ exited with 0 +++ [pid 6429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6400, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [ 86.648405][ T6412] BTRFS: device /dev/loop2 using temp-fsid dbd5ce1e-f1da-4ad7-ad45-984ec2961bab [pid 5065] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./12/binderfs") = 0 [ 86.686392][ T6412] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6412) [pid 5065] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6395] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./12/file0", [pid 6395] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6395] chdir("./file0") = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6395] ioctl(4, LOOP_CLR_FD [pid 5065] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6395] <... ioctl resumed>) = 0 [pid 6395] close(4 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6395] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 6395] open("./file0", O_RDONLY [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 6395] <... open resumed>) = 4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./12/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./12") = 0 [pid 5065] mkdir("./13", 0777) = 0 [pid 6395] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6395] <... ioctl resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 6395] open("./file0", O_RDONLY [pid 5065] <... ioctl resumed>) = 0 [pid 6395] <... open resumed>) = 5 [pid 5065] close(3 [pid 6395] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... close resumed>) = 0 [pid 6395] <... ioctl resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6395] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}./strace-static-x86_64: Process 6498 attached [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 6498 [pid 6395] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6395] exit_group(0 [pid 6498] set_robust_list(0x555557145760, 24) = 0 [pid 6395] <... exit_group resumed>) = ? [pid 6395] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6395, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [pid 6498] chdir("./13" [pid 5069] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6498] <... chdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6498] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6498] <... prctl resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 6498] setpgid(0, 0 [pid 5069] newfstatat(3, "", [pid 6498] <... setpgid resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] getdents64(3, [pid 6498] <... openat resumed>) = 3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6498] write(3, "1000", 4 [pid 5069] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6498] <... write resumed>) = 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6498] close(3 [pid 5069] newfstatat(AT_FDCWD, "./12/binderfs", [pid 6498] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6498] symlink("/dev/binderfs", "./binderfs" [pid 5069] unlink("./12/binderfs" [pid 6498] <... symlink resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 6498] memfd_create("syzkaller", 0 [pid 5069] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6498] <... memfd_create resumed>) = 3 [pid 6498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6391] <... mount resumed>) = 0 [pid 6391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6391] chdir("./file0") = 0 [pid 6391] ioctl(4, LOOP_CLR_FD) = 0 [pid 6391] close(4) = 0 [pid 6391] open("./file0", O_RDONLY) = 4 [pid 6391] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6412] <... mount resumed>) = 0 [pid 6412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6412] chdir("./file0") = 0 [pid 6412] ioctl(4, LOOP_CLR_FD) = 0 [pid 6412] close(4) = 0 [pid 6412] open("./file0", O_RDONLY) = 4 [pid 6412] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6391] <... ioctl resumed>) = 0 [pid 6391] open("./file0", O_RDONLY) = 5 [pid 6391] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6429] <... write resumed>) = 16777216 [pid 6429] munmap(0x7fda9371b000, 138412032) = 0 [pid 6412] <... ioctl resumed>) = 0 [pid 6412] open("./file0", O_RDONLY) = 5 [pid 6429] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6391] <... ioctl resumed>) = 0 [pid 6391] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6412] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6391] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6429] <... openat resumed>) = 4 [pid 6412] <... ioctl resumed>) = 0 [pid 6391] exit_group(0 [pid 6429] ioctl(4, LOOP_SET_FD, 3 [pid 6412] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6391] <... exit_group resumed>) = ? [pid 6412] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6391] +++ exited with 0 +++ [pid 6412] exit_group(0) = ? [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6391, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [pid 6412] +++ exited with 0 +++ [pid 5067] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6412, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=23 /* 0.23 s */} --- [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5066] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(3, "", [pid 5067] unlink("./12/binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5066] getdents64(3, [pid 5067] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./13/binderfs") = 0 [pid 6429] <... ioctl resumed>) = 0 [pid 6429] close(3) = 0 [ 87.126642][ T6429] loop0: detected capacity change from 0 to 32768 [ 87.156858][ T42] _btrfs_printk: 88 callbacks suppressed [ 87.156869][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 6429] mkdir("./file0", 0777) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5066] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6429] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 87.205955][ T2855] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 87.219380][ T6429] BTRFS: device /dev/loop0 using temp-fsid 95b83d11-a906-4849-9f0f-74195ee657b6 [ 87.230035][ T6429] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6429) [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./12/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./12") = 0 [pid 5069] mkdir("./13", 0777 [pid 5067] <... umount2 resumed>) = 0 [ 87.300348][ T6429] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.336482][ T6429] BTRFS info (device loop0): force clearing of disk cache [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./12/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./12") = 0 [ 87.372740][ T6429] BTRFS info (device loop0): setting nodatasum [pid 5067] mkdir("./13", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3 [pid 5069] close(3 [pid 5067] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 6503 ./strace-static-x86_64: Process 6503 attached [pid 6503] set_robust_list(0x555557145760, 24) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 6504 ./strace-static-x86_64: Process 6504 attached [pid 6503] chdir("./13" [pid 6448] <... write resumed>) = 16777216 [pid 6504] set_robust_list(0x555557145760, 24 [pid 6503] <... chdir resumed>) = 0 [pid 6504] <... set_robust_list resumed>) = 0 [pid 6503] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6504] chdir("./13" [pid 6503] <... prctl resumed>) = 0 [pid 6504] <... chdir resumed>) = 0 [pid 6503] setpgid(0, 0 [pid 6504] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6503] <... setpgid resumed>) = 0 [pid 6448] munmap(0x7fda9371b000, 138412032 [pid 6504] <... prctl resumed>) = 0 [pid 6503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6448] <... munmap resumed>) = 0 [pid 6504] setpgid(0, 0) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 6504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6503] <... openat resumed>) = 3 [pid 6503] write(3, "1000", 4 [pid 6504] <... openat resumed>) = 3 [pid 6503] <... write resumed>) = 4 [pid 6498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6504] write(3, "1000", 4) = 4 [pid 6503] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6504] close(3 [pid 5066] newfstatat(AT_FDCWD, "./13/file0", [pid 6504] <... close resumed>) = 0 [pid 6503] <... close resumed>) = 0 [pid 6503] symlink("/dev/binderfs", "./binderfs" [pid 6504] symlink("/dev/binderfs", "./binderfs" [pid 6503] <... symlink resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6503] memfd_create("syzkaller", 0 [pid 6504] <... symlink resumed>) = 0 [pid 6503] <... memfd_create resumed>) = 3 [pid 6448] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6504] memfd_create("syzkaller", 0 [pid 6503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6448] <... openat resumed>) = 4 [pid 6503] <... mmap resumed>) = 0x7fda9371b000 [ 87.416413][ T6429] BTRFS info (device loop0): allowing degraded mounts [ 87.453203][ T6429] BTRFS info (device loop0): enabling disk space caching [pid 6448] ioctl(4, LOOP_SET_FD, 3 [pid 6504] <... memfd_create resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 6504] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 6448] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6448] close(3) = 0 [pid 6448] mkdir("./file0", 0777) = 0 [ 87.479191][ T6448] loop4: detected capacity change from 0 to 32768 [ 87.498842][ T6429] BTRFS info (device loop0): disk space caching is enabled [pid 6448] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./13/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./13") = 0 [pid 5066] mkdir("./14", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [ 87.524105][ T6448] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6448) [pid 5066] close(3) = 0 [ 87.578356][ T6448] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6508 attached , child_tidptr=0x555557145750) = 6508 [pid 6508] set_robust_list(0x555557145760, 24) = 0 [pid 6508] chdir("./14") = 0 [pid 6508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6508] setpgid(0, 0) = 0 [pid 6508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6508] write(3, "1000", 4) = 4 [pid 6508] close(3) = 0 [pid 6508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6508] memfd_create("syzkaller", 0) = 3 [pid 6508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 87.682513][ T6448] BTRFS info (device loop4): force clearing of disk cache [ 87.743421][ T6448] BTRFS info (device loop4): setting nodatasum [pid 6504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 87.798902][ T6448] BTRFS info (device loop4): allowing degraded mounts [pid 6503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6498] <... write resumed>) = 16777216 [ 87.848850][ T6448] BTRFS info (device loop4): enabling disk space caching [ 87.855889][ T6448] BTRFS info (device loop4): disk space caching is enabled [ 87.882437][ T6429] BTRFS info (device loop0): enabling ssd optimizations [ 87.889828][ T6429] BTRFS info (device loop0): auto enabling async discard [ 87.909575][ T6429] BTRFS info (device loop0): rebuilding free space tree [ 87.930684][ T6429] BTRFS info (device loop0): disabling free space tree [ 87.949350][ T6429] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6498] munmap(0x7fda9371b000, 138412032) = 0 [pid 6498] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6498] close(3) = 0 [pid 6498] mkdir("./file0", 0777) = 0 [ 87.959236][ T6429] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 87.974398][ T6429] BTRFS info (device loop0): checking UUID tree [ 87.990466][ T6498] loop1: detected capacity change from 0 to 32768 [pid 6498] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 88.040877][ T6498] BTRFS: device /dev/loop1 using temp-fsid b58c24d5-a8bc-4029-8ac9-0afee7affff5 [pid 6508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6429] <... mount resumed>) = 0 [pid 6429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6429] chdir("./file0") = 0 [pid 6429] ioctl(4, LOOP_CLR_FD) = 0 [pid 6429] close(4) = 0 [pid 6429] open("./file0", O_RDONLY) = 4 [pid 6429] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6429] open("./file0", O_RDONLY) = 5 [pid 6429] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6429] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6429] exit_group(0) = ? [pid 6429] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6429, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 88.161125][ T6498] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6498) [pid 5064] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./13/binderfs") = 0 [ 88.254571][ T6498] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.255636][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 88.283276][ T6498] BTRFS info (device loop1): force clearing of disk cache [pid 5064] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6508] <... write resumed>) = 16777216 [pid 6508] munmap(0x7fda9371b000, 138412032) = 0 [pid 6508] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 88.308950][ T6498] BTRFS info (device loop1): setting nodatasum [ 88.315365][ T6498] BTRFS info (device loop1): allowing degraded mounts [ 88.348294][ T6498] BTRFS info (device loop1): enabling disk space caching [pid 6508] ioctl(4, LOOP_SET_FD, 3 [pid 6503] <... write resumed>) = 16777216 [ 88.348606][ T6508] loop2: detected capacity change from 0 to 32768 [ 88.366044][ T6448] BTRFS info (device loop4): enabling ssd optimizations [ 88.381010][ T6498] BTRFS info (device loop1): disk space caching is enabled [pid 6508] <... ioctl resumed>) = 0 [pid 6508] close(3) = 0 [pid 6508] mkdir("./file0", 0777) = 0 [pid 6508] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6503] munmap(0x7fda9371b000, 138412032) = 0 [ 88.405980][ T6448] BTRFS info (device loop4): auto enabling async discard [ 88.410217][ T6508] BTRFS: device /dev/loop2 using temp-fsid d0347f52-4175-4edf-81d2-6d9e5df37315 [ 88.415277][ T6448] BTRFS info (device loop4): rebuilding free space tree [ 88.423783][ T6508] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6508) [pid 6503] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6503] close(3) = 0 [pid 6503] mkdir("./file0", 0777 [pid 5064] <... umount2 resumed>) = 0 [pid 6503] <... mkdir resumed>) = 0 [ 88.463294][ T6503] loop3: detected capacity change from 0 to 32768 [ 88.497390][ T6508] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6503] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 88.510184][ T6448] BTRFS info (device loop4): disabling free space tree [ 88.510516][ T6503] BTRFS: device /dev/loop3 using temp-fsid abc44752-fe03-405a-9d84-f748b93e0a6e [ 88.517075][ T6448] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5064] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6504] <... write resumed>) = 16777216 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 6504] munmap(0x7fda9371b000, 138412032 [pid 5064] <... close resumed>) = 0 [pid 6504] <... munmap resumed>) = 0 [pid 6504] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5064] rmdir("./13/file0" [pid 6504] <... openat resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [ 88.562837][ T6508] BTRFS info (device loop2): force clearing of disk cache [ 88.587957][ T6503] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6503) [ 88.602778][ T6448] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 6504] ioctl(4, LOOP_SET_FD, 3 [pid 5064] close(3) = 0 [pid 5064] rmdir("./13") = 0 [pid 5064] mkdir("./14", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6552 [ 88.603724][ T6508] BTRFS info (device loop2): setting nodatasum [ 88.628019][ T6508] BTRFS info (device loop2): allowing degraded mounts [ 88.636189][ T6503] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.637568][ T6508] BTRFS info (device loop2): enabling disk space caching [ 88.646145][ T6504] loop5: detected capacity change from 0 to 32768 ./strace-static-x86_64: Process 6552 attached [pid 6552] set_robust_list(0x555557145760, 24) = 0 [pid 6552] chdir("./14") = 0 [pid 6504] <... ioctl resumed>) = 0 [pid 6552] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6504] close(3 [pid 6552] <... prctl resumed>) = 0 [pid 6504] <... close resumed>) = 0 [pid 6552] setpgid(0, 0 [pid 6504] mkdir("./file0", 0777 [pid 6552] <... setpgid resumed>) = 0 [pid 6552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6504] <... mkdir resumed>) = 0 [ 88.690637][ T6503] BTRFS info (device loop3): force clearing of disk cache [ 88.697761][ T6503] BTRFS info (device loop3): setting nodatasum [ 88.716202][ T6448] BTRFS info (device loop4): checking UUID tree [ 88.731964][ T6508] BTRFS info (device loop2): disk space caching is enabled [pid 6552] <... openat resumed>) = 3 [pid 6504] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6552] write(3, "1000", 4) = 4 [pid 6552] close(3) = 0 [pid 6552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6552] memfd_create("syzkaller", 0) = 3 [ 88.750412][ T6498] BTRFS info (device loop1): enabling ssd optimizations [ 88.774252][ T6503] BTRFS info (device loop3): allowing degraded mounts [ 88.779521][ T6504] BTRFS: device /dev/loop5 using temp-fsid 797dbf94-f587-40a1-9759-19464e035c03 [ 88.781828][ T6503] BTRFS info (device loop3): enabling disk space caching [pid 6552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6448] <... mount resumed>) = 0 [pid 6448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6448] chdir("./file0") = 0 [pid 6448] ioctl(4, LOOP_CLR_FD) = 0 [pid 6448] close(4) = 0 [pid 6448] open("./file0", O_RDONLY) = 4 [ 88.795803][ T6498] BTRFS info (device loop1): auto enabling async discard [ 88.817950][ T6503] BTRFS info (device loop3): disk space caching is enabled [ 88.826061][ T6504] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6504) [ 88.842125][ T6498] BTRFS info (device loop1): rebuilding free space tree [pid 6448] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 88.870153][ T6504] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.891046][ T6498] BTRFS info (device loop1): disabling free space tree [ 88.908893][ T6498] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6448] open("./file0", O_RDONLY) = 5 [pid 6448] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6448] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6448] exit_group(0) = ? [pid 6448] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6448, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5068] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 88.918954][ T6498] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.939177][ T6504] BTRFS info (device loop5): force clearing of disk cache [ 88.946304][ T6504] BTRFS info (device loop5): setting nodatasum [ 88.962696][ T6498] BTRFS info (device loop1): checking UUID tree [pid 5068] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./13/binderfs") = 0 [ 88.983698][ T42] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 89.019749][ T6508] BTRFS info (device loop2): enabling ssd optimizations [ 89.026705][ T6508] BTRFS info (device loop2): auto enabling async discard [pid 5068] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6498] <... mount resumed>) = 0 [pid 6498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 89.038146][ T6504] BTRFS info (device loop5): allowing degraded mounts [ 89.046227][ T6503] BTRFS info (device loop3): enabling ssd optimizations [ 89.054898][ T6503] BTRFS info (device loop3): auto enabling async discard [ 89.069195][ T6504] BTRFS info (device loop5): enabling disk space caching [ 89.076229][ T6504] BTRFS info (device loop5): disk space caching is enabled [pid 6498] chdir("./file0" [pid 6552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6498] <... chdir resumed>) = 0 [pid 6498] ioctl(4, LOOP_CLR_FD) = 0 [pid 6498] close(4) = 0 [pid 6498] open("./file0", O_RDONLY) = 4 [pid 6498] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6498] open("./file0", O_RDONLY) = 5 [pid 6498] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6498] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6498] exit_group(0) = ? [pid 6498] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6498, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [ 89.111283][ T6508] BTRFS info (device loop2): rebuilding free space tree [ 89.115049][ T6503] BTRFS info (device loop3): rebuilding free space tree [pid 5068] <... umount2 resumed>) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 5068] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./13/file0", [pid 5065] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5068] <... openat resumed>) = 4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] newfstatat(4, "", [pid 5065] unlink("./13/binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5068] getdents64(4, [pid 5065] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 89.164192][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./13/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./13") = 0 [pid 5068] mkdir("./14", 0777) = 0 [ 89.225157][ T6508] BTRFS info (device loop2): disabling free space tree [ 89.233512][ T6503] BTRFS info (device loop3): disabling free space tree [ 89.264331][ T6508] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6603 ./strace-static-x86_64: Process 6603 attached [ 89.272062][ T6503] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 89.284382][ T6503] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.302241][ T6508] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.304746][ T6503] BTRFS info (device loop3): checking UUID tree [pid 6603] set_robust_list(0x555557145760, 24) = 0 [pid 6603] chdir("./14") = 0 [pid 6603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6503] <... mount resumed>) = 0 [pid 6503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6503] chdir("./file0") = 0 [pid 6603] setpgid(0, 0 [pid 6503] ioctl(4, LOOP_CLR_FD [pid 6603] <... setpgid resumed>) = 0 [pid 6603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6503] <... ioctl resumed>) = 0 [pid 6503] close(4 [pid 6603] <... openat resumed>) = 3 [pid 6503] <... close resumed>) = 0 [pid 6503] open("./file0", O_RDONLY) = 4 [pid 6603] write(3, "1000", 4) = 4 [pid 6603] close(3) = 0 [pid 6503] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6603] memfd_create("syzkaller", 0) = 3 [pid 6603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6552] <... write resumed>) = 16777216 [pid 6508] <... mount resumed>) = 0 [pid 6508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6508] chdir("./file0") = 0 [ 89.324428][ T6508] BTRFS info (device loop2): checking UUID tree [ 89.332961][ T6504] BTRFS info (device loop5): enabling ssd optimizations [ 89.360981][ T6504] BTRFS info (device loop5): auto enabling async discard [pid 6508] ioctl(4, LOOP_CLR_FD [pid 6552] munmap(0x7fda9371b000, 138412032 [pid 6508] <... ioctl resumed>) = 0 [pid 6508] close(4) = 0 [pid 6508] open("./file0", O_RDONLY) = 4 [pid 6503] <... ioctl resumed>) = 0 [pid 6508] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6503] open("./file0", O_RDONLY) = 5 [pid 6552] <... munmap resumed>) = 0 [pid 6508] <... ioctl resumed>) = 0 [pid 6503] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6552] ioctl(4, LOOP_SET_FD, 3 [pid 6503] <... ioctl resumed>) = 0 [pid 6508] open("./file0", O_RDONLY [pid 6503] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6508] <... open resumed>) = 5 [pid 6503] exit_group(0 [pid 6508] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6503] <... exit_group resumed>) = ? [pid 6508] <... ioctl resumed>) = 0 [pid 6503] +++ exited with 0 +++ [ 89.429007][ T6504] BTRFS info (device loop5): rebuilding free space tree [ 89.456376][ T6552] loop0: detected capacity change from 0 to 32768 [pid 6508] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6503, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 6508] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... restart_syscall resumed>) = 0 [pid 6508] exit_group(0) = ? [pid 6508] +++ exited with 0 +++ [pid 5067] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6508, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 5067] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", [pid 5066] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5066] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./13/binderfs" [pid 5066] unlink("./14/binderfs") = 0 [pid 6552] <... ioctl resumed>) = 0 [pid 5066] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 6552] close(3 [pid 5065] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 89.482252][ T6504] BTRFS info (device loop5): disabling free space tree [ 89.503982][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 89.513240][ T6504] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 89.514862][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6552] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6552] mkdir("./file0", 0777 [pid 5065] newfstatat(AT_FDCWD, "./13/file0", [pid 6552] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6552] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./13/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./13") = 0 [pid 5065] mkdir("./14", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 89.570483][ T6504] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.582366][ T6552] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6552) [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6610 attached [pid 6610] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 6610 [pid 6610] <... set_robust_list resumed>) = 0 [pid 6610] chdir("./14") = 0 [pid 6610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6610] setpgid(0, 0) = 0 [ 89.668162][ T6552] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.678362][ T6504] BTRFS info (device loop5): checking UUID tree [pid 6610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6610] write(3, "1000", 4 [pid 6603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6610] <... write resumed>) = 4 [pid 6610] close(3) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 6610] symlink("/dev/binderfs", "./binderfs" [pid 6504] <... mount resumed>) = 0 [pid 5067] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 6610] <... symlink resumed>) = 0 [pid 6504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6610] memfd_create("syzkaller", 0 [pid 6504] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6610] <... memfd_create resumed>) = 3 [pid 5067] newfstatat(AT_FDCWD, "./13/file0", [pid 6610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(AT_FDCWD, "./14/file0", [pid 6610] <... mmap resumed>) = 0x7fda9371b000 [pid 6504] chdir("./file0" [pid 5067] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6504] <... chdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6504] ioctl(4, LOOP_CLR_FD) = 0 [pid 6504] close(4) = 0 [pid 6504] open("./file0", O_RDONLY) = 4 [pid 5067] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [ 89.714050][ T6552] BTRFS info (device loop0): force clearing of disk cache [ 89.752090][ T6552] BTRFS info (device loop0): setting nodatasum [pid 6504] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5067] newfstatat(4, "", [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6504] open("./file0", O_RDONLY [pid 5067] getdents64(4, [pid 5066] getdents64(4, [pid 6504] <... open resumed>) = 5 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6504] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] getdents64(4, [pid 5066] getdents64(4, [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6504] <... ioctl resumed>) = 0 [pid 5067] close(4 [pid 5066] close(4 [pid 6504] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./14/file0" [pid 5067] rmdir("./13/file0" [pid 6504] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... rmdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, [pid 5066] getdents64(3, [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... close resumed>) = 0 [pid 5066] close(3 [pid 6504] exit_group(0) = ? [ 89.799845][ T6552] BTRFS info (device loop0): allowing degraded mounts [ 89.831598][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 6504] +++ exited with 0 +++ [pid 5067] rmdir("./13" [pid 5066] <... close resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6504, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 5066] rmdir("./14" [pid 5069] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... rmdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... rmdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] mkdir("./15", 0777 [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", [pid 5067] mkdir("./14", 0777 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... mkdir resumed>) = 0 [pid 5069] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./13/binderfs") = 0 [pid 5069] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 6612 [ 89.850258][ T6552] BTRFS info (device loop0): enabling disk space caching [ 89.857287][ T6552] BTRFS info (device loop0): disk space caching is enabled [pid 5067] close(3) = 0 ./strace-static-x86_64: Process 6612 attached [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6612] set_robust_list(0x555557145760, 24) = 0 [pid 6612] chdir("./15") = 0 [pid 6612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6612] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 6613 attached [pid 6612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6613] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 6613 [pid 6613] <... set_robust_list resumed>) = 0 [pid 6613] chdir("./14" [pid 6612] <... openat resumed>) = 3 [pid 6612] write(3, "1000", 4 [pid 6613] <... chdir resumed>) = 0 [pid 6612] <... write resumed>) = 4 [pid 6612] close(3) = 0 [pid 6612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6613] setpgid(0, 0 [pid 6612] memfd_create("syzkaller", 0) = 3 [pid 6612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6613] <... setpgid resumed>) = 0 [pid 6613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6613] write(3, "1000", 4) = 4 [pid 6613] close(3) = 0 [pid 6613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6613] memfd_create("syzkaller", 0) = 3 [pid 6613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 90.138849][ T6552] BTRFS info (device loop0): enabling ssd optimizations [ 90.145817][ T6552] BTRFS info (device loop0): auto enabling async discard [pid 6610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.234273][ T6552] BTRFS info (device loop0): rebuilding free space tree [pid 5069] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./13/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./13") = 0 [pid 5069] mkdir("./14", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [ 90.300167][ T6552] BTRFS info (device loop0): disabling free space tree [ 90.307082][ T6552] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6630 attached [pid 6630] set_robust_list(0x555557145760, 24) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 6630 [pid 6630] chdir("./14") = 0 [pid 6630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6630] setpgid(0, 0) = 0 [pid 6630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 90.364464][ T6552] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6630] write(3, "1000", 4) = 4 [pid 6630] close(3) = 0 [pid 6630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6630] memfd_create("syzkaller", 0) = 3 [pid 6630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 90.422778][ T6552] BTRFS info (device loop0): checking UUID tree [pid 6603] <... write resumed>) = 16777216 [pid 6552] <... mount resumed>) = 0 [pid 6552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6552] chdir("./file0") = 0 [pid 6603] munmap(0x7fda9371b000, 138412032) = 0 [pid 6552] ioctl(4, LOOP_CLR_FD) = 0 [pid 6603] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6552] close(4) = 0 [pid 6603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6552] open("./file0", O_RDONLY) = 4 [pid 6552] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6552] open("./file0", O_RDONLY) = 5 [pid 6552] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [ 90.621648][ T6603] loop4: detected capacity change from 0 to 32768 [pid 6603] close(3) = 0 [pid 6552] <... ioctl resumed>) = 0 [pid 6603] mkdir("./file0", 0777) = 0 [pid 6603] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6552] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6552] exit_group(0) = ? [pid 6552] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6552, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./14/binderfs") = 0 [ 90.679927][ T6603] BTRFS: device /dev/loop4 using temp-fsid 2a7038db-b419-4aa7-b25c-c53d19a5ca03 [ 90.704773][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 90.727246][ T6603] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6603) [pid 5064] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6612] <... write resumed>) = 16777216 [pid 6613] <... write resumed>) = 16777216 [pid 6612] munmap(0x7fda9371b000, 138412032 [pid 6613] munmap(0x7fda9371b000, 138412032) = 0 [pid 6612] <... munmap resumed>) = 0 [pid 6613] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6612] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6610] <... write resumed>) = 16777216 [pid 6613] <... openat resumed>) = 4 [pid 6612] <... openat resumed>) = 4 [pid 6612] ioctl(4, LOOP_SET_FD, 3 [pid 6610] munmap(0x7fda9371b000, 138412032 [pid 6613] ioctl(4, LOOP_SET_FD, 3 [pid 6630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6612] <... ioctl resumed>) = 0 [pid 6610] <... munmap resumed>) = 0 [pid 6610] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6613] <... ioctl resumed>) = 0 [pid 6612] close(3 [pid 6610] <... openat resumed>) = 4 [pid 5064] <... umount2 resumed>) = 0 [ 90.835382][ T6612] loop2: detected capacity change from 0 to 32768 [ 90.851868][ T6613] loop3: detected capacity change from 0 to 32768 [pid 6613] close(3 [pid 6612] <... close resumed>) = 0 [pid 6610] ioctl(4, LOOP_SET_FD, 3 [pid 5064] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", [pid 6612] mkdir("./file0", 0777 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 6612] <... mkdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 6613] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6613] mkdir("./file0", 0777 [pid 6612] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] close(4 [pid 6613] <... mkdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./14/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./14") = 0 [pid 5064] mkdir("./15", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6613] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 6646 ./strace-static-x86_64: Process 6646 attached [pid 6610] <... ioctl resumed>) = 0 [pid 6646] set_robust_list(0x555557145760, 24 [pid 6610] close(3 [pid 6646] <... set_robust_list resumed>) = 0 [pid 6646] chdir("./15" [pid 6610] <... close resumed>) = 0 [pid 6646] <... chdir resumed>) = 0 [pid 6610] mkdir("./file0", 0777) = 0 [pid 6646] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6610] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6646] <... prctl resumed>) = 0 [pid 6646] setpgid(0, 0) = 0 [pid 6646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6646] write(3, "1000", 4) = 4 [pid 6646] close(3) = 0 [ 90.894931][ T6610] loop1: detected capacity change from 0 to 32768 [ 90.911345][ T6612] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6612) [pid 6646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6646] memfd_create("syzkaller", 0) = 3 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 91.024307][ T6613] BTRFS: device /dev/loop3 using temp-fsid ded88fef-a6f7-480a-a3fb-82126fb86203 [ 91.070364][ T6613] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6613) [pid 6603] <... mount resumed>) = 0 [pid 6603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6603] chdir("./file0") = 0 [pid 6603] ioctl(4, LOOP_CLR_FD) = 0 [pid 6603] close(4) = 0 [pid 6603] open("./file0", O_RDONLY) = 4 [pid 6603] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6630] <... write resumed>) = 16777216 [ 91.140875][ T6610] BTRFS: device /dev/loop1 using temp-fsid 443b5210-9dff-4777-b2d3-c57be84847f7 [pid 6630] munmap(0x7fda9371b000, 138412032 [pid 6603] <... ioctl resumed>) = 0 [pid 6603] open("./file0", O_RDONLY) = 5 [pid 6603] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6603] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6603] exit_group(0) = ? [pid 6603] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6603, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [pid 6630] <... munmap resumed>) = 0 [pid 6630] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6630] <... openat resumed>) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6630] ioctl(4, LOOP_SET_FD, 3 [pid 5068] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 6630] <... ioctl resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 6630] close(3 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6630] <... close resumed>) = 0 [pid 6630] mkdir("./file0", 0777 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6630] <... mkdir resumed>) = 0 [ 91.210121][ T6610] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6610) [ 91.231247][ T6630] loop5: detected capacity change from 0 to 32768 [pid 6630] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./14/binderfs") = 0 [ 91.273969][ T6630] BTRFS: device /dev/loop5 using temp-fsid 3cf846c6-76e0-4763-bc5c-a1055d24a689 [pid 5068] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6612] <... mount resumed>) = 0 [pid 6612] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6612] chdir("./file0") = 0 [pid 6612] ioctl(4, LOOP_CLR_FD) = 0 [pid 6612] close(4) = 0 [ 91.312965][ T6630] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6630) [pid 6612] open("./file0", O_RDONLY) = 4 [pid 6612] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6612] open("./file0", O_RDONLY) = 5 [pid 6612] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6612] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6612] exit_group(0) = ? [pid 6612] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6612, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [pid 5066] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./15/binderfs") = 0 [pid 5066] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./14/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./14") = 0 [pid 5068] mkdir("./15", 0777) = 0 [pid 6613] <... mount resumed>) = 0 [pid 6610] <... mount resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... openat resumed>) = 3 [pid 6613] <... openat resumed>) = 3 [pid 6610] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 6613] chdir("./file0" [pid 6610] chdir("./file0" [pid 6613] <... chdir resumed>) = 0 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6613] ioctl(4, LOOP_CLR_FD [pid 6610] <... chdir resumed>) = 0 [pid 5068] close(3 [pid 6613] <... ioctl resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 6610] ioctl(4, LOOP_CLR_FD [pid 6613] close(4) = 0 [pid 6613] open("./file0", O_RDONLY [pid 6610] <... ioctl resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6613] <... open resumed>) = 4 [pid 6610] close(4) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 6718 ./strace-static-x86_64: Process 6718 attached [pid 6613] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6610] open("./file0", O_RDONLY [pid 6718] set_robust_list(0x555557145760, 24 [pid 6610] <... open resumed>) = 4 [pid 6718] <... set_robust_list resumed>) = 0 [pid 6610] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6718] chdir("./15") = 0 [pid 6718] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6613] <... ioctl resumed>) = 0 [pid 6718] <... prctl resumed>) = 0 [pid 6613] open("./file0", O_RDONLY [pid 6718] setpgid(0, 0 [pid 6613] <... open resumed>) = 5 [pid 6718] <... setpgid resumed>) = 0 [pid 6613] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6613] <... ioctl resumed>) = 0 [pid 6718] <... openat resumed>) = 3 [pid 6613] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6613] exit_group(0 [pid 6610] <... ioctl resumed>) = 0 [pid 6630] <... mount resumed>) = 0 [pid 6613] <... exit_group resumed>) = ? [pid 6630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 6630] <... openat resumed>) = 3 [pid 6630] chdir("./file0" [pid 6610] open("./file0", O_RDONLY [pid 6718] write(3, "1000", 4 [pid 6630] <... chdir resumed>) = 0 [pid 6630] ioctl(4, LOOP_CLR_FD) = 0 [pid 6630] close(4) = 0 [pid 6630] open("./file0", O_RDONLY) = 4 [pid 6718] <... write resumed>) = 4 [pid 6630] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6718] close(3 [pid 6613] +++ exited with 0 +++ [pid 6610] <... open resumed>) = 5 [pid 6718] <... close resumed>) = 0 [pid 6610] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6613, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- [pid 5066] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6718] symlink("/dev/binderfs", "./binderfs" [pid 6610] <... ioctl resumed>) = 0 [pid 6718] <... symlink resumed>) = 0 [pid 5067] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6718] memfd_create("syzkaller", 0 [pid 6610] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./15/file0", [pid 6630] <... ioctl resumed>) = 0 [pid 6718] <... memfd_create resumed>) = 3 [pid 6610] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... openat resumed>) = 3 [pid 6718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6610] exit_group(0 [pid 6718] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6630] open("./file0", O_RDONLY [pid 6610] <... exit_group resumed>) = ? [pid 5067] newfstatat(3, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./14/binderfs", [pid 6630] <... open resumed>) = 5 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6630] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] unlink("./14/binderfs" [pid 6630] <... ioctl resumed>) = 0 [pid 6610] +++ exited with 0 +++ [pid 5067] <... unlink resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5067] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(4, "", [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6610, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 6630] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 6630] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6630] exit_group(0) = ? [pid 5066] close(4 [pid 5065] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6630] +++ exited with 0 +++ [pid 5065] <... openat resumed>) = 3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6630, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5069] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5069] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] unlink("./14/binderfs" [pid 5069] getdents64(3, [pid 5066] <... close resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./15/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5066] close(3) = 0 [pid 5066] rmdir("./15" [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./14/binderfs") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5069] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] mkdir("./16", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6720 attached , child_tidptr=0x555557145750) = 6720 [pid 6720] set_robust_list(0x555557145760, 24) = 0 [pid 6720] chdir("./16") = 0 [pid 6720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6720] setpgid(0, 0) = 0 [pid 6720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6720] write(3, "1000", 4) = 4 [pid 6720] close(3) = 0 [pid 6720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 6720] memfd_create("syzkaller", 0 [pid 5067] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6720] <... memfd_create resumed>) = 3 [pid 5067] newfstatat(AT_FDCWD, "./14/file0", [pid 6720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6720] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./14/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] close(3 [pid 5069] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] <... close resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 5067] rmdir("./14" [pid 5065] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] close(4 [pid 5065] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] rmdir("./14/file0" [pid 5065] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... rmdir resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5069] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5069] close(3 [pid 5067] mkdir("./15", 0777 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 5069] rmdir("./14" [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5065] close(4 [pid 5069] mkdir("./15", 0777 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./14/file0" [pid 5069] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] <... rmdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5065] getdents64(3, [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5067] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5067] close(3 [pid 5065] rmdir("./14" [pid 5067] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] mkdir("./15", 0777 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5065] <... mkdir resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6725 ./strace-static-x86_64: Process 6725 attached [pid 6725] set_robust_list(0x555557145760, 24) = 0 ./strace-static-x86_64: Process 6724 attached [pid 6725] chdir("./15" [pid 5065] <... openat resumed>) = 3 [pid 6725] <... chdir resumed>) = 0 [pid 6724] set_robust_list(0x555557145760, 24 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 6725] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6724] <... set_robust_list resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 6724 [pid 6725] <... prctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 6725] setpgid(0, 0 [pid 6724] chdir("./15" [pid 5065] close(3 [pid 6725] <... setpgid resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 6725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6725] <... openat resumed>) = 3 [pid 6724] <... chdir resumed>) = 0 [pid 6725] write(3, "1000", 4) = 4 [pid 6725] close(3) = 0 [pid 6725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6724] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 6727 [pid 6724] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 6727 attached [pid 6725] memfd_create("syzkaller", 0 [pid 6724] setpgid(0, 0 [pid 6727] set_robust_list(0x555557145760, 24 [pid 6724] <... setpgid resumed>) = 0 [pid 6727] <... set_robust_list resumed>) = 0 [pid 6725] <... memfd_create resumed>) = 3 [pid 6724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6727] chdir("./15" [pid 6725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6724] <... openat resumed>) = 3 [pid 6725] <... mmap resumed>) = 0x7fda9371b000 [pid 6724] write(3, "1000", 4) = 4 [pid 6727] <... chdir resumed>) = 0 [pid 6724] close(3 [pid 6727] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6724] <... close resumed>) = 0 [pid 6724] symlink("/dev/binderfs", "./binderfs" [pid 6727] <... prctl resumed>) = 0 [pid 6724] <... symlink resumed>) = 0 [pid 6727] setpgid(0, 0) = 0 [pid 6727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6724] memfd_create("syzkaller", 0 [pid 6727] <... openat resumed>) = 3 [pid 6724] <... memfd_create resumed>) = 3 [pid 6727] write(3, "1000", 4 [pid 6724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6727] <... write resumed>) = 4 [pid 6724] <... mmap resumed>) = 0x7fda9371b000 [pid 6727] close(3) = 0 [pid 6727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6727] memfd_create("syzkaller", 0) = 3 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6646] <... write resumed>) = 16777216 [pid 6646] munmap(0x7fda9371b000, 138412032) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6646] close(3) = 0 [pid 6646] mkdir("./file0", 0777) = 0 [ 92.329895][ T6646] loop0: detected capacity change from 0 to 32768 [ 92.364709][ T6646] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6646) [pid 6646] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 92.451299][ T6646] _btrfs_printk: 70 callbacks suppressed [ 92.451312][ T6646] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.529886][ T6646] BTRFS info (device loop0): force clearing of disk cache [pid 6720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 92.576935][ T6646] BTRFS info (device loop0): setting nodatasum [ 92.609786][ T6646] BTRFS info (device loop0): allowing degraded mounts [ 92.640697][ T6646] BTRFS info (device loop0): enabling disk space caching [ 92.664871][ T6646] BTRFS info (device loop0): disk space caching is enabled [pid 6727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6718] <... write resumed>) = 16777216 [pid 6724] <... write resumed>) = 16777216 [pid 6718] munmap(0x7fda9371b000, 138412032 [ 92.948382][ T6646] BTRFS info (device loop0): enabling ssd optimizations [ 92.968806][ T6646] BTRFS info (device loop0): auto enabling async discard [pid 6724] munmap(0x7fda9371b000, 138412032) = 0 [pid 6718] <... munmap resumed>) = 0 [pid 6718] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6718] ioctl(4, LOOP_SET_FD, 3 [pid 6724] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6724] close(3) = 0 [ 93.001954][ T6646] BTRFS info (device loop0): rebuilding free space tree [ 93.015657][ T6718] loop4: detected capacity change from 0 to 32768 [ 93.029786][ T6724] loop3: detected capacity change from 0 to 32768 [pid 6724] mkdir("./file0", 0777) = 0 [pid 6724] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6718] <... ioctl resumed>) = 0 [pid 6718] close(3) = 0 [pid 6718] mkdir("./file0", 0777) = 0 [ 93.050222][ T6646] BTRFS info (device loop0): disabling free space tree [ 93.069845][ T6724] BTRFS: device /dev/loop3 using temp-fsid 152a97b1-4470-431c-b994-7e848cde8712 [ 93.086488][ T6724] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6724) [ 93.100716][ T6646] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 93.129311][ T6646] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6718] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6720] <... write resumed>) = 16777216 [ 93.149555][ T6718] BTRFS: device /dev/loop4 using temp-fsid ce41d227-88b1-495b-b978-0cdfc52574c4 [ 93.158627][ T6718] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6718) [ 93.172398][ T6724] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.185614][ T6646] BTRFS info (device loop0): checking UUID tree [pid 6720] munmap(0x7fda9371b000, 138412032) = 0 [pid 6646] <... mount resumed>) = 0 [pid 6646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6646] chdir("./file0" [pid 6720] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6720] ioctl(4, LOOP_SET_FD, 3 [pid 6727] <... write resumed>) = 16777216 [pid 6646] <... chdir resumed>) = 0 [pid 6646] ioctl(4, LOOP_CLR_FD [pid 6727] munmap(0x7fda9371b000, 138412032 [pid 6646] <... ioctl resumed>) = 0 [pid 6646] close(4) = 0 [pid 6646] open("./file0", O_RDONLY) = 4 [ 93.209098][ T6724] BTRFS info (device loop3): force clearing of disk cache [ 93.233121][ T6718] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.234944][ T6720] loop2: detected capacity change from 0 to 32768 [ 93.249531][ T6724] BTRFS info (device loop3): setting nodatasum [pid 6727] <... munmap resumed>) = 0 [pid 6646] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6720] <... ioctl resumed>) = 0 [pid 6720] close(3) = 0 [pid 6720] mkdir("./file0", 0777) = 0 [pid 6720] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6727] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 93.264087][ T6724] BTRFS info (device loop3): allowing degraded mounts [ 93.266809][ T6718] BTRFS info (device loop4): force clearing of disk cache [ 93.273049][ T6724] BTRFS info (device loop3): enabling disk space caching [ 93.292402][ T6720] BTRFS: device /dev/loop2 using temp-fsid a7650361-9355-4b02-934b-aa77e330bd91 [ 93.302139][ T6718] BTRFS info (device loop4): setting nodatasum [pid 6727] ioctl(4, LOOP_SET_FD, 3 [pid 6725] <... write resumed>) = 16777216 [pid 6646] <... ioctl resumed>) = 0 [pid 6646] open("./file0", O_RDONLY) = 5 [pid 6646] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 93.308299][ T6718] BTRFS info (device loop4): allowing degraded mounts [ 93.316796][ T6727] loop1: detected capacity change from 0 to 32768 [ 93.317585][ T6724] BTRFS info (device loop3): disk space caching is enabled [ 93.339111][ T6720] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6720) [ 93.345049][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 6727] <... ioctl resumed>) = 0 [pid 6725] munmap(0x7fda9371b000, 138412032 [pid 6646] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6646] exit_group(0) = ? [pid 6727] close(3 [pid 6646] +++ exited with 0 +++ [pid 6727] <... close resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6646, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 6727] mkdir("./file0", 0777) = 0 [pid 5064] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6727] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 93.361170][ T6718] BTRFS info (device loop4): enabling disk space caching [ 93.368202][ T6718] BTRFS info (device loop4): disk space caching is enabled [ 93.395341][ T6727] BTRFS: device /dev/loop1 using temp-fsid f4eb95b1-66c7-4743-953e-51c173e86404 [ 93.405724][ T6720] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5064] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6725] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./15/binderfs", [pid 6725] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./15/binderfs") = 0 [pid 6725] ioctl(4, LOOP_SET_FD, 3 [pid 5064] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6725] <... ioctl resumed>) = 0 [pid 6725] close(3) = 0 [ 93.422747][ T6725] loop5: detected capacity change from 0 to 32768 [ 93.448222][ T6727] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6727) [ 93.464878][ T6720] BTRFS info (device loop2): force clearing of disk cache [pid 6725] mkdir("./file0", 0777) = 0 [ 93.488733][ T6720] BTRFS info (device loop2): setting nodatasum [ 93.519401][ T6725] BTRFS: device /dev/loop5 using temp-fsid 15567b87-d320-4d3d-b772-72944f54252c [ 93.528460][ T6725] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6725) [ 93.559990][ T6720] BTRFS info (device loop2): allowing degraded mounts [ 93.566767][ T6720] BTRFS info (device loop2): enabling disk space caching [ 93.579906][ T6727] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.585027][ T6720] BTRFS info (device loop2): disk space caching is enabled [ 93.598229][ T6724] BTRFS info (device loop3): enabling ssd optimizations [ 93.609255][ T6725] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.618634][ T6725] BTRFS info (device loop5): force clearing of disk cache [ 93.620993][ T6718] BTRFS info (device loop4): enabling ssd optimizations [ 93.630931][ T6725] BTRFS info (device loop5): setting nodatasum [ 93.647319][ T6727] BTRFS info (device loop1): force clearing of disk cache [ 93.655373][ T6724] BTRFS info (device loop3): auto enabling async discard [ 93.659307][ T6725] BTRFS info (device loop5): allowing degraded mounts [ 93.669991][ T6727] BTRFS info (device loop1): setting nodatasum [ 93.682755][ T6718] BTRFS info (device loop4): auto enabling async discard [ 93.690643][ T6724] BTRFS info (device loop3): rebuilding free space tree [ 93.698200][ T6727] BTRFS info (device loop1): allowing degraded mounts [ 93.705540][ T6727] BTRFS info (device loop1): enabling disk space caching [ 93.706924][ T6725] BTRFS info (device loop5): enabling disk space caching [ 93.714471][ T6727] BTRFS info (device loop1): disk space caching is enabled [ 93.730411][ T6718] BTRFS info (device loop4): rebuilding free space tree [ 93.731553][ T6725] BTRFS info (device loop5): disk space caching is enabled [ 93.753090][ T6724] BTRFS info (device loop3): disabling free space tree [ 93.760060][ T6724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 93.769732][ T6724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 93.788750][ T6724] BTRFS info (device loop3): checking UUID tree [ 93.797753][ T6718] BTRFS info (device loop4): disabling free space tree [pid 6725] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6724] <... mount resumed>) = 0 [pid 6724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6724] chdir("./file0") = 0 [pid 6724] ioctl(4, LOOP_CLR_FD) = 0 [pid 6724] close(4) = 0 [pid 6724] open("./file0", O_RDONLY) = 4 [pid 6724] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 93.804770][ T6720] BTRFS info (device loop2): enabling ssd optimizations [ 93.821653][ T6718] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 93.829892][ T6720] BTRFS info (device loop2): auto enabling async discard [ 93.832330][ T6718] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 93.850622][ T6720] BTRFS info (device loop2): rebuilding free space tree [pid 6724] open("./file0", O_RDONLY) = 5 [pid 6724] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6724] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6724] exit_group(0) = ? [pid 6724] +++ exited with 0 +++ [ 93.876490][ T6720] BTRFS info (device loop2): disabling free space tree [ 93.888371][ T6718] BTRFS info (device loop4): checking UUID tree [ 93.888972][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 93.912212][ T6720] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6718] <... mount resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6724, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 6718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6718] chdir("./file0") = 0 [pid 5067] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6718] ioctl(4, LOOP_CLR_FD [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./15/binderfs") = 0 [pid 6718] <... ioctl resumed>) = 0 [pid 5067] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6718] close(4) = 0 [pid 6718] open("./file0", O_RDONLY) = 4 [ 93.924984][ T6720] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6718] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6718] open("./file0", O_RDONLY) = 5 [pid 6718] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6718] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6718] exit_group(0) = ? [ 93.970295][ T6720] BTRFS info (device loop2): checking UUID tree [ 93.981848][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 93.997221][ T6727] BTRFS info (device loop1): enabling ssd optimizations [ 94.003468][ T6725] BTRFS info (device loop5): enabling ssd optimizations [ 94.011132][ T6727] BTRFS info (device loop1): auto enabling async discard [pid 5064] <... umount2 resumed>) = 0 [pid 6720] <... mount resumed>) = 0 [pid 6718] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6718, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 6720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6720] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6720] chdir("./file0") = 0 [pid 5064] newfstatat(AT_FDCWD, "./15/file0", [pid 6720] ioctl(4, LOOP_CLR_FD [pid 5068] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6720] <... ioctl resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6720] close(4 [pid 5068] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6720] <... close resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6720] open("./file0", O_RDONLY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] close(4 [pid 5068] getdents64(3, [pid 5064] <... close resumed>) = 0 [pid 6720] <... open resumed>) = 4 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] rmdir("./15/file0") = 0 [ 94.027759][ T6727] BTRFS info (device loop1): rebuilding free space tree [ 94.057152][ T6725] BTRFS info (device loop5): auto enabling async discard [ 94.069249][ T6727] BTRFS info (device loop1): disabling free space tree [pid 5064] getdents64(3, [pid 6720] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./15") = 0 [pid 5064] mkdir("./16", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6829 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./15/binderfs", ./strace-static-x86_64: Process 6829 attached [pid 6829] set_robust_list(0x555557145760, 24) = 0 [pid 6829] chdir("./16") = 0 [pid 6829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6829] setpgid(0, 0) = 0 [pid 6829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6829] write(3, "1000", 4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6720] <... ioctl resumed>) = 0 [pid 6829] <... write resumed>) = 4 [pid 6720] open("./file0", O_RDONLY [pid 5068] unlink("./15/binderfs" [pid 6829] close(3 [pid 6720] <... open resumed>) = 5 [pid 5068] <... unlink resumed>) = 0 [ 94.076571][ T6727] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 94.104210][ T6727] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6720] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6829] <... close resumed>) = 0 [pid 6720] <... ioctl resumed>) = 0 [pid 6720] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6829] memfd_create("syzkaller", 0) = 3 [pid 6829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6720] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6720] exit_group(0) = ? [ 94.140504][ T6725] BTRFS info (device loop5): rebuilding free space tree [ 94.149773][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 94.163392][ T6727] BTRFS info (device loop1): checking UUID tree [pid 6720] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6720, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=37 /* 0.37 s */} --- [pid 6727] <... mount resumed>) = 0 [pid 5066] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6727] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6727] chdir("./file0" [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 6727] <... chdir resumed>) = 0 [pid 6727] ioctl(4, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 6727] <... ioctl resumed>) = 0 [pid 6727] close(4 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6727] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6727] open("./file0", O_RDONLY [pid 5066] newfstatat(AT_FDCWD, "./16/binderfs", [pid 6727] <... open resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./16/binderfs") = 0 [ 94.202688][ T6725] BTRFS info (device loop5): disabling free space tree [ 94.234516][ T6725] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5066] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6727] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6727] open("./file0", O_RDONLY) = 5 [ 94.263550][ T6725] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6727] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6727] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5068] <... umount2 resumed>) = 0 [pid 6727] exit_group(0) = ? [pid 5068] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6727] +++ exited with 0 +++ [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6727, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- [pid 5068] newfstatat(AT_FDCWD, "./15/file0", [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 94.319665][ T6725] BTRFS info (device loop5): checking UUID tree [ 94.324472][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] newfstatat(4, "", [pid 5065] unlink("./15/binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5065] <... unlink resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(4, [pid 5067] <... umount2 resumed>) = 0 [pid 6725] <... mount resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6725] chdir("./file0") = 0 [pid 6725] ioctl(4, LOOP_CLR_FD) = 0 [pid 6725] close(4) = 0 [pid 6725] open("./file0", O_RDONLY) = 4 [pid 6725] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] close(4) = 0 [pid 5068] rmdir("./15/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6725] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 6725] open("./file0", O_RDONLY) = 5 [pid 6725] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6725] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6725] exit_group(0) = ? [pid 6725] +++ exited with 0 +++ [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./16/file0", [pid 5067] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] newfstatat(4, "", [pid 5066] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6725, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] getdents64(4, [pid 5066] <... openat resumed>) = 4 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] newfstatat(4, "", [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] close(4) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] rmdir("./15/file0") = 0 [pid 5068] close(3 [pid 5066] getdents64(4, [pid 5068] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] rmdir("./15" [pid 5066] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... rmdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] mkdir("./16", 0777 [pid 5066] rmdir("./16/file0" [pid 5069] <... openat resumed>) = 3 [pid 5068] <... mkdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] getdents64(3, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(3, [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5066] close(3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5069] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] close(3 [pid 5066] rmdir("./16" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] mkdir("./17", 0777 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5069] unlink("./15/binderfs" [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 6834 [pid 5067] getdents64(3, [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6834 attached [pid 5069] <... unlink resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... openat resumed>) = 3 [pid 6834] set_robust_list(0x555557145760, 24 [pid 5069] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] close(3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 6834] <... set_robust_list resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 6834] chdir("./16" [pid 5067] rmdir("./15" [pid 5066] close(3 [pid 6834] <... chdir resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 6834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] mkdir("./16", 0777 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6834] <... prctl resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6835 attached [pid 6834] setpgid(0, 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 6835 [pid 6834] <... setpgid resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 6835] set_robust_list(0x555557145760, 24 [pid 6834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] ioctl(3, LOOP_CLR_FD [pid 6835] <... set_robust_list resumed>) = 0 [pid 6834] <... openat resumed>) = 3 [pid 5067] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6835] chdir("./17" [pid 6834] write(3, "1000", 4 [pid 5067] close(3 [pid 6835] <... chdir resumed>) = 0 [pid 6834] <... write resumed>) = 4 [pid 5067] <... close resumed>) = 0 [pid 6835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6834] close(3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6835] <... prctl resumed>) = 0 [pid 6834] <... close resumed>) = 0 ./strace-static-x86_64: Process 6836 attached [pid 6836] set_robust_list(0x555557145760, 24 [pid 6835] setpgid(0, 0 [pid 6834] symlink("/dev/binderfs", "./binderfs" [pid 6836] <... set_robust_list resumed>) = 0 [pid 6836] chdir("./16" [pid 6835] <... setpgid resumed>) = 0 [pid 6834] <... symlink resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 6836 [pid 6836] <... chdir resumed>) = 0 [pid 6835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6834] memfd_create("syzkaller", 0 [pid 6836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6836] setpgid(0, 0 [pid 6835] <... openat resumed>) = 3 [pid 6836] <... setpgid resumed>) = 0 [pid 6835] write(3, "1000", 4 [pid 6834] <... memfd_create resumed>) = 3 [ 94.487797][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 6836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6835] <... write resumed>) = 4 [pid 6834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6836] <... openat resumed>) = 3 [pid 6835] close(3 [pid 6834] <... mmap resumed>) = 0x7fda9371b000 [pid 6836] write(3, "1000", 4 [pid 6835] <... close resumed>) = 0 [pid 6836] <... write resumed>) = 4 [pid 6835] symlink("/dev/binderfs", "./binderfs" [pid 6836] close(3 [pid 6835] <... symlink resumed>) = 0 [pid 6835] memfd_create("syzkaller", 0) = 3 [pid 6836] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 6835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6836] symlink("/dev/binderfs", "./binderfs" [pid 5065] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6836] <... symlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6836] memfd_create("syzkaller", 0 [pid 5065] newfstatat(AT_FDCWD, "./15/file0", [pid 6836] <... memfd_create resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./15/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./15") = 0 [pid 5065] mkdir("./16", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6838 [pid 5069] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6838 attached ) = -1 EINVAL (Invalid argument) [pid 6838] set_robust_list(0x555557145760, 24) = 0 [pid 6838] chdir("./16") = 0 [pid 6838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6838] setpgid(0, 0) = 0 [pid 6838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6838] write(3, "1000", 4 [pid 5069] newfstatat(AT_FDCWD, "./15/file0", [pid 6838] <... write resumed>) = 4 [pid 6838] close(3) = 0 [pid 6838] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6838] <... symlink resumed>) = 0 [pid 6838] memfd_create("syzkaller", 0) = 3 [pid 6838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./15/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./15") = 0 [pid 5069] mkdir("./16", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6839 ./strace-static-x86_64: Process 6839 attached [pid 6839] set_robust_list(0x555557145760, 24) = 0 [pid 6839] chdir("./16") = 0 [pid 6839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6839] setpgid(0, 0) = 0 [pid 6839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6839] write(3, "1000", 4) = 4 [pid 6839] close(3) = 0 [pid 6839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6839] memfd_create("syzkaller", 0) = 3 [pid 6839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6829] <... write resumed>) = 16777216 [pid 6829] munmap(0x7fda9371b000, 138412032) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6829] close(3) = 0 [pid 6829] mkdir("./file0", 0777) = 0 [ 95.371077][ T6829] loop0: detected capacity change from 0 to 32768 [ 95.417302][ T6829] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6829) [pid 6829] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 95.496760][ T6829] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.539457][ T6829] BTRFS info (device loop0): force clearing of disk cache [ 95.546666][ T6829] BTRFS info (device loop0): setting nodatasum [pid 6839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6835] <... write resumed>) = 16777216 [pid 6835] munmap(0x7fda9371b000, 138412032) = 0 [pid 6835] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 95.588894][ T6829] BTRFS info (device loop0): allowing degraded mounts [ 95.595689][ T6829] BTRFS info (device loop0): enabling disk space caching [ 95.627839][ T6829] BTRFS info (device loop0): disk space caching is enabled [pid 6835] ioctl(4, LOOP_SET_FD, 3 [pid 6836] <... write resumed>) = 16777216 [pid 6834] <... write resumed>) = 16777216 [pid 6836] munmap(0x7fda9371b000, 138412032 [pid 6835] <... ioctl resumed>) = 0 [pid 6834] munmap(0x7fda9371b000, 138412032 [pid 6835] close(3 [pid 6836] <... munmap resumed>) = 0 [pid 6834] <... munmap resumed>) = 0 [pid 6835] <... close resumed>) = 0 [pid 6835] mkdir("./file0", 0777 [pid 6836] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6835] <... mkdir resumed>) = 0 [pid 6836] ioctl(4, LOOP_SET_FD, 3 [ 95.666468][ T6835] loop2: detected capacity change from 0 to 32768 [pid 6835] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6834] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6834] close(3) = 0 [pid 6834] mkdir("./file0", 0777) = 0 [pid 6834] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6836] <... ioctl resumed>) = 0 [ 95.724755][ T6836] loop3: detected capacity change from 0 to 32768 [ 95.730222][ T6834] loop4: detected capacity change from 0 to 32768 [ 95.732191][ T6835] BTRFS: device /dev/loop2 using temp-fsid 4c2d1c52-f18c-47d3-890b-f5099e6c1225 [pid 6838] <... write resumed>) = 16777216 [pid 6836] close(3) = 0 [pid 6836] mkdir("./file0", 0777) = 0 [pid 6836] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6838] munmap(0x7fda9371b000, 138412032) = 0 [pid 6838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 95.766591][ T6835] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6835) [ 95.784411][ T6834] BTRFS: device /dev/loop4 using temp-fsid d24e2ea3-b683-4058-8bd1-734f6004dde0 [ 95.787161][ T6835] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.803276][ T6835] BTRFS info (device loop2): force clearing of disk cache [pid 6838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6838] close(3) = 0 [pid 6838] mkdir("./file0", 0777) = 0 [ 95.811523][ T6838] loop1: detected capacity change from 0 to 32768 [ 95.819008][ T6834] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6834) [ 95.833886][ T6835] BTRFS info (device loop2): setting nodatasum [ 95.840299][ T6835] BTRFS info (device loop2): allowing degraded mounts [ 95.847165][ T6835] BTRFS info (device loop2): enabling disk space caching [ 95.850161][ T6834] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6838] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6839] <... write resumed>) = 16777216 [ 95.858038][ T6836] BTRFS: device /dev/loop3 using temp-fsid cd02afa9-2501-413e-ac8a-94f1daa5d3a7 [ 95.863954][ T6834] BTRFS info (device loop4): force clearing of disk cache [ 95.880253][ T6835] BTRFS info (device loop2): disk space caching is enabled [ 95.888210][ T6836] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6836) [ 95.902796][ T6834] BTRFS info (device loop4): setting nodatasum [pid 6839] munmap(0x7fda9371b000, 138412032) = 0 [pid 6839] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6839] close(3) = 0 [pid 6839] mkdir("./file0", 0777 [pid 6829] <... mount resumed>) = 0 [pid 6839] <... mkdir resumed>) = 0 [pid 6829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6829] chdir("./file0") = 0 [pid 6829] ioctl(4, LOOP_CLR_FD) = 0 [pid 6829] close(4) = 0 [pid 6829] open("./file0", O_RDONLY) = 4 [ 95.907786][ T6836] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.909802][ T6838] BTRFS: device /dev/loop1 using temp-fsid ffa288cc-ad70-4360-b1a2-6451c3a6eb94 [ 95.927824][ T6838] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6838) [ 95.947588][ T6839] loop5: detected capacity change from 0 to 32768 [pid 6839] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6829] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6835] <... mount resumed>) = 0 [pid 6829] open("./file0", O_RDONLY [pid 6835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6829] <... open resumed>) = 5 [pid 6829] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6835] chdir("./file0") = 0 [pid 6835] ioctl(4, LOOP_CLR_FD) = 0 [pid 6835] close(4) = 0 [pid 6835] open("./file0", O_RDONLY [pid 6829] <... ioctl resumed>) = 0 [pid 6835] <... open resumed>) = 4 [pid 6835] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6829] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6829] exit_group(0) = ? [pid 6835] <... ioctl resumed>) = 0 [pid 6829] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6829, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5064] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 95.980565][ T6839] BTRFS: device /dev/loop5 using temp-fsid f8b81735-8552-4922-b23c-f15fe2fa2eef [ 96.003690][ T6839] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6839) [pid 6835] open("./file0", O_RDONLY) = 5 [pid 5064] <... openat resumed>) = 3 [pid 6835] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] newfstatat(3, "", [pid 6835] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 6835] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6835] exit_group(0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 6835] <... exit_group resumed>) = ? [pid 6835] +++ exited with 0 +++ [pid 5064] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6835, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5064] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5066] <... restart_syscall resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./16/binderfs") = 0 [pid 5066] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./17/binderfs") = 0 [pid 5066] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6838] <... mount resumed>) = 0 [pid 6838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6838] chdir("./file0") = 0 [pid 6838] ioctl(4, LOOP_CLR_FD) = 0 [pid 6838] close(4) = 0 [pid 6838] open("./file0", O_RDONLY) = 4 [pid 6838] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6838] open("./file0", O_RDONLY) = 5 [pid 6838] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6838] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6838] exit_group(0) = ? [pid 6838] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6838, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=22 /* 0.22 s */} --- [pid 5065] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6839] <... mount resumed>) = 0 [pid 6836] <... mount resumed>) = 0 [pid 6834] <... mount resumed>) = 0 [pid 6839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = 0 [pid 6839] <... openat resumed>) = 3 [pid 6836] <... openat resumed>) = 3 [pid 6834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6839] chdir("./file0" [pid 6836] chdir("./file0" [pid 6834] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./16/binderfs", [pid 6839] <... chdir resumed>) = 0 [pid 6836] <... chdir resumed>) = 0 [pid 6834] chdir("./file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6839] ioctl(4, LOOP_CLR_FD [pid 6836] ioctl(4, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6839] <... ioctl resumed>) = 0 [pid 6839] close(4 [pid 6836] <... ioctl resumed>) = 0 [pid 6834] <... chdir resumed>) = 0 [pid 5065] unlink("./16/binderfs" [pid 5064] newfstatat(AT_FDCWD, "./16/file0", [pid 6839] <... close resumed>) = 0 [pid 6836] close(4 [pid 6834] ioctl(4, LOOP_CLR_FD [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6836] <... close resumed>) = 0 [pid 6834] <... ioctl resumed>) = 0 [pid 5065] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6836] open("./file0", O_RDONLY [pid 6839] open("./file0", O_RDONLY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6836] <... open resumed>) = 4 [pid 6834] close(4 [pid 5064] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6834] <... close resumed>) = 0 [pid 6834] open("./file0", O_RDONLY [pid 5064] <... openat resumed>) = 4 [pid 6834] <... open resumed>) = 4 [pid 6834] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6839] <... open resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 6836] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6839] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./16/file0" [pid 6839] <... ioctl resumed>) = 0 [pid 6834] <... ioctl resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 6834] open("./file0", O_RDONLY) = 5 [pid 6839] open("./file0", O_RDONLY [pid 6834] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] getdents64(3, [pid 6839] <... open resumed>) = 5 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 6834] <... ioctl resumed>) = 0 [pid 6839] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6836] <... ioctl resumed>) = 0 [pid 6834] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] close(3 [pid 6834] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6839] <... ioctl resumed>) = 0 [pid 6836] open("./file0", O_RDONLY [pid 6834] exit_group(0 [pid 5064] <... close resumed>) = 0 [pid 6836] <... open resumed>) = 5 [pid 6834] <... exit_group resumed>) = ? [pid 5064] rmdir("./16" [pid 6839] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6836] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 6834] +++ exited with 0 +++ [pid 5064] <... rmdir resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6834, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] mkdir("./17", 0777 [pid 6836] <... ioctl resumed>) = 0 [pid 5068] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... mkdir resumed>) = 0 [pid 6836] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6836] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] newfstatat(3, "", [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6839] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6836] exit_group(0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6839] exit_group(0 [pid 6836] <... exit_group resumed>) = ? [pid 5068] getdents64(3, [pid 5064] <... openat resumed>) = 3 [pid 6839] <... exit_group resumed>) = ? [pid 6836] +++ exited with 0 +++ [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5068] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6836, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... ioctl resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5064] close(3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5068] unlink("./16/binderfs" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 6839] +++ exited with 0 +++ [pid 5068] <... unlink resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6839, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5066] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(AT_FDCWD, "./17/file0", [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6939 attached [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 6939 [pid 6939] set_robust_list(0x555557145760, 24 [pid 5069] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5066] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6939] <... set_robust_list resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(3, "", [pid 5067] unlink("./16/binderfs" [pid 5066] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6939] chdir("./17") = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 6939] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] newfstatat(4, "", [pid 6939] <... prctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6939] setpgid(0, 0 [pid 5069] getdents64(3, [pid 5067] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6939] <... setpgid resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] getdents64(4, [pid 6939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6939] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(4, [pid 6939] write(3, "1000", 4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 6939] <... write resumed>) = 4 [pid 5069] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5066] close(4 [pid 6939] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 6939] <... close resumed>) = 0 [pid 5069] unlink("./16/binderfs" [pid 5066] rmdir("./17/file0" [pid 6939] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... unlink resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 6939] <... symlink resumed>) = 0 [pid 5066] getdents64(3, [pid 6939] memfd_create("syzkaller", 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5069] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 6939] <... memfd_create resumed>) = 3 [pid 5066] rmdir("./17" [pid 6939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 6939] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] mkdir("./18", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6940 attached [pid 6940] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 6940 [pid 6940] <... set_robust_list resumed>) = 0 [pid 6940] chdir("./18") = 0 [pid 6940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6940] setpgid(0, 0) = 0 [pid 6940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6940] write(3, "1000", 4) = 4 [pid 6940] close(3) = 0 [pid 6940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6940] memfd_create("syzkaller", 0) = 3 [pid 6940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./16/file0", [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", [pid 5065] <... openat resumed>) = 4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(4, "", [pid 5069] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5067] getdents64(4, [pid 5069] getdents64(4, [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./16/file0" [pid 5065] getdents64(4, [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./16/file0" [pid 5067] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(3, [pid 5065] close(4 [pid 5069] <... rmdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5065] rmdir("./16/file0" [pid 5069] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5067] close(3 [pid 5065] getdents64(3, [pid 5069] rmdir("./16") = 0 [pid 5069] mkdir("./17", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5065] close(3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] rmdir("./16" [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./16" [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... rmdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./17", 0777 [pid 5067] mkdir("./17", 0777./strace-static-x86_64: Process 6943 attached ) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 6943] set_robust_list(0x555557145760, 24 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6943] <... set_robust_list resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 6943 [pid 5065] <... openat resumed>) = 3 [pid 6943] chdir("./17" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 6943] <... chdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 6943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] close(3) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6943] setpgid(0, 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 6943] <... setpgid resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 6944 [pid 6943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6943] write(3, "1000", 4) = 4 [pid 6943] close(3) = 0 ./strace-static-x86_64: Process 6944 attached [pid 6943] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... ioctl resumed>) = 0 [pid 6944] set_robust_list(0x555557145760, 24 [pid 6943] <... symlink resumed>) = 0 [pid 5067] close(3 [pid 6944] <... set_robust_list resumed>) = 0 [pid 6943] memfd_create("syzkaller", 0 [pid 5067] <... close resumed>) = 0 [pid 6943] <... memfd_create resumed>) = 3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6944] chdir("./17" [pid 6943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 ./strace-static-x86_64: Process 6945 attached [pid 6944] <... chdir resumed>) = 0 [pid 6945] set_robust_list(0x555557145760, 24 [pid 6944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 6945 [pid 6944] <... prctl resumed>) = 0 [pid 6944] setpgid(0, 0) = 0 [pid 6945] <... set_robust_list resumed>) = 0 [pid 6944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6945] chdir("./17" [pid 6944] write(3, "1000", 4 [pid 6945] <... chdir resumed>) = 0 [pid 6944] <... write resumed>) = 4 [pid 6944] close(3) = 0 [pid 6945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6945] <... prctl resumed>) = 0 [pid 6945] setpgid(0, 0) = 0 [pid 6944] memfd_create("syzkaller", 0 [pid 6945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6944] <... memfd_create resumed>) = 3 [pid 6945] <... openat resumed>) = 3 [pid 6944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6945] write(3, "1000", 4) = 4 [pid 6945] close(3) = 0 [pid 6945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6945] memfd_create("syzkaller", 0 [pid 6939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6945] <... memfd_create resumed>) = 3 [pid 6945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = 0 [pid 6940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./16/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./16") = 0 [pid 5068] mkdir("./17", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 6946 ./strace-static-x86_64: Process 6946 attached [pid 6946] set_robust_list(0x555557145760, 24) = 0 [pid 6943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6946] chdir("./17") = 0 [pid 6946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6946] setpgid(0, 0) = 0 [pid 6946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6946] write(3, "1000", 4) = 4 [pid 6946] close(3) = 0 [pid 6946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6946] memfd_create("syzkaller", 0) = 3 [pid 6946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6939] <... write resumed>) = 16777216 [pid 6939] munmap(0x7fda9371b000, 138412032) = 0 [pid 6939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6939] close(3) = 0 [pid 6939] mkdir("./file0", 0777) = 0 [ 97.592304][ T6939] loop0: detected capacity change from 0 to 32768 [pid 6939] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6940] <... write resumed>) = 16777216 [ 97.652765][ T6939] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (6939) [pid 6940] munmap(0x7fda9371b000, 138412032) = 0 [pid 6940] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6940] ioctl(4, LOOP_SET_FD, 3 [pid 6946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6940] <... ioctl resumed>) = 0 [pid 6940] close(3) = 0 [ 97.727520][ T6940] loop2: detected capacity change from 0 to 32768 [ 97.742795][ T6939] _btrfs_printk: 68 callbacks suppressed [ 97.742807][ T6939] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6940] mkdir("./file0", 0777) = 0 [ 97.777819][ T6940] BTRFS: device /dev/loop2 using temp-fsid cd05a88f-7939-4c2e-afdc-6e08fbe101dc [ 97.805379][ T6939] BTRFS info (device loop0): force clearing of disk cache [pid 6940] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6943] <... write resumed>) = 16777216 [ 97.817911][ T6940] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (6940) [ 97.841153][ T6939] BTRFS info (device loop0): setting nodatasum [ 97.865497][ T6939] BTRFS info (device loop0): allowing degraded mounts [pid 6943] munmap(0x7fda9371b000, 138412032) = 0 [pid 6943] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6943] ioctl(4, LOOP_SET_FD, 3 [pid 6944] <... write resumed>) = 16777216 [ 97.883401][ T6940] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.909674][ T6939] BTRFS info (device loop0): enabling disk space caching [ 97.916711][ T6939] BTRFS info (device loop0): disk space caching is enabled [ 97.917412][ T6943] loop5: detected capacity change from 0 to 32768 [pid 6945] <... write resumed>) = 16777216 [pid 6944] munmap(0x7fda9371b000, 138412032 [pid 6943] <... ioctl resumed>) = 0 [pid 6945] munmap(0x7fda9371b000, 138412032 [pid 6943] close(3 [pid 6945] <... munmap resumed>) = 0 [pid 6943] <... close resumed>) = 0 [pid 6943] mkdir("./file0", 0777) = 0 [pid 6944] <... munmap resumed>) = 0 [pid 6944] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6945] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6945] ioctl(4, LOOP_SET_FD, 3 [pid 6944] <... openat resumed>) = 4 [pid 6943] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 97.925006][ T6940] BTRFS info (device loop2): force clearing of disk cache [ 97.945964][ T6940] BTRFS info (device loop2): setting nodatasum [ 97.959648][ T6945] loop3: detected capacity change from 0 to 32768 [ 97.960433][ T6940] BTRFS info (device loop2): allowing degraded mounts [ 97.969253][ T6944] loop1: detected capacity change from 0 to 32768 [pid 6944] ioctl(4, LOOP_SET_FD, 3 [pid 6945] <... ioctl resumed>) = 0 [pid 6945] close(3) = 0 [pid 6944] <... ioctl resumed>) = 0 [pid 6944] close(3) = 0 [pid 6944] mkdir("./file0", 0777) = 0 [pid 6945] mkdir("./file0", 0777) = 0 [pid 6945] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 97.975289][ T6940] BTRFS info (device loop2): enabling disk space caching [ 97.979479][ T6943] BTRFS: device /dev/loop5 using temp-fsid 7c1df557-efa5-4e58-88af-ad14addfe8fe [ 97.988135][ T6940] BTRFS info (device loop2): disk space caching is enabled [ 98.014545][ T6943] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (6943) [ 98.029566][ T6944] BTRFS: device /dev/loop1 using temp-fsid 512786a4-2202-47e2-abd6-b17ba1dbfb86 [ 98.042143][ T6943] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.052280][ T6944] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (6944) [ 98.065102][ T6943] BTRFS info (device loop5): force clearing of disk cache [ 98.072267][ T6943] BTRFS info (device loop5): setting nodatasum [ 98.078428][ T6943] BTRFS info (device loop5): allowing degraded mounts [ 98.085358][ T6943] BTRFS info (device loop5): enabling disk space caching [ 98.095771][ T6945] BTRFS: device /dev/loop3 using temp-fsid bee151a9-d032-41bb-ab52-3747d5d106ab [ 98.107409][ T6944] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.117817][ T6943] BTRFS info (device loop5): disk space caching is enabled [pid 6944] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6946] <... write resumed>) = 16777216 [pid 6946] munmap(0x7fda9371b000, 138412032) = 0 [pid 6946] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6946] ioctl(4, LOOP_SET_FD, 3) = 0 [ 98.125162][ T6945] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (6945) [ 98.126050][ T6944] BTRFS info (device loop1): force clearing of disk cache [ 98.147572][ T6945] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.155472][ T6946] loop4: detected capacity change from 0 to 32768 [ 98.157920][ T6945] BTRFS info (device loop3): force clearing of disk cache [ 98.167207][ T6944] BTRFS info (device loop1): setting nodatasum [ 98.176943][ T6944] BTRFS info (device loop1): allowing degraded mounts [pid 6946] close(3) = 0 [pid 6946] mkdir("./file0", 0777) = 0 [ 98.184038][ T6940] BTRFS info (device loop2): enabling ssd optimizations [ 98.190384][ T6944] BTRFS info (device loop1): enabling disk space caching [ 98.195040][ T6940] BTRFS info (device loop2): auto enabling async discard [ 98.198986][ T6946] BTRFS: device /dev/loop4 using temp-fsid c9bd46ff-16bf-4a01-b4fa-edab4ce9eda4 [ 98.206157][ T6940] BTRFS info (device loop2): rebuilding free space tree [ 98.214635][ T6945] BTRFS info (device loop3): setting nodatasum [ 98.226650][ T6940] BTRFS info (device loop2): disabling free space tree [ 98.228452][ T6945] BTRFS info (device loop3): allowing degraded mounts [ 98.234547][ T6939] BTRFS info (device loop0): enabling ssd optimizations [ 98.243010][ T6944] BTRFS info (device loop1): disk space caching is enabled [ 98.247925][ T6939] BTRFS info (device loop0): auto enabling async discard [ 98.248563][ T6940] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.257320][ T6946] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (6946) [pid 6946] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 6940] <... mount resumed>) = 0 [pid 6940] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6940] chdir("./file0") = 0 [pid 6940] ioctl(4, LOOP_CLR_FD) = 0 [ 98.262623][ T6940] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.272076][ T6939] BTRFS info (device loop0): rebuilding free space tree [ 98.287481][ T6940] BTRFS info (device loop2): checking UUID tree [ 98.296768][ T6945] BTRFS info (device loop3): enabling disk space caching [ 98.317729][ T6945] BTRFS info (device loop3): disk space caching is enabled [ 98.322351][ T6946] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6940] close(4) = 0 [pid 6940] open("./file0", O_RDONLY) = 4 [pid 6940] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6940] open("./file0", O_RDONLY) = 5 [pid 6940] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 98.340238][ T6939] BTRFS info (device loop0): disabling free space tree [ 98.340846][ T6946] BTRFS info (device loop4): force clearing of disk cache [ 98.356679][ T6939] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.372995][ T6946] BTRFS info (device loop4): setting nodatasum [pid 6940] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6940] exit_group(0) = ? [pid 6940] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6940, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=41 /* 0.41 s */} --- [pid 5066] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 98.396294][ T6946] BTRFS info (device loop4): allowing degraded mounts [ 98.407759][ T6939] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.427023][ T6946] BTRFS info (device loop4): enabling disk space caching [ 98.434207][ T6946] BTRFS info (device loop4): disk space caching is enabled [ 98.444262][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./18/binderfs") = 0 [ 98.462738][ T6943] BTRFS info (device loop5): enabling ssd optimizations [ 98.495621][ T6943] BTRFS info (device loop5): auto enabling async discard [pid 5066] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6939] <... mount resumed>) = 0 [pid 6939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6939] chdir("./file0") = 0 [pid 6939] ioctl(4, LOOP_CLR_FD) = 0 [ 98.518104][ T6939] BTRFS info (device loop0): checking UUID tree [ 98.525256][ T6943] BTRFS info (device loop5): rebuilding free space tree [ 98.526403][ T6945] BTRFS info (device loop3): enabling ssd optimizations [ 98.543898][ T6945] BTRFS info (device loop3): auto enabling async discard [ 98.559238][ T6944] BTRFS info (device loop1): enabling ssd optimizations [pid 6939] close(4) = 0 [pid 6939] open("./file0", O_RDONLY) = 4 [ 98.564158][ T6945] BTRFS info (device loop3): rebuilding free space tree [ 98.586852][ T6945] BTRFS info (device loop3): disabling free space tree [ 98.604155][ T6944] BTRFS info (device loop1): auto enabling async discard [ 98.606222][ T6943] BTRFS info (device loop5): disabling free space tree [pid 6939] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6939] open("./file0", O_RDONLY) = 5 [pid 6939] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 6939] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6939] exit_group(0) = ? [pid 5066] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 98.613152][ T6945] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.624861][ T6943] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.643624][ T6944] BTRFS info (device loop1): rebuilding free space tree [ 98.650525][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5066] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6939] +++ exited with 0 +++ [pid 5066] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6939, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5064] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(4, "", [pid 5064] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] getdents64(4, [pid 5064] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(4, [pid 5064] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(4) = 0 [pid 5064] unlink("./17/binderfs" [pid 5066] rmdir("./18/file0") = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5066] getdents64(3, [pid 5064] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 6943] <... mount resumed>) = 0 [pid 5066] close(3) = 0 [ 98.660550][ T6943] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.674083][ T6943] BTRFS info (device loop5): checking UUID tree [ 98.680093][ T6946] BTRFS info (device loop4): enabling ssd optimizations [ 98.681296][ T6945] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.687335][ T6946] BTRFS info (device loop4): auto enabling async discard [ 98.701512][ T6945] BTRFS info (device loop3): checking UUID tree [pid 5066] rmdir("./18") = 0 [pid 5066] mkdir("./19", 0777 [pid 6943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3 [pid 6945] <... mount resumed>) = 0 [pid 6943] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 6945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6943] chdir("./file0" [pid 6945] <... openat resumed>) = 3 [pid 6943] <... chdir resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6945] chdir("./file0" [pid 6943] ioctl(4, LOOP_CLR_FD [pid 6945] <... chdir resumed>) = 0 [pid 6945] ioctl(4, LOOP_CLR_FD) = 0 [pid 6945] close(4 [pid 6943] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7043 attached [pid 6945] <... close resumed>) = 0 [pid 6943] close(4 [pid 7043] set_robust_list(0x555557145760, 24 [pid 6945] open("./file0", O_RDONLY [pid 6943] <... close resumed>) = 0 [pid 6945] <... open resumed>) = 4 [pid 6943] open("./file0", O_RDONLY [pid 7043] <... set_robust_list resumed>) = 0 [pid 7043] chdir("./19" [pid 6945] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6943] <... open resumed>) = 4 [pid 7043] <... chdir resumed>) = 0 [pid 6943] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 7043 [ 98.726437][ T6944] BTRFS info (device loop1): disabling free space tree [ 98.735585][ T6944] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.760607][ T6946] BTRFS info (device loop4): rebuilding free space tree [pid 7043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6943] <... ioctl resumed>) = 0 [pid 7043] <... prctl resumed>) = 0 [pid 6943] open("./file0", O_RDONLY [pid 7043] setpgid(0, 0 [pid 6943] <... open resumed>) = 5 [pid 7043] <... setpgid resumed>) = 0 [pid 6943] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6945] <... ioctl resumed>) = 0 [pid 6945] open("./file0", O_RDONLY) = 5 [pid 6945] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7043] <... openat resumed>) = 3 [pid 6945] <... ioctl resumed>) = 0 [pid 6943] <... ioctl resumed>) = 0 [pid 6943] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7043] write(3, "1000", 4 [pid 6943] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6943] exit_group(0) = ? [pid 6945] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 6943] +++ exited with 0 +++ [pid 6945] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6943, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5069] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6945] exit_group(0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 98.782268][ T6944] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.793447][ T6946] BTRFS info (device loop4): disabling free space tree [ 98.808142][ T12] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 98.817442][ T6946] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6945] <... exit_group resumed>) = ? [pid 5069] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7043] <... write resumed>) = 4 [pid 7043] close(3 [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", [pid 7043] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7043] symlink("/dev/binderfs", "./binderfs" [pid 5069] getdents64(3, [pid 7043] <... symlink resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7043] memfd_create("syzkaller", 0 [pid 5069] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6945] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6945, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=36 /* 0.36 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7043] <... memfd_create resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... openat resumed>) = 3 [pid 7043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5067] newfstatat(3, "", [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] unlink("./17/binderfs" [pid 5067] getdents64(3, [pid 5069] <... unlink resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./17/binderfs") = 0 [ 98.872416][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 98.880789][ T6946] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.899754][ T6944] BTRFS info (device loop1): checking UUID tree [pid 5067] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./17/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./17") = 0 [pid 5064] mkdir("./18", 0777 [pid 6944] <... mount resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 6944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6944] chdir("./file0") = 0 [pid 5064] <... openat resumed>) = 3 [pid 6944] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 6944] close(4 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6944] <... close resumed>) = 0 [pid 6944] open("./file0", O_RDONLY./strace-static-x86_64: Process 7046 attached [pid 7046] set_robust_list(0x555557145760, 24) = 0 [pid 7046] chdir("./18" [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 7046 [pid 6944] <... open resumed>) = 4 [pid 7046] <... chdir resumed>) = 0 [pid 7046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7046] setpgid(0, 0) = 0 [pid 7046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6944] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7046] <... openat resumed>) = 3 [pid 7046] write(3, "1000", 4) = 4 [pid 7046] close(3) = 0 [pid 7046] symlink("/dev/binderfs", "./binderfs") = 0 [ 98.937118][ T6946] BTRFS info (device loop4): checking UUID tree [pid 7046] memfd_create("syzkaller", 0) = 3 [pid 7046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 6944] <... ioctl resumed>) = 0 [pid 6944] open("./file0", O_RDONLY) = 5 [pid 6944] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 6944] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 6944] exit_group(0) = ? [pid 6944] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6944, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 6946] <... mount resumed>) = 0 [pid 5065] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6946] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6946] chdir("./file0" [pid 5065] <... openat resumed>) = 3 [pid 6946] <... chdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 6946] ioctl(4, LOOP_CLR_FD [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6946] <... ioctl resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 99.083651][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 6946] close(4) = 0 [pid 5069] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5065] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6946] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./17/binderfs", [pid 6946] <... open resumed>) = 4 [pid 5069] newfstatat(AT_FDCWD, "./17/file0", [pid 5067] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6946] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] unlink("./17/binderfs" [pid 5067] newfstatat(AT_FDCWD, "./17/file0", [pid 5065] <... unlink resumed>) = 0 [pid 5069] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6946] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6946] open("./file0", O_RDONLY [pid 5069] newfstatat(4, "", [pid 5067] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6946] <... open resumed>) = 5 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... openat resumed>) = 4 [pid 6946] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] getdents64(4, [pid 5067] newfstatat(4, "", [pid 6946] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 5069] getdents64(4, [pid 6946] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 6946] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 99.222093][ T42] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5067] getdents64(4, [pid 6946] exit_group(0 [pid 5069] close(4 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5069] <... close resumed>) = 0 [pid 6946] <... exit_group resumed>) = ? [pid 5067] <... close resumed>) = 0 [pid 6946] +++ exited with 0 +++ [pid 5067] rmdir("./17/file0" [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6946, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=39 /* 0.39 s */} --- [pid 5069] rmdir("./17/file0" [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, [pid 5068] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 5067] close(3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./17/binderfs") = 0 [pid 5068] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... close resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] rmdir("./17") = 0 [pid 5067] mkdir("./18", 0777 [pid 5069] close(3 [pid 5067] <... mkdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./17") = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] mkdir("./18", 0777 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 7051 ./strace-static-x86_64: Process 7051 attached [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 7051] set_robust_list(0x555557145760, 24) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 7051] chdir("./18") = 0 [pid 7051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7051] setpgid(0, 0) = 0 [pid 7051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... ioctl resumed>) = 0 [pid 7051] write(3, "1000", 4 [pid 5069] close(3 [pid 7051] <... write resumed>) = 4 [pid 5069] <... close resumed>) = 0 [pid 7051] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7052 attached [pid 7052] set_robust_list(0x555557145760, 24) = 0 [pid 7052] chdir("./18" [pid 7051] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 7052 [pid 7051] <... symlink resumed>) = 0 [pid 7051] memfd_create("syzkaller", 0) = 3 [pid 7051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7052] <... chdir resumed>) = 0 [pid 7052] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... umount2 resumed>) = 0 [pid 7052] <... prctl resumed>) = 0 [pid 7052] setpgid(0, 0 [pid 5065] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7052] <... setpgid resumed>) = 0 [pid 7052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7052] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./17/file0", [pid 7052] write(3, "1000", 4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7052] <... write resumed>) = 4 [pid 5065] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7052] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7052] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 7052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7052] memfd_create("syzkaller", 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 7046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7052] <... memfd_create resumed>) = 3 [pid 5065] close(4 [pid 7052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... close resumed>) = 0 [pid 7052] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] rmdir("./17/file0") = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] getdents64(3, [pid 5068] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] newfstatat(4, "", [pid 5065] close(3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 5065] rmdir("./17" [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./18", 0777 [pid 5068] <... close resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5068] rmdir("./17/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./17") = 0 [pid 5068] mkdir("./18", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 7053 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7053 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 7053] set_robust_list(0x555557145760, 24 [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7053] <... set_robust_list resumed>) = 0 [pid 7053] chdir("./18") = 0 [pid 7053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7053] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 7054 attached [pid 7053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7053] write(3, "1000", 4) = 4 [pid 7054] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 7054 [pid 7054] <... set_robust_list resumed>) = 0 [pid 7053] close(3 [pid 7054] chdir("./18" [pid 7053] <... close resumed>) = 0 [pid 7053] symlink("/dev/binderfs", "./binderfs" [pid 7054] <... chdir resumed>) = 0 [pid 7053] <... symlink resumed>) = 0 [pid 7053] memfd_create("syzkaller", 0) = 3 [pid 7053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7054] setpgid(0, 0) = 0 [pid 7054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7054] write(3, "1000", 4) = 4 [pid 7054] close(3) = 0 [pid 7054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7054] memfd_create("syzkaller", 0) = 3 [pid 7054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7043] <... write resumed>) = 16777216 [pid 7043] munmap(0x7fda9371b000, 138412032) = 0 [pid 7053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7043] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7043] close(3) = 0 [pid 7043] mkdir("./file0", 0777) = 0 [pid 7046] <... write resumed>) = 16777216 [ 100.170805][ T7043] loop2: detected capacity change from 0 to 32768 [pid 7043] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7046] munmap(0x7fda9371b000, 138412032 [pid 7054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7046] <... munmap resumed>) = 0 [pid 7046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 100.236573][ T7043] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7043) [pid 7046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7046] close(3) = 0 [ 100.279594][ T7046] loop0: detected capacity change from 0 to 32768 [ 100.319275][ T7043] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 7046] mkdir("./file0", 0777) = 0 [ 100.329735][ T7043] BTRFS info (device loop2): force clearing of disk cache [ 100.350500][ T7046] BTRFS: device /dev/loop0 using temp-fsid bccd6b03-98ca-484b-b350-ba8272e6d1e2 [ 100.368919][ T7043] BTRFS info (device loop2): setting nodatasum [ 100.375291][ T7043] BTRFS info (device loop2): allowing degraded mounts [ 100.402225][ T7046] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7046) [ 100.446528][ T7043] BTRFS info (device loop2): enabling disk space caching [ 100.466187][ T7043] BTRFS info (device loop2): disk space caching is enabled [ 100.479602][ T7046] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 7046] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7051] <... write resumed>) = 16777216 [ 100.501473][ T7046] BTRFS info (device loop0): force clearing of disk cache [ 100.521095][ T7046] BTRFS info (device loop0): setting nodatasum [ 100.527264][ T7046] BTRFS info (device loop0): allowing degraded mounts [pid 7052] <... write resumed>) = 16777216 [pid 7051] munmap(0x7fda9371b000, 138412032 [pid 7052] munmap(0x7fda9371b000, 138412032 [pid 7051] <... munmap resumed>) = 0 [pid 7051] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7052] <... munmap resumed>) = 0 [pid 7051] ioctl(4, LOOP_SET_FD, 3 [pid 7052] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 7052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7051] <... ioctl resumed>) = 0 [ 100.569843][ T7046] BTRFS info (device loop0): enabling disk space caching [ 100.578466][ T7046] BTRFS info (device loop0): disk space caching is enabled [ 100.593640][ T7051] loop3: detected capacity change from 0 to 32768 [ 100.602671][ T7052] loop5: detected capacity change from 0 to 32768 [pid 7053] <... write resumed>) = 16777216 [pid 7051] close(3 [pid 7052] close(3) = 0 [pid 7052] mkdir("./file0", 0777 [pid 7051] <... close resumed>) = 0 [pid 7051] mkdir("./file0", 0777 [pid 7053] munmap(0x7fda9371b000, 138412032 [pid 7052] <... mkdir resumed>) = 0 [pid 7052] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7051] <... mkdir resumed>) = 0 [pid 7051] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7053] <... munmap resumed>) = 0 [pid 7053] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7053] ioctl(4, LOOP_SET_FD, 3 [pid 7054] <... write resumed>) = 16777216 [ 100.614503][ T7043] BTRFS info (device loop2): enabling ssd optimizations [ 100.632103][ T7052] BTRFS: device /dev/loop5 using temp-fsid e5f8a158-9304-491d-9393-42e8c7e729d1 [ 100.646540][ T7043] BTRFS info (device loop2): auto enabling async discard [ 100.655626][ T7053] loop4: detected capacity change from 0 to 32768 [pid 7053] <... ioctl resumed>) = 0 [pid 7054] munmap(0x7fda9371b000, 138412032 [pid 7053] close(3) = 0 [pid 7054] <... munmap resumed>) = 0 [ 100.656262][ T7052] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7052) [ 100.664977][ T7043] BTRFS info (device loop2): rebuilding free space tree [ 100.687591][ T7051] BTRFS: device /dev/loop3 using temp-fsid 067596f9-6540-4032-9412-ca32a23f42e3 [ 100.694955][ T7043] BTRFS info (device loop2): disabling free space tree [ 100.706483][ T7051] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7051) [pid 7053] mkdir("./file0", 0777 [pid 7054] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7053] <... mkdir resumed>) = 0 [pid 7054] <... openat resumed>) = 4 [pid 7054] ioctl(4, LOOP_SET_FD, 3 [pid 7053] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7054] <... ioctl resumed>) = 0 [pid 7043] <... mount resumed>) = 0 [pid 7043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7043] chdir("./file0") = 0 [pid 7043] ioctl(4, LOOP_CLR_FD) = 0 [pid 7043] close(4) = 0 [pid 7043] open("./file0", O_RDONLY) = 4 [pid 7043] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7054] close(3 [pid 7043] <... ioctl resumed>) = 0 [pid 7043] open("./file0", O_RDONLY [pid 7054] <... close resumed>) = 0 [pid 7054] mkdir("./file0", 0777 [pid 7043] <... open resumed>) = 5 [pid 7054] <... mkdir resumed>) = 0 [pid 7043] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7054] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7043] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 100.706599][ T7054] loop1: detected capacity change from 0 to 32768 [ 100.728493][ T7053] BTRFS: device /dev/loop4 using temp-fsid 7e9f1324-d960-4338-ac2f-8c425cb990a7 [ 100.737977][ T7053] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7053) [pid 7043] exit_group(0) = ? [pid 7043] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7043, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./19/binderfs") = 0 [ 100.787070][ T7054] BTRFS: device /dev/loop1 using temp-fsid 235b610d-0407-42bc-85c9-38a14692ddef [ 100.810891][ T7054] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7054) [pid 5066] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7046] <... mount resumed>) = 0 [pid 7046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7046] chdir("./file0") = 0 [pid 7046] ioctl(4, LOOP_CLR_FD) = 0 [pid 7046] close(4) = 0 [pid 7052] <... mount resumed>) = 0 [pid 7046] open("./file0", O_RDONLY [pid 7052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7046] <... open resumed>) = 4 [pid 7046] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7052] <... openat resumed>) = 3 [pid 7052] chdir("./file0") = 0 [pid 7052] ioctl(4, LOOP_CLR_FD) = 0 [pid 7052] close(4) = 0 [pid 7046] <... ioctl resumed>) = 0 [pid 7046] open("./file0", O_RDONLY) = 5 [pid 7046] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7052] open("./file0", O_RDONLY) = 4 [pid 7052] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7046] <... ioctl resumed>) = 0 [pid 7046] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7046] exit_group(0) = ? [pid 7046] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7046, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- [pid 7052] <... ioctl resumed>) = 0 [pid 5064] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./18/binderfs") = 0 [pid 7052] open("./file0", O_RDONLY) = 5 [pid 5064] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7052] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7052] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7052] exit_group(0) = ? [pid 7052] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7052, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 7051] <... mount resumed>) = 0 [pid 5069] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", [pid 7051] <... openat resumed>) = 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7051] chdir("./file0") = 0 [pid 5069] getdents64(3, [pid 7051] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7051] close(4 [pid 5069] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7051] <... close resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./18/binderfs") = 0 [pid 5069] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7051] open("./file0", O_RDONLY) = 4 [pid 7051] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7053] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 7053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7053] chdir("./file0") = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./19/file0", [pid 7053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7053] close(4) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7053] open("./file0", O_RDONLY [pid 5066] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7053] <... open resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 7053] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 7051] <... ioctl resumed>) = 0 [pid 5066] rmdir("./19/file0" [pid 7051] open("./file0", O_RDONLY [pid 5066] <... rmdir resumed>) = 0 [pid 7051] <... open resumed>) = 5 [pid 7051] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./19") = 0 [pid 5066] mkdir("./20", 0777 [pid 7051] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 7051] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7051] exit_group(0 [pid 5066] <... openat resumed>) = 3 [pid 7051] <... exit_group resumed>) = ? [pid 5066] ioctl(3, LOOP_CLR_FD [pid 7051] +++ exited with 0 +++ [pid 5066] <... ioctl resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7051, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5067] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", [pid 7053] <... ioctl resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] close(3 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... close resumed>) = 0 [pid 5067] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7053] open("./file0", O_RDONLY [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./18/binderfs" [pid 7053] <... open resumed>) = 5 [pid 5067] <... unlink resumed>) = 0 [pid 5067] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7053] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 7153 ./strace-static-x86_64: Process 7153 attached [pid 7153] set_robust_list(0x555557145760, 24) = 0 [pid 7153] chdir("./20") = 0 [pid 7153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7153] setpgid(0, 0) = 0 [pid 7153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7053] <... ioctl resumed>) = 0 [pid 7153] <... openat resumed>) = 3 [pid 7053] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7053] exit_group(0) = ? [pid 7153] write(3, "1000", 4 [pid 7053] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7053, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5068] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7153] <... write resumed>) = 4 [pid 5068] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7153] close(3 [pid 5068] newfstatat(3, "", [pid 7153] <... close resumed>) = 0 [pid 7054] <... mount resumed>) = 0 [pid 7153] symlink("/dev/binderfs", "./binderfs" [pid 7054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7153] <... symlink resumed>) = 0 [pid 7054] <... openat resumed>) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(AT_FDCWD, "./18/file0", [pid 7153] memfd_create("syzkaller", 0 [pid 7054] chdir("./file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7054] <... chdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5064] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5068] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5064] newfstatat(4, "", [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] unlink("./18/binderfs" [pid 5064] getdents64(4, [pid 7153] <... memfd_create resumed>) = 3 [pid 7054] ioctl(4, LOOP_CLR_FD [pid 5068] <... unlink resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 7153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7054] <... ioctl resumed>) = 0 [pid 7153] <... mmap resumed>) = 0x7fda9371b000 [pid 7054] close(4 [pid 5068] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, [pid 7054] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7054] open("./file0", O_RDONLY [pid 5064] close(4 [pid 7054] <... open resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./18/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./18") = 0 [pid 5064] mkdir("./19", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7155 attached , child_tidptr=0x555557145750) = 7155 [pid 7155] set_robust_list(0x555557145760, 24) = 0 [pid 7155] chdir("./19" [pid 7054] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7155] <... chdir resumed>) = 0 [pid 7155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7155] setpgid(0, 0) = 0 [pid 7155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7155] write(3, "1000", 4) = 4 [pid 7155] close(3) = 0 [pid 7155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7155] memfd_create("syzkaller", 0) = 3 [pid 7054] <... ioctl resumed>) = 0 [pid 7054] open("./file0", O_RDONLY) = 5 [pid 7054] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7054] <... ioctl resumed>) = 0 [pid 7054] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7054] exit_group(0) = ? [pid 7054] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7054, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] newfstatat(AT_FDCWD, "./18/file0", [pid 5065] <... openat resumed>) = 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(3, "", [pid 5069] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] <... openat resumed>) = 4 [pid 5065] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5069] newfstatat(4, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./18/binderfs") = 0 [pid 5065] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./18/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./18") = 0 [pid 5069] mkdir("./19", 0777 [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5068] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./18/file0", [pid 5067] newfstatat(AT_FDCWD, "./18/file0", [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] newfstatat(4, "", [pid 5067] <... openat resumed>) = 4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] newfstatat(4, "", [pid 5068] getdents64(4, [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 5068] getdents64(4, [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(4, [pid 5068] close(4 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] close(4 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] rmdir("./18/file0" [pid 5067] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] rmdir("./18/file0" [pid 5068] getdents64(3, [pid 5067] <... rmdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(3, [pid 5068] close(3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] close(3 [pid 5068] rmdir("./18" [pid 5067] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] rmdir("./18" [pid 5068] mkdir("./19", 0777 [pid 5067] <... rmdir resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5067] mkdir("./19", 0777 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] <... mkdir resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] <... openat resumed>) = 3 [pid 5068] <... ioctl resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5069] <... ioctl resumed>) = 0 [pid 5068] close(3 [pid 5067] <... ioctl resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] close(3 [pid 5069] close(3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7159 attached [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7159] set_robust_list(0x555557145760, 24./strace-static-x86_64: Process 7161 attached ./strace-static-x86_64: Process 7160 attached ) = 0 [pid 7161] set_robust_list(0x555557145760, 24 [pid 7160] set_robust_list(0x555557145760, 24 [pid 7159] chdir("./19" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 7161 [pid 7160] <... set_robust_list resumed>) = 0 [pid 7159] <... chdir resumed>) = 0 [pid 7161] <... set_robust_list resumed>) = 0 [pid 7160] chdir("./19" [pid 7159] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 7160 [pid 7159] <... prctl resumed>) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7159 [pid 7161] chdir("./19" [pid 7160] <... chdir resumed>) = 0 [pid 7160] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7159] setpgid(0, 0 [pid 7160] <... prctl resumed>) = 0 [pid 7159] <... setpgid resumed>) = 0 [pid 7160] setpgid(0, 0 [pid 7159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7160] <... setpgid resumed>) = 0 [pid 7159] <... openat resumed>) = 3 [pid 7160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7159] write(3, "1000", 4 [pid 7160] <... openat resumed>) = 3 [pid 7159] <... write resumed>) = 4 [pid 7160] write(3, "1000", 4 [pid 7159] close(3 [pid 7160] <... write resumed>) = 4 [pid 7159] <... close resumed>) = 0 [pid 7160] close(3 [pid 7159] symlink("/dev/binderfs", "./binderfs" [pid 7160] <... close resumed>) = 0 [pid 7159] <... symlink resumed>) = 0 [pid 7160] symlink("/dev/binderfs", "./binderfs" [pid 7159] memfd_create("syzkaller", 0 [pid 7160] <... symlink resumed>) = 0 [pid 7159] <... memfd_create resumed>) = 3 [pid 7160] memfd_create("syzkaller", 0 [pid 7159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7160] <... memfd_create resumed>) = 3 [pid 7159] <... mmap resumed>) = 0x7fda9371b000 [pid 7161] <... chdir resumed>) = 0 [pid 7160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7161] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7160] <... mmap resumed>) = 0x7fda9371b000 [pid 7161] <... prctl resumed>) = 0 [pid 7161] setpgid(0, 0) = 0 [pid 7161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7161] write(3, "1000", 4) = 4 [pid 7161] close(3) = 0 [pid 7161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7161] memfd_create("syzkaller", 0 [pid 5065] <... umount2 resumed>) = 0 [pid 7161] <... memfd_create resumed>) = 3 [pid 5065] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] newfstatat(AT_FDCWD, "./18/file0", [pid 7161] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 7153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./18/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./18") = 0 [pid 5065] mkdir("./19", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7162 ./strace-static-x86_64: Process 7162 attached [pid 7162] set_robust_list(0x555557145760, 24) = 0 [pid 7162] chdir("./19") = 0 [pid 7162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7162] setpgid(0, 0) = 0 [pid 7155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7162] write(3, "1000", 4) = 4 [pid 7162] close(3) = 0 [pid 7162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7162] memfd_create("syzkaller", 0) = 3 [pid 7162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7153] <... write resumed>) = 16777216 [pid 7153] munmap(0x7fda9371b000, 138412032) = 0 [pid 7153] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7153] ioctl(4, LOOP_SET_FD, 3 [pid 7162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7153] <... ioctl resumed>) = 0 [pid 7153] close(3) = 0 [pid 7153] mkdir("./file0", 0777) = 0 [ 102.430364][ T7153] loop2: detected capacity change from 0 to 32768 [ 102.476746][ T7153] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7153) [pid 7153] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7155] <... write resumed>) = 16777216 [pid 7155] munmap(0x7fda9371b000, 138412032) = 0 [pid 7155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7155] close(3) = 0 [pid 7155] mkdir("./file0", 0777) = 0 [ 102.649744][ T7155] loop0: detected capacity change from 0 to 32768 [pid 7155] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7162] <... write resumed>) = 16777216 [pid 7162] munmap(0x7fda9371b000, 138412032) = 0 [pid 7162] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7159] <... write resumed>) = 16777216 [ 102.696631][ T7155] BTRFS: device /dev/loop0 using temp-fsid 5818d097-46ce-40cc-92ee-d72e9982847e [ 102.713823][ T7155] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7155) [pid 7162] ioctl(4, LOOP_SET_FD, 3 [pid 7159] munmap(0x7fda9371b000, 138412032) = 0 [pid 7159] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7159] ioctl(4, LOOP_SET_FD, 3 [pid 7162] <... ioctl resumed>) = 0 [ 102.760317][ T7162] loop1: detected capacity change from 0 to 32768 [ 102.777536][ T7153] _btrfs_printk: 80 callbacks suppressed [ 102.777547][ T7153] BTRFS info (device loop2): enabling ssd optimizations [ 102.785935][ T7159] loop4: detected capacity change from 0 to 32768 [pid 7162] close(3) = 0 [pid 7160] <... write resumed>) = 16777216 [pid 7162] mkdir("./file0", 0777) = 0 [pid 7162] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7160] munmap(0x7fda9371b000, 138412032 [pid 7159] <... ioctl resumed>) = 0 [pid 7161] <... write resumed>) = 16777216 [pid 7159] close(3 [pid 7161] munmap(0x7fda9371b000, 138412032 [pid 7159] <... close resumed>) = 0 [pid 7161] <... munmap resumed>) = 0 [pid 7159] mkdir("./file0", 0777) = 0 [ 102.809495][ T7153] BTRFS info (device loop2): auto enabling async discard [ 102.821071][ T7162] BTRFS: device /dev/loop1 using temp-fsid f0a42f55-8250-431f-9594-c7fe41118174 [ 102.831031][ T7153] BTRFS info (device loop2): rebuilding free space tree [ 102.834833][ T7162] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7162) [pid 7159] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7160] <... munmap resumed>) = 0 [pid 7161] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 7161] ioctl(4, LOOP_SET_FD, 3 [pid 7160] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 102.872859][ T7153] BTRFS info (device loop2): disabling free space tree [ 102.873213][ T7161] loop5: detected capacity change from 0 to 32768 [ 102.881643][ T7153] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 102.887994][ T7160] loop3: detected capacity change from 0 to 32768 [ 102.898440][ T7153] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.912810][ T7159] BTRFS: device /dev/loop4 using temp-fsid 1f6f71e2-d44f-4275-acee-c4e1ac557aaf [pid 7160] ioctl(4, LOOP_SET_FD, 3 [pid 7161] <... ioctl resumed>) = 0 [pid 7161] close(3) = 0 [pid 7161] mkdir("./file0", 0777) = 0 [pid 7161] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7160] <... ioctl resumed>) = 0 [pid 7160] close(3) = 0 [pid 7160] mkdir("./file0", 0777) = 0 [ 102.912856][ T7159] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7159) [ 102.914846][ T7159] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 102.931587][ T7161] BTRFS: device /dev/loop5 using temp-fsid 20409e56-fa3b-49e1-bf4f-694c8181df21 [ 102.938830][ T7159] BTRFS info (device loop4): force clearing of disk cache [ 102.959134][ T7161] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7161) [ 102.960417][ T7159] BTRFS info (device loop4): setting nodatasum [ 102.979048][ T7159] BTRFS info (device loop4): allowing degraded mounts [ 102.979485][ T7162] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 102.985938][ T7159] BTRFS info (device loop4): enabling disk space caching [ 103.002262][ T7159] BTRFS info (device loop4): disk space caching is enabled [ 103.013546][ T7162] BTRFS info (device loop1): force clearing of disk cache [ 103.018117][ T7160] BTRFS: device /dev/loop3 using temp-fsid d7606912-b509-49c5-a8c0-2e75d16b90ae [ 103.020705][ T7162] BTRFS info (device loop1): setting nodatasum [ 103.020724][ T7162] BTRFS info (device loop1): allowing degraded mounts [ 103.020740][ T7162] BTRFS info (device loop1): enabling disk space caching [ 103.035752][ T7161] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 103.036404][ T7162] BTRFS info (device loop1): disk space caching is enabled [ 103.043328][ T7160] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7160) [ 103.081564][ T7155] BTRFS info (device loop0): enabling ssd optimizations [ 103.089348][ T7161] BTRFS info (device loop5): force clearing of disk cache [ 103.096470][ T7161] BTRFS info (device loop5): setting nodatasum [ 103.104073][ T7155] BTRFS info (device loop0): auto enabling async discard [ 103.112073][ T7153] BTRFS info (device loop2): checking UUID tree [pid 7160] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7153] <... mount resumed>) = 0 [pid 7153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7153] chdir("./file0") = 0 [pid 7153] ioctl(4, LOOP_CLR_FD) = 0 [pid 7153] close(4) = 0 [pid 7153] open("./file0", O_RDONLY) = 4 [ 103.120656][ T7155] BTRFS info (device loop0): rebuilding free space tree [ 103.129407][ T7161] BTRFS info (device loop5): allowing degraded mounts [ 103.151852][ T7160] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 103.164801][ T7161] BTRFS info (device loop5): enabling disk space caching [pid 7153] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7153] open("./file0", O_RDONLY) = 5 [pid 7153] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7153] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7153] exit_group(0) = ? [pid 7153] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7153, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./20/binderfs") = 0 [ 103.172091][ T7161] BTRFS info (device loop5): disk space caching is enabled [ 103.181082][ T7160] BTRFS info (device loop3): force clearing of disk cache [ 103.188634][ T7160] BTRFS info (device loop3): setting nodatasum [ 103.194858][ T7160] BTRFS info (device loop3): allowing degraded mounts [ 103.196040][ T7155] BTRFS info (device loop0): disabling free space tree [ 103.201855][ T7160] BTRFS info (device loop3): enabling disk space caching [ 103.201872][ T7160] BTRFS info (device loop3): disk space caching is enabled [ 103.224721][ T7155] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 103.234440][ T7155] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 103.250301][ T7155] BTRFS info (device loop0): checking UUID tree [ 103.250871][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7155] <... mount resumed>) = 0 [pid 7155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7155] chdir("./file0") = 0 [pid 7155] ioctl(4, LOOP_CLR_FD) = 0 [pid 7155] close(4) = 0 [pid 7155] open("./file0", O_RDONLY) = 4 [pid 7155] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7155] open("./file0", O_RDONLY) = 5 [pid 7155] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7155] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7155] exit_group(0) = ? [pid 7155] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7155, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=28 /* 0.28 s */} --- [pid 5064] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 103.282486][ T7162] BTRFS info (device loop1): enabling ssd optimizations [ 103.309761][ T7162] BTRFS info (device loop1): auto enabling async discard [ 103.321663][ T7159] BTRFS info (device loop4): enabling ssd optimizations [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./19/binderfs") = 0 [ 103.328620][ T7159] BTRFS info (device loop4): auto enabling async discard [ 103.345487][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 103.364968][ T7162] BTRFS info (device loop1): rebuilding free space tree [pid 5064] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 103.386280][ T7159] BTRFS info (device loop4): rebuilding free space tree [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./20/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./20") = 0 [pid 5066] mkdir("./21", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [ 103.431426][ T7162] BTRFS info (device loop1): disabling free space tree [ 103.441017][ T7161] BTRFS info (device loop5): enabling ssd optimizations [ 103.446649][ T7162] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 103.458470][ T7162] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 103.473558][ T7162] BTRFS info (device loop1): checking UUID tree [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7258 attached , child_tidptr=0x555557145750) = 7258 [pid 7258] set_robust_list(0x555557145760, 24) = 0 [pid 7258] chdir("./21") = 0 [pid 7258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7258] setpgid(0, 0) = 0 [pid 7258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7258] write(3, "1000", 4) = 4 [pid 7258] close(3) = 0 [pid 7258] symlink("/dev/binderfs", "./binderfs") = 0 [ 103.474485][ T7160] BTRFS info (device loop3): enabling ssd optimizations [ 103.487651][ T7159] BTRFS info (device loop4): disabling free space tree [ 103.500132][ T7161] BTRFS info (device loop5): auto enabling async discard [ 103.520504][ T7160] BTRFS info (device loop3): auto enabling async discard [pid 7258] memfd_create("syzkaller", 0) = 3 [pid 7258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 103.532960][ T7159] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 103.572058][ T7161] BTRFS info (device loop5): rebuilding free space tree [pid 7162] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 7162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 103.580530][ T7160] BTRFS info (device loop3): rebuilding free space tree [ 103.588671][ T7159] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./19/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 7162] <... openat resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./19") = 0 [pid 5064] mkdir("./20", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7162] chdir("./file0" [pid 5064] close(3 [pid 7162] <... chdir resumed>) = 0 [pid 7162] ioctl(4, LOOP_CLR_FD [pid 5064] <... close resumed>) = 0 [pid 7162] <... ioctl resumed>) = 0 [ 103.624441][ T7161] BTRFS info (device loop5): disabling free space tree [ 103.634656][ T7160] BTRFS info (device loop3): disabling free space tree [ 103.638844][ T7161] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7162] close(4) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7261 [pid 7162] open("./file0", O_RDONLY) = 4 ./strace-static-x86_64: Process 7261 attached [pid 7261] set_robust_list(0x555557145760, 24) = 0 [ 103.671560][ T7159] BTRFS info (device loop4): checking UUID tree [ 103.688829][ T7161] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 103.692674][ T7160] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7162] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7261] chdir("./20") = 0 [pid 7261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7261] setpgid(0, 0) = 0 [pid 7261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7261] write(3, "1000", 4) = 4 [pid 7261] close(3) = 0 [pid 7261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7261] memfd_create("syzkaller", 0) = 3 [pid 7261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7162] <... ioctl resumed>) = 0 [pid 7162] open("./file0", O_RDONLY [pid 7261] <... mmap resumed>) = 0x7fda9371b000 [pid 7162] <... open resumed>) = 5 [pid 7162] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7162] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7159] <... mount resumed>) = 0 [pid 7162] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7162] exit_group(0 [pid 7159] <... openat resumed>) = 3 [pid 7159] chdir("./file0" [pid 7162] <... exit_group resumed>) = ? [pid 7159] <... chdir resumed>) = 0 [pid 7162] +++ exited with 0 +++ [pid 7159] ioctl(4, LOOP_CLR_FD [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7162, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- [ 103.727788][ T7161] BTRFS info (device loop5): checking UUID tree [pid 7159] <... ioctl resumed>) = 0 [pid 5065] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7159] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7159] <... close resumed>) = 0 [pid 7159] open("./file0", O_RDONLY [pid 5065] <... openat resumed>) = 3 [pid 7159] <... open resumed>) = 4 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7159] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 103.769306][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 103.782679][ T7160] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7161] <... mount resumed>) = 0 [pid 5065] unlink("./19/binderfs") = 0 [pid 7161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7159] <... ioctl resumed>) = 0 [pid 5065] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7161] <... openat resumed>) = 3 [pid 7159] open("./file0", O_RDONLY [pid 7161] chdir("./file0" [pid 7159] <... open resumed>) = 5 [pid 7159] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7161] <... chdir resumed>) = 0 [pid 7159] <... ioctl resumed>) = 0 [pid 7161] ioctl(4, LOOP_CLR_FD [pid 7159] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7161] <... ioctl resumed>) = 0 [pid 7159] exit_group(0 [pid 7161] close(4) = 0 [pid 7159] <... exit_group resumed>) = ? [pid 7159] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7159, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7161] open("./file0", O_RDONLY [pid 5068] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7161] <... open resumed>) = 4 [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7161] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./19/binderfs") = 0 [ 103.862726][ T7160] BTRFS info (device loop3): checking UUID tree [ 103.893280][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7161] <... ioctl resumed>) = 0 [pid 7160] <... mount resumed>) = 0 [pid 7161] open("./file0", O_RDONLY) = 5 [pid 7161] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7160] chdir("./file0" [pid 7161] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7160] <... chdir resumed>) = 0 [pid 7161] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7161] exit_group(0) = ? [pid 7161] +++ exited with 0 +++ [pid 7160] ioctl(4, LOOP_CLR_FD [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7161, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- [pid 7160] <... ioctl resumed>) = 0 [pid 5069] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7160] close(4) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7160] open("./file0", O_RDONLY [pid 5069] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7160] <... open resumed>) = 4 [pid 5069] newfstatat(3, "", [pid 7160] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7160] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7160] open("./file0", O_RDONLY [pid 5069] newfstatat(AT_FDCWD, "./19/binderfs", [pid 7160] <... open resumed>) = 5 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 104.005248][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] unlink("./19/binderfs") = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 7160] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7160] <... ioctl resumed>) = 0 [pid 7160] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... umount2 resumed>) = 0 [pid 5065] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7160] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7160] exit_group(0 [pid 5065] newfstatat(AT_FDCWD, "./19/file0", [pid 7160] <... exit_group resumed>) = ? [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7160] +++ exited with 0 +++ [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... openat resumed>) = 4 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7160, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- [pid 5065] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 5065] newfstatat(4, "", [pid 5067] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5067] newfstatat(3, "", [pid 5065] getdents64(4, [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 104.070126][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] getdents64(3, [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, [pid 5068] getdents64(4, [pid 5067] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5068] close(4 [pid 5065] rmdir("./19/file0" [pid 5068] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5068] rmdir("./19/file0" [pid 5067] unlink("./19/binderfs" [pid 5065] getdents64(3, [pid 5067] <... unlink resumed>) = 0 [pid 5067] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5068] close(3 [pid 5065] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5065] rmdir("./19" [pid 5068] rmdir("./19") = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 7261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] mkdir("./20", 0777 [pid 5065] mkdir("./20", 0777 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5068] close(3 [pid 5065] close(3 [pid 5068] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 7269 attached ./strace-static-x86_64: Process 7268 attached [pid 5069] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7269 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 7268 [pid 7268] set_robust_list(0x555557145760, 24 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7268] <... set_robust_list resumed>) = 0 [pid 7269] set_robust_list(0x555557145760, 24 [pid 7268] chdir("./20" [pid 5069] newfstatat(AT_FDCWD, "./19/file0", [pid 7269] <... set_robust_list resumed>) = 0 [pid 7269] chdir("./20" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7268] <... chdir resumed>) = 0 [pid 5069] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7269] <... chdir resumed>) = 0 [pid 7268] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7268] <... prctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7268] setpgid(0, 0 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", [pid 7268] <... setpgid resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7269] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7268] <... openat resumed>) = 3 [pid 7269] <... prctl resumed>) = 0 [pid 5069] getdents64(4, [pid 7269] setpgid(0, 0 [pid 7268] write(3, "1000", 4 [pid 7269] <... setpgid resumed>) = 0 [pid 7268] <... write resumed>) = 4 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 7268] close(3 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7268] <... close resumed>) = 0 [pid 7268] symlink("/dev/binderfs", "./binderfs" [pid 5069] close(4 [pid 7268] <... symlink resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 7269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] rmdir("./19/file0" [pid 7269] <... openat resumed>) = 3 [pid 7268] memfd_create("syzkaller", 0 [pid 5069] <... rmdir resumed>) = 0 [pid 7269] write(3, "1000", 4) = 4 [pid 7268] <... memfd_create resumed>) = 3 [pid 5069] getdents64(3, [pid 7269] close(3) = 0 [pid 7268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 7269] symlink("/dev/binderfs", "./binderfs" [pid 7268] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./19" [pid 7269] <... symlink resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./20", 0777 [pid 7269] memfd_create("syzkaller", 0 [pid 5069] <... mkdir resumed>) = 0 [pid 7269] <... memfd_create resumed>) = 3 [pid 7269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 7269] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./19/file0", [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 7270 attached [pid 5067] close(4 [pid 7270] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 7270 [pid 5067] <... close resumed>) = 0 [pid 7270] <... set_robust_list resumed>) = 0 [pid 7270] chdir("./20") = 0 [pid 5067] rmdir("./19/file0" [pid 7270] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... rmdir resumed>) = 0 [pid 7270] <... prctl resumed>) = 0 [pid 7270] setpgid(0, 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 7270] <... setpgid resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 7270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] rmdir("./19") = 0 [pid 5067] mkdir("./20", 0777) = 0 [pid 7270] <... openat resumed>) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7270] write(3, "1000", 4./strace-static-x86_64: Process 7271 attached ) = 4 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 7271 [pid 7271] set_robust_list(0x555557145760, 24 [pid 7270] close(3 [pid 7271] <... set_robust_list resumed>) = 0 [pid 7270] <... close resumed>) = 0 [pid 7271] chdir("./20" [pid 7270] symlink("/dev/binderfs", "./binderfs" [pid 7271] <... chdir resumed>) = 0 [pid 7271] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7270] <... symlink resumed>) = 0 [pid 7271] <... prctl resumed>) = 0 [pid 7271] setpgid(0, 0) = 0 [pid 7271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7271] write(3, "1000", 4 [pid 7270] memfd_create("syzkaller", 0 [pid 7271] <... write resumed>) = 4 [pid 7270] <... memfd_create resumed>) = 3 [pid 7270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7271] close(3 [pid 7270] <... mmap resumed>) = 0x7fda9371b000 [pid 7271] <... close resumed>) = 0 [pid 7271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7271] memfd_create("syzkaller", 0) = 3 [pid 7271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7258] <... write resumed>) = 16777216 [pid 7258] munmap(0x7fda9371b000, 138412032) = 0 [pid 7258] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7258] close(3) = 0 [ 104.700266][ T7258] loop2: detected capacity change from 0 to 32768 [pid 7258] mkdir("./file0", 0777) = 0 [pid 7258] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 104.779814][ T7258] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7258) [ 104.863360][ T7258] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 7269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7261] <... write resumed>) = 16777216 [pid 7261] munmap(0x7fda9371b000, 138412032) = 0 [ 104.918889][ T7258] BTRFS info (device loop2): force clearing of disk cache [ 104.926018][ T7258] BTRFS info (device loop2): setting nodatasum [pid 7261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7261] ioctl(4, LOOP_SET_FD, 3 [pid 7270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 104.981042][ T7258] BTRFS info (device loop2): allowing degraded mounts [ 104.981420][ T7261] loop0: detected capacity change from 0 to 32768 [ 105.014290][ T7258] BTRFS info (device loop2): enabling disk space caching [pid 7271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7261] <... ioctl resumed>) = 0 [pid 7261] close(3) = 0 [pid 7261] mkdir("./file0", 0777) = 0 [ 105.041807][ T7258] BTRFS info (device loop2): disk space caching is enabled [ 105.052192][ T7261] BTRFS: device /dev/loop0 using temp-fsid c4426229-1afb-40e8-992f-b6dece3ec20d [ 105.111916][ T7261] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7261) [pid 7261] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7270] <... write resumed>) = 16777216 [pid 7270] munmap(0x7fda9371b000, 138412032) = 0 [pid 7270] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 105.210093][ T7261] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.249397][ T7270] loop5: detected capacity change from 0 to 32768 [ 105.255951][ T7258] BTRFS info (device loop2): enabling ssd optimizations [ 105.260436][ T7261] BTRFS info (device loop0): force clearing of disk cache [ 105.263055][ T7258] BTRFS info (device loop2): auto enabling async discard [ 105.278759][ T7258] BTRFS info (device loop2): rebuilding free space tree [ 105.292079][ T7258] BTRFS info (device loop2): disabling free space tree [ 105.299045][ T7258] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7270] close(3) = 0 [pid 7270] mkdir("./file0", 0777) = 0 [ 105.308681][ T7258] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.323878][ T7258] BTRFS info (device loop2): checking UUID tree [ 105.330668][ T7261] BTRFS info (device loop0): setting nodatasum [ 105.337621][ T7261] BTRFS info (device loop0): allowing degraded mounts [ 105.337711][ T7270] BTRFS: device /dev/loop5 using temp-fsid 0acf5ad6-7d77-4389-a2c0-cea9e1bb7553 [ 105.344447][ T7261] BTRFS info (device loop0): enabling disk space caching [pid 7270] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7269] <... write resumed>) = 16777216 [pid 7258] <... mount resumed>) = 0 [pid 7269] munmap(0x7fda9371b000, 138412032 [pid 7258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7258] chdir("./file0") = 0 [pid 7258] ioctl(4, LOOP_CLR_FD) = 0 [pid 7258] close(4 [pid 7268] <... write resumed>) = 16777216 [pid 7258] <... close resumed>) = 0 [pid 7268] munmap(0x7fda9371b000, 138412032 [pid 7258] open("./file0", O_RDONLY [pid 7268] <... munmap resumed>) = 0 [pid 7258] <... open resumed>) = 4 [pid 7268] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7258] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 105.344463][ T7261] BTRFS info (device loop0): disk space caching is enabled [ 105.383901][ T7270] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7270) [pid 7258] open("./file0", O_RDONLY) = 5 [pid 7258] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7269] <... munmap resumed>) = 0 [pid 7268] <... openat resumed>) = 4 [pid 7258] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7258] exit_group(0) = ? [pid 7268] ioctl(4, LOOP_SET_FD, 3 [pid 7258] +++ exited with 0 +++ [pid 7269] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7258, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [ 105.421226][ T7270] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.433042][ T7270] BTRFS info (device loop5): force clearing of disk cache [ 105.436775][ T7268] loop1: detected capacity change from 0 to 32768 [ 105.441473][ T7270] BTRFS info (device loop5): setting nodatasum [ 105.453782][ T7270] BTRFS info (device loop5): allowing degraded mounts [ 105.457545][ T7269] loop4: detected capacity change from 0 to 32768 [pid 7269] ioctl(4, LOOP_SET_FD, 3 [pid 7268] <... ioctl resumed>) = 0 [pid 7268] close(3 [pid 5066] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./21/binderfs") = 0 [pid 5066] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7269] <... ioctl resumed>) = 0 [pid 7269] close(3) = 0 [pid 7269] mkdir("./file0", 0777) = 0 [pid 7269] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7268] <... close resumed>) = 0 [pid 7268] mkdir("./file0", 0777) = 0 [ 105.473125][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 105.488073][ T7269] BTRFS: device /dev/loop4 using temp-fsid abca1c6c-6fd6-439d-bf29-d80c37e14cb5 [ 105.503583][ T7270] BTRFS info (device loop5): enabling disk space caching [ 105.512775][ T7269] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7269) [ 105.526714][ T7270] BTRFS info (device loop5): disk space caching is enabled [pid 7268] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7271] <... write resumed>) = 16777216 [ 105.582746][ T7268] BTRFS: device /dev/loop1 using temp-fsid 78cff9c6-8505-49f1-a88c-2eca4dd0d024 [ 105.602524][ T7269] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.615355][ T7269] BTRFS info (device loop4): force clearing of disk cache [pid 7271] munmap(0x7fda9371b000, 138412032) = 0 [pid 7271] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7271] close(3) = 0 [pid 7271] mkdir("./file0", 0777) = 0 [pid 7271] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7261] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 7261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7261] chdir("./file0") = 0 [pid 7261] ioctl(4, LOOP_CLR_FD) = 0 [pid 7261] close(4) = 0 [pid 7261] open("./file0", O_RDONLY) = 4 [pid 7261] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7261] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 105.620383][ T7268] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7268) [ 105.646720][ T7271] loop3: detected capacity change from 0 to 32768 [ 105.670549][ T7271] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7271) [pid 7261] open("./file0", O_RDONLY) = 5 [pid 7261] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5066] <... openat resumed>) = 4 [pid 7261] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7261] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./21/file0" [pid 7261] exit_group(0) = ? [pid 7261] +++ exited with 0 +++ [pid 5066] <... rmdir resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7261, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5064] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./21" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... rmdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] mkdir("./22", 0777 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 7270] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5064] unlink("./20/binderfs" [pid 7270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] close(3 [pid 5064] <... unlink resumed>) = 0 [pid 7270] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 7270] chdir("./file0" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7270] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 7361 attached [pid 7270] ioctl(4, LOOP_CLR_FD [pid 7361] set_robust_list(0x555557145760, 24 [pid 7270] <... ioctl resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 7361 [pid 7361] <... set_robust_list resumed>) = 0 [pid 7270] close(4 [pid 7361] chdir("./22" [pid 7270] <... close resumed>) = 0 [pid 7361] <... chdir resumed>) = 0 [pid 7361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7270] open("./file0", O_RDONLY [pid 7361] setpgid(0, 0) = 0 [pid 7270] <... open resumed>) = 4 [pid 7270] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7361] write(3, "1000", 4 [pid 7270] <... ioctl resumed>) = 0 [pid 7361] <... write resumed>) = 4 [pid 7270] open("./file0", O_RDONLY) = 5 [pid 7270] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7361] close(3 [pid 7270] <... ioctl resumed>) = 0 [pid 7270] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7361] <... close resumed>) = 0 [pid 7361] symlink("/dev/binderfs", "./binderfs" [pid 7270] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7270] exit_group(0) = ? [pid 7361] <... symlink resumed>) = 0 [pid 7270] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7270, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 7361] memfd_create("syzkaller", 0 [pid 5069] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7361] <... memfd_create resumed>) = 3 [pid 5069] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7268] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./20/binderfs", [pid 7268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = 0 [pid 7268] <... openat resumed>) = 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7268] chdir("./file0" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7268] <... chdir resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./20/file0", [pid 7268] ioctl(4, LOOP_CLR_FD [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7268] <... ioctl resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7268] close(4 [pid 5064] newfstatat(4, "", [pid 7268] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7268] open("./file0", O_RDONLY [pid 5064] getdents64(4, [pid 7268] <... open resumed>) = 4 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 7268] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] rmdir("./20/file0" [pid 5069] unlink("./20/binderfs" [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./20") = 0 [pid 5069] <... unlink resumed>) = 0 [pid 7269] <... mount resumed>) = 0 [pid 5064] mkdir("./21", 0777 [pid 7268] <... ioctl resumed>) = 0 [pid 5069] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... mkdir resumed>) = 0 [pid 7269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7268] open("./file0", O_RDONLY) = 5 [pid 7269] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 7269] chdir("./file0" [pid 7268] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7269] <... chdir resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 7269] ioctl(4, LOOP_CLR_FD [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7269] <... ioctl resumed>) = 0 [pid 7269] close(4) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 7370 [pid 7269] open("./file0", O_RDONLY./strace-static-x86_64: Process 7370 attached [pid 7370] set_robust_list(0x555557145760, 24 [pid 7269] <... open resumed>) = 4 [pid 7370] <... set_robust_list resumed>) = 0 [pid 7269] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7268] <... ioctl resumed>) = 0 [pid 7370] chdir("./21" [pid 7268] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7370] <... chdir resumed>) = 0 [pid 7268] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7268] exit_group(0 [pid 7370] <... prctl resumed>) = 0 [pid 7268] <... exit_group resumed>) = ? [pid 7370] setpgid(0, 0 [pid 7268] +++ exited with 0 +++ [pid 7370] <... setpgid resumed>) = 0 [pid 7370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7268, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [pid 7370] write(3, "1000", 4 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 7370] <... write resumed>) = 4 [pid 5065] <... restart_syscall resumed>) = 0 [pid 7370] close(3) = 0 [pid 7370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7370] memfd_create("syzkaller", 0 [pid 5065] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7370] <... memfd_create resumed>) = 3 [pid 7269] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7269] open("./file0", O_RDONLY [pid 5065] <... openat resumed>) = 3 [pid 7370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7269] <... open resumed>) = 5 [pid 5065] newfstatat(3, "", [pid 7370] <... mmap resumed>) = 0x7fda9371b000 [pid 7269] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./20/binderfs") = 0 [pid 7269] <... ioctl resumed>) = 0 [pid 5065] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7271] <... mount resumed>) = 0 [pid 7269] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7269] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7271] <... openat resumed>) = 3 [pid 7269] exit_group(0 [pid 7271] chdir("./file0" [pid 7269] <... exit_group resumed>) = ? [pid 7269] +++ exited with 0 +++ [pid 7271] <... chdir resumed>) = 0 [pid 7271] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7269, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7271] close(4) = 0 [pid 5068] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./20/binderfs" [pid 7271] open("./file0", O_RDONLY [pid 5068] <... unlink resumed>) = 0 [pid 5068] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7271] <... open resumed>) = 4 [pid 7271] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7271] open("./file0", O_RDONLY) = 5 [pid 7271] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7271] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7271] exit_group(0) = ? [pid 7271] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7271, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- [pid 5067] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5067] getdents64(3, [pid 5069] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./20/binderfs") = 0 [pid 5067] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./20/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./20") = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5069] mkdir("./21", 0777) = 0 [pid 5065] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7374 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./20/file0", ./strace-static-x86_64: Process 7374 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7374] set_robust_list(0x555557145760, 24 [pid 5065] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7374] <... set_robust_list resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7374] chdir("./21" [pid 5065] <... openat resumed>) = 4 [pid 7374] <... chdir resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 7374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7374] <... prctl resumed>) = 0 [pid 5065] getdents64(4, [pid 7374] setpgid(0, 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 7374] <... setpgid resumed>) = 0 [pid 5065] getdents64(4, [pid 7374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7374] <... openat resumed>) = 3 [pid 5065] close(4 [pid 7374] write(3, "1000", 4 [pid 5065] <... close resumed>) = 0 [pid 7374] <... write resumed>) = 4 [pid 7374] close(3 [pid 5065] rmdir("./20/file0" [pid 7374] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 7374] symlink("/dev/binderfs", "./binderfs" [pid 5065] getdents64(3, [pid 7374] <... symlink resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7374] memfd_create("syzkaller", 0 [pid 5065] close(3 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7374] <... memfd_create resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./20") = 0 [pid 5065] mkdir("./21", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5068] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 5068] <... openat resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 5068] newfstatat(4, "", [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7374] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 7377 ./strace-static-x86_64: Process 7377 attached [pid 7377] set_robust_list(0x555557145760, 24) = 0 [pid 7377] chdir("./21") = 0 [pid 7377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7377] setpgid(0, 0) = 0 [pid 7377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] getdents64(4, [pid 7377] <... openat resumed>) = 3 [pid 7377] write(3, "1000", 4) = 4 [pid 7377] close(3) = 0 [pid 7377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7377] memfd_create("syzkaller", 0) = 3 [pid 7377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 7361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] rmdir("./20/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./20") = 0 [pid 5068] mkdir("./21", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7378 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7378 attached [pid 7378] set_robust_list(0x555557145760, 24) = 0 [pid 7378] chdir("./21") = 0 [pid 7378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7378] setpgid(0, 0) = 0 [pid 7378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7378] write(3, "1000", 4) = 4 [pid 7378] close(3) = 0 [pid 7378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7378] memfd_create("syzkaller", 0) = 3 [pid 7378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./20/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./20") = 0 [pid 5067] mkdir("./21", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7379 ./strace-static-x86_64: Process 7379 attached [pid 7379] set_robust_list(0x555557145760, 24) = 0 [pid 7379] chdir("./21") = 0 [pid 7379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7379] setpgid(0, 0) = 0 [pid 7379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7379] write(3, "1000", 4) = 4 [pid 7374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7379] close(3) = 0 [pid 7379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7379] memfd_create("syzkaller", 0) = 3 [pid 7379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7361] <... write resumed>) = 16777216 [pid 7361] munmap(0x7fda9371b000, 138412032) = 0 [pid 7370] <... write resumed>) = 16777216 [pid 7361] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7361] close(3 [pid 7370] munmap(0x7fda9371b000, 138412032 [pid 7361] <... close resumed>) = 0 [pid 7370] <... munmap resumed>) = 0 [pid 7361] mkdir("./file0", 0777) = 0 [ 107.190706][ T7361] loop2: detected capacity change from 0 to 32768 [pid 7361] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7370] ioctl(4, LOOP_SET_FD, 3 [pid 7374] <... write resumed>) = 16777216 [pid 7370] <... ioctl resumed>) = 0 [pid 7370] close(3) = 0 [pid 7370] mkdir("./file0", 0777) = 0 [ 107.254888][ T7361] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7361) [ 107.290372][ T7370] loop0: detected capacity change from 0 to 32768 [pid 7370] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7374] munmap(0x7fda9371b000, 138412032) = 0 [ 107.328268][ T7370] BTRFS: device /dev/loop0 using temp-fsid e49175b6-725b-4bca-8757-c137b977acd9 [pid 7374] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 7374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7374] close(3) = 0 [pid 7377] <... write resumed>) = 16777216 [pid 7374] mkdir("./file0", 0777) = 0 [ 107.370786][ T7374] loop5: detected capacity change from 0 to 32768 [ 107.379972][ T7370] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7370) [pid 7377] munmap(0x7fda9371b000, 138412032 [pid 7374] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7377] <... munmap resumed>) = 0 [pid 7377] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7377] close(3) = 0 [pid 7377] mkdir("./file0", 0777) = 0 [ 107.428249][ T7374] BTRFS: device /dev/loop5 using temp-fsid 4b7d6404-6ff3-466d-ba3c-c1ad88d8be84 [ 107.453332][ T7377] loop1: detected capacity change from 0 to 32768 [ 107.464571][ T7374] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7374) [pid 7377] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7378] <... write resumed>) = 16777216 [ 107.514222][ T7377] BTRFS: device /dev/loop1 using temp-fsid e7660471-c5df-4978-ac14-9150f4d732da [ 107.541735][ T7377] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7377) [pid 7378] munmap(0x7fda9371b000, 138412032 [pid 7379] <... write resumed>) = 16777216 [pid 7379] munmap(0x7fda9371b000, 138412032 [pid 7378] <... munmap resumed>) = 0 [pid 7378] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7378] ioctl(4, LOOP_SET_FD, 3 [pid 7379] <... munmap resumed>) = 0 [pid 7379] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7378] <... ioctl resumed>) = 0 [pid 7379] <... openat resumed>) = 4 [pid 7378] close(3) = 0 [pid 7379] ioctl(4, LOOP_SET_FD, 3 [pid 7378] mkdir("./file0", 0777) = 0 [ 107.606885][ T7378] loop4: detected capacity change from 0 to 32768 [ 107.626703][ T7379] loop3: detected capacity change from 0 to 32768 [ 107.636635][ T7378] BTRFS: device /dev/loop4 using temp-fsid 50151734-4418-46cd-a9ab-28c68a932a4b [pid 7378] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7379] <... ioctl resumed>) = 0 [pid 7370] <... mount resumed>) = 0 [pid 7370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7379] close(3 [pid 7370] chdir("./file0" [pid 7379] <... close resumed>) = 0 [pid 7374] <... mount resumed>) = 0 [pid 7379] mkdir("./file0", 0777 [pid 7370] <... chdir resumed>) = 0 [pid 7379] <... mkdir resumed>) = 0 [pid 7374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7370] ioctl(4, LOOP_CLR_FD [pid 7379] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7374] <... openat resumed>) = 3 [pid 7370] <... ioctl resumed>) = 0 [pid 7370] close(4) = 0 [pid 7370] open("./file0", O_RDONLY) = 4 [pid 7374] chdir("./file0" [pid 7370] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7374] <... chdir resumed>) = 0 [pid 7370] <... ioctl resumed>) = 0 [pid 7374] ioctl(4, LOOP_CLR_FD [pid 7370] open("./file0", O_RDONLY [pid 7374] <... ioctl resumed>) = 0 [pid 7370] <... open resumed>) = 5 [pid 7374] close(4 [pid 7370] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7374] <... close resumed>) = 0 [pid 7361] <... mount resumed>) = 0 [pid 7374] open("./file0", O_RDONLY [pid 7361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7374] <... open resumed>) = 4 [pid 7361] <... openat resumed>) = 3 [pid 7374] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7370] <... ioctl resumed>) = 0 [pid 7361] chdir("./file0" [pid 7370] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7361] <... chdir resumed>) = 0 [pid 7370] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7361] ioctl(4, LOOP_CLR_FD [pid 7370] exit_group(0 [pid 7361] <... ioctl resumed>) = 0 [pid 7370] <... exit_group resumed>) = ? [pid 7361] close(4 [pid 7370] +++ exited with 0 +++ [pid 7361] <... close resumed>) = 0 [pid 7361] open("./file0", O_RDONLY) = 4 [pid 7361] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7370, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [ 107.649752][ T7378] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7378) [ 107.672291][ T7379] BTRFS: device /dev/loop3 using temp-fsid cdeb48b0-3a64-4feb-b1f0-ce99580e3e0e [ 107.681713][ T7379] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7379) [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 7374] <... ioctl resumed>) = 0 [pid 5064] <... restart_syscall resumed>) = 0 [pid 7361] <... ioctl resumed>) = 0 [pid 7361] open("./file0", O_RDONLY) = 5 [pid 7361] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7361] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7361] exit_group(0) = ? [pid 7361] +++ exited with 0 +++ [pid 7374] open("./file0", O_RDONLY [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7361, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- [pid 5064] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7374] <... open resumed>) = 5 [pid 5064] <... openat resumed>) = 3 [pid 7374] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7374] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] getdents64(3, [pid 7374] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7374] exit_group(0) = ? [pid 5066] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7374] +++ exited with 0 +++ [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7374, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5066] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(3, "", [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5064] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5069] <... restart_syscall resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(3, [pid 5069] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] unlink("./21/binderfs" [pid 5066] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(3, "", [pid 5066] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5064] <... unlink resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] getdents64(3, [pid 5066] unlink("./22/binderfs" [pid 5064] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... unlink resumed>) = 0 [pid 5069] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./21/binderfs") = 0 [ 107.787058][ T42] _btrfs_printk: 118 callbacks suppressed [ 107.787072][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 107.820093][ T7377] BTRFS info (device loop1): disabling free space tree [ 107.827009][ T7377] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 107.869000][ T7378] BTRFS info (device loop4): enabling ssd optimizations [ 107.876303][ T7378] BTRFS info (device loop4): auto enabling async discard [ 107.884819][ T7378] BTRFS info (device loop4): rebuilding free space tree [ 107.886717][ T7379] BTRFS info (device loop3): enabling ssd optimizations [ 107.897067][ T7378] BTRFS info (device loop4): disabling free space tree [ 107.906594][ T7378] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5069] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 107.929443][ T7377] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 107.941795][ T7379] BTRFS info (device loop3): auto enabling async discard [ 107.950376][ T7378] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] close(4) = 0 [pid 5064] rmdir("./21/file0") = 0 [pid 5064] getdents64(3, [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./22/file0", [pid 5064] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] rmdir("./21" [pid 5066] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", [pid 5064] <... rmdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 107.992590][ T7379] BTRFS info (device loop3): rebuilding free space tree [ 108.019125][ T7377] BTRFS info (device loop1): checking UUID tree [pid 5064] mkdir("./22", 0777 [pid 5069] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5064] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(4 [pid 5064] <... openat resumed>) = 3 [pid 5069] newfstatat(AT_FDCWD, "./21/file0", [pid 5066] <... close resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] rmdir("./22/file0" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5066] getdents64(3, [pid 5069] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] close(3) = 0 [pid 5066] rmdir("./22" [pid 5069] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7476 attached ) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 7476 [pid 7476] set_robust_list(0x555557145760, 24 [pid 5066] mkdir("./23", 0777 [pid 7476] <... set_robust_list resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 7476] chdir("./22" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5069] getdents64(4, [pid 7476] <... chdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7476] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... openat resumed>) = 3 [pid 7476] <... prctl resumed>) = 0 [pid 7476] setpgid(0, 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 7476] <... setpgid resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 7476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7478 attached [pid 7476] <... openat resumed>) = 3 [pid 5069] getdents64(4, [pid 7476] write(3, "1000", 4 [pid 7478] set_robust_list(0x555557145760, 24 [pid 7476] <... write resumed>) = 4 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 7478 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7377] <... mount resumed>) = 0 [pid 7377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] close(4 [pid 7377] chdir("./file0" [pid 5069] <... close resumed>) = 0 [pid 7476] close(3 [pid 7377] <... chdir resumed>) = 0 [pid 7377] ioctl(4, LOOP_CLR_FD) = 0 [pid 7377] close(4) = 0 [pid 7377] open("./file0", O_RDONLY) = 4 [pid 7377] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7478] <... set_robust_list resumed>) = 0 [pid 7476] <... close resumed>) = 0 [pid 5069] rmdir("./21/file0" [pid 7478] chdir("./23" [pid 7476] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... rmdir resumed>) = 0 [pid 7476] <... symlink resumed>) = 0 [pid 5069] getdents64(3, [pid 7378] <... mount resumed>) = 0 [pid 7476] memfd_create("syzkaller", 0 [pid 7378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7478] <... chdir resumed>) = 0 [pid 7478] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7476] <... memfd_create resumed>) = 3 [pid 7378] <... openat resumed>) = 3 [pid 5069] close(3 [pid 7378] chdir("./file0") = 0 [pid 5069] <... close resumed>) = 0 [pid 7478] <... prctl resumed>) = 0 [ 108.042954][ T7378] BTRFS info (device loop4): checking UUID tree [ 108.071212][ T7379] BTRFS info (device loop3): disabling free space tree [ 108.078272][ T7379] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7478] setpgid(0, 0 [pid 7476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7378] ioctl(4, LOOP_CLR_FD [pid 5069] rmdir("./21" [pid 7378] <... ioctl resumed>) = 0 [pid 7378] close(4) = 0 [pid 7378] open("./file0", O_RDONLY) = 4 [pid 7378] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... rmdir resumed>) = 0 [pid 7476] <... mmap resumed>) = 0x7fda9371b000 [pid 7478] <... setpgid resumed>) = 0 [ 108.114073][ T7379] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7378] <... ioctl resumed>) = 0 [pid 5069] mkdir("./22", 0777 [pid 7478] write(3, "1000", 4 [pid 5069] <... mkdir resumed>) = 0 [pid 7378] open("./file0", O_RDONLY [pid 7478] <... write resumed>) = 4 [pid 7378] <... open resumed>) = 5 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 7378] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... openat resumed>) = 3 [pid 7378] <... ioctl resumed>) = 0 [pid 7478] close(3 [pid 7378] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3 [pid 7478] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 7378] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7478] symlink("/dev/binderfs", "./binderfs" [pid 7378] exit_group(0 [pid 7478] <... symlink resumed>) = 0 [pid 7378] <... exit_group resumed>) = ? [pid 7377] <... ioctl resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7480 attached [pid 7478] memfd_create("syzkaller", 0 [pid 7378] +++ exited with 0 +++ [pid 7377] open("./file0", O_RDONLY [pid 7480] set_robust_list(0x555557145760, 24 [pid 7377] <... open resumed>) = 5 [pid 7478] <... memfd_create resumed>) = 3 [pid 7480] <... set_robust_list resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7378, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 7377] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7480] chdir("./22" [pid 7478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 7480 [ 108.157020][ T7379] BTRFS info (device loop3): checking UUID tree [pid 5068] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7480] <... chdir resumed>) = 0 [pid 7478] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7480] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... openat resumed>) = 3 [pid 7377] <... ioctl resumed>) = 0 [pid 7377] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7377] exit_group(0) = ? [pid 7480] <... prctl resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 7480] setpgid(0, 0) = 0 [pid 7377] +++ exited with 0 +++ [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7377, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 5068] getdents64(3, [pid 7480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7480] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 7480] write(3, "1000", 4 [pid 5068] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5065] newfstatat(3, "", [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 7480] <... write resumed>) = 4 [pid 7480] close(3 [pid 5068] unlink("./21/binderfs" [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7480] <... close resumed>) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5065] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7480] symlink("/dev/binderfs", "./binderfs" [pid 5068] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./21/binderfs", [pid 7480] <... symlink resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7480] memfd_create("syzkaller", 0 [pid 5065] unlink("./21/binderfs") = 0 [pid 5065] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7480] <... memfd_create resumed>) = 3 [pid 7480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7379] <... mount resumed>) = 0 [pid 7480] <... mmap resumed>) = 0x7fda9371b000 [pid 7379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 108.224251][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 108.250812][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 7379] chdir("./file0") = 0 [pid 7379] ioctl(4, LOOP_CLR_FD) = 0 [pid 7379] close(4) = 0 [pid 7379] open("./file0", O_RDONLY) = 4 [pid 7379] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7379] open("./file0", O_RDONLY) = 5 [pid 7379] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7379] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7379] exit_group(0) = ? [pid 7379] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7379, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 5067] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./21/binderfs") = 0 [ 108.522451][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./21/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./21" [pid 5065] <... umount2 resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] mkdir("./22", 0777) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5068] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5065] close(4 [pid 5068] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./21/file0" [pid 5068] close(3 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 7480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./21" [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./22", 0777 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7485 [pid 5065] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7485 attached [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7485] set_robust_list(0x555557145760, 24 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 7485] <... set_robust_list resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 7485] chdir("./22") = 0 [pid 7485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] close(3 [pid 7485] setpgid(0, 0) = 0 [pid 5065] <... close resumed>) = 0 [pid 7485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7485] <... openat resumed>) = 3 [pid 7485] write(3, "1000", 4 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 7486 ./strace-static-x86_64: Process 7486 attached [pid 7486] set_robust_list(0x555557145760, 24 [pid 7485] <... write resumed>) = 4 [pid 5067] <... umount2 resumed>) = 0 [pid 7485] close(3 [pid 7486] <... set_robust_list resumed>) = 0 [pid 7486] chdir("./22" [pid 7485] <... close resumed>) = 0 [pid 5067] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7485] symlink("/dev/binderfs", "./binderfs" [pid 7486] <... chdir resumed>) = 0 [pid 5067] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7486] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7486] <... prctl resumed>) = 0 [pid 7485] <... symlink resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7486] setpgid(0, 0 [pid 7485] memfd_create("syzkaller", 0 [pid 5067] <... openat resumed>) = 4 [pid 7486] <... setpgid resumed>) = 0 [pid 5067] newfstatat(4, "", [pid 7486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7486] <... openat resumed>) = 3 [pid 5067] getdents64(4, [pid 7486] write(3, "1000", 4 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 7486] <... write resumed>) = 4 [pid 5067] getdents64(4, [pid 7486] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7486] <... close resumed>) = 0 [pid 5067] close(4 [pid 7486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7485] <... memfd_create resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 7486] memfd_create("syzkaller", 0 [pid 7485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] rmdir("./21/file0" [pid 7486] <... memfd_create resumed>) = 3 [pid 7485] <... mmap resumed>) = 0x7fda9371b000 [pid 7486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... rmdir resumed>) = 0 [pid 7486] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./21") = 0 [pid 5067] mkdir("./22", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7487 ./strace-static-x86_64: Process 7487 attached [pid 7487] set_robust_list(0x555557145760, 24) = 0 [pid 7487] chdir("./22") = 0 [pid 7487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7487] setpgid(0, 0) = 0 [pid 7487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7487] write(3, "1000", 4) = 4 [pid 7487] close(3) = 0 [pid 7487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7487] memfd_create("syzkaller", 0) = 3 [pid 7487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7476] <... write resumed>) = 16777216 [pid 7476] munmap(0x7fda9371b000, 138412032 [pid 7485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7476] <... munmap resumed>) = 0 [pid 7486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7476] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7478] <... write resumed>) = 16777216 [pid 7478] munmap(0x7fda9371b000, 138412032) = 0 [pid 7480] <... write resumed>) = 16777216 [pid 7476] <... openat resumed>) = 4 [pid 7476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7480] munmap(0x7fda9371b000, 138412032 [pid 7478] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7478] <... openat resumed>) = 4 [pid 7480] <... munmap resumed>) = 0 [pid 7478] ioctl(4, LOOP_SET_FD, 3 [pid 7480] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 7478] <... ioctl resumed>) = 0 [pid 7480] <... openat resumed>) = 4 [pid 7478] close(3) = 0 [pid 7478] mkdir("./file0", 0777 [pid 7480] ioctl(4, LOOP_SET_FD, 3 [pid 7478] <... mkdir resumed>) = 0 [ 109.530087][ T7476] loop0: detected capacity change from 0 to 32768 [ 109.549338][ T7478] loop2: detected capacity change from 0 to 32768 [ 109.569412][ T7480] loop5: detected capacity change from 0 to 32768 [pid 7478] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7480] <... ioctl resumed>) = 0 [pid 7476] close(3) = 0 [pid 7476] mkdir("./file0", 0777) = 0 [pid 7476] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7480] close(3) = 0 [pid 7480] mkdir("./file0", 0777) = 0 [ 109.570643][ T7478] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7478) [ 109.672729][ T7478] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 109.673303][ T7476] BTRFS: device /dev/loop0 using temp-fsid 213a06dc-181e-4a22-a8bb-8266bea82be8 [ 109.699189][ T7478] BTRFS info (device loop2): force clearing of disk cache [ 109.707140][ T7478] BTRFS info (device loop2): setting nodatasum [ 109.713405][ T7476] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7476) [ 109.741739][ T7478] BTRFS info (device loop2): allowing degraded mounts [ 109.744449][ T7480] BTRFS: device /dev/loop5 using temp-fsid 5c0ca332-2bba-405c-9d10-761a4287a242 [ 109.748620][ T7478] BTRFS info (device loop2): enabling disk space caching [ 109.765176][ T7476] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 109.778818][ T7476] BTRFS info (device loop0): force clearing of disk cache [ 109.786266][ T7476] BTRFS info (device loop0): setting nodatasum [ 109.792728][ T7480] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7480) [ 109.818840][ T7476] BTRFS info (device loop0): allowing degraded mounts [ 109.825943][ T7476] BTRFS info (device loop0): enabling disk space caching [ 109.828995][ T7478] BTRFS info (device loop2): disk space caching is enabled [ 109.852902][ T7476] BTRFS info (device loop0): disk space caching is enabled [pid 7480] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7485] <... write resumed>) = 16777216 [ 109.864911][ T7480] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 109.886751][ T7480] BTRFS info (device loop5): force clearing of disk cache [ 109.900698][ T7480] BTRFS info (device loop5): setting nodatasum [ 109.907432][ T7480] BTRFS info (device loop5): allowing degraded mounts [ 109.915278][ T7480] BTRFS info (device loop5): enabling disk space caching [pid 7485] munmap(0x7fda9371b000, 138412032) = 0 [pid 7485] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7485] ioctl(4, LOOP_SET_FD, 3 [pid 7486] <... write resumed>) = 16777216 [pid 7486] munmap(0x7fda9371b000, 138412032) = 0 [pid 7486] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 109.922954][ T7480] BTRFS info (device loop5): disk space caching is enabled [ 109.952422][ T7485] loop4: detected capacity change from 0 to 32768 [pid 7486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7486] close(3) = 0 [pid 7485] <... ioctl resumed>) = 0 [pid 7486] mkdir("./file0", 0777 [pid 7485] close(3 [pid 7486] <... mkdir resumed>) = 0 [pid 7485] <... close resumed>) = 0 [pid 7486] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7485] mkdir("./file0", 0777) = 0 [pid 7485] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7487] <... write resumed>) = 16777216 [ 109.970934][ T7486] loop1: detected capacity change from 0 to 32768 [ 109.980494][ T7476] BTRFS info (device loop0): enabling ssd optimizations [ 109.987640][ T7476] BTRFS info (device loop0): auto enabling async discard [ 109.993798][ T7478] BTRFS info (device loop2): enabling ssd optimizations [ 109.997253][ T7476] BTRFS info (device loop0): rebuilding free space tree [ 110.001785][ T7486] BTRFS: device /dev/loop1 using temp-fsid 0a8e3ecf-8299-494d-b22a-f9731c097a40 [ 110.014157][ T7476] BTRFS info (device loop0): disabling free space tree [pid 7487] munmap(0x7fda9371b000, 138412032) = 0 [pid 7487] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 110.023751][ T7478] BTRFS info (device loop2): auto enabling async discard [ 110.031686][ T7486] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7486) [ 110.045009][ T7476] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.046296][ T7487] loop3: detected capacity change from 0 to 32768 [ 110.061262][ T7476] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7487] close(3) = 0 [pid 7487] mkdir("./file0", 0777) = 0 [ 110.066120][ T7486] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.078625][ T7476] BTRFS info (device loop0): checking UUID tree [ 110.081822][ T7478] BTRFS info (device loop2): rebuilding free space tree [ 110.087594][ T7486] BTRFS info (device loop1): force clearing of disk cache [ 110.094157][ T7485] BTRFS: device /dev/loop4 using temp-fsid 8c4b42ad-0cec-4728-920d-530e8ee06b39 [ 110.101754][ T7486] BTRFS info (device loop1): setting nodatasum [pid 7487] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7476] <... mount resumed>) = 0 [pid 7476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7476] chdir("./file0") = 0 [pid 7476] ioctl(4, LOOP_CLR_FD) = 0 [ 110.113503][ T7485] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7485) [ 110.118223][ T7486] BTRFS info (device loop1): allowing degraded mounts [ 110.136088][ T7486] BTRFS info (device loop1): enabling disk space caching [ 110.144043][ T7486] BTRFS info (device loop1): disk space caching is enabled [ 110.148075][ T7478] BTRFS info (device loop2): disabling free space tree [ 110.163238][ T7487] BTRFS: device /dev/loop3 using temp-fsid 6f1f65ca-841c-4861-b5db-53b1843585eb [pid 7476] close(4) = 0 [pid 7476] open("./file0", O_RDONLY) = 4 [pid 7476] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 110.173348][ T7487] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7487) [ 110.195495][ T7480] BTRFS info (device loop5): enabling ssd optimizations [ 110.195511][ T7485] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.206248][ T7487] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.216510][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 110.221226][ T7487] BTRFS info (device loop3): force clearing of disk cache [ 110.231901][ T7478] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.237307][ T7487] BTRFS info (device loop3): setting nodatasum [ 110.237326][ T7487] BTRFS info (device loop3): allowing degraded mounts [ 110.253922][ T7480] BTRFS info (device loop5): auto enabling async discard [ 110.261470][ T7487] BTRFS info (device loop3): enabling disk space caching [pid 7476] open("./file0", O_RDONLY) = 5 [pid 7476] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7476] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7476] exit_group(0) = ? [pid 7476] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7476, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5064] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./22/binderfs") = 0 [ 110.274381][ T7487] BTRFS info (device loop3): disk space caching is enabled [ 110.283090][ T7485] BTRFS info (device loop4): force clearing of disk cache [ 110.295994][ T7480] BTRFS info (device loop5): rebuilding free space tree [ 110.297149][ T7478] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 110.305373][ T7485] BTRFS info (device loop4): setting nodatasum [ 110.340131][ T7480] BTRFS info (device loop5): disabling free space tree [ 110.354223][ T7485] BTRFS info (device loop4): allowing degraded mounts [ 110.361819][ T7485] BTRFS info (device loop4): enabling disk space caching [ 110.370337][ T7485] BTRFS info (device loop4): disk space caching is enabled [ 110.372277][ T7480] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5064] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 110.391251][ T7486] BTRFS info (device loop1): enabling ssd optimizations [ 110.402430][ T7478] BTRFS info (device loop2): checking UUID tree [ 110.413029][ T7486] BTRFS info (device loop1): auto enabling async discard [ 110.421925][ T7486] BTRFS info (device loop1): rebuilding free space tree [ 110.429020][ T7487] BTRFS info (device loop3): enabling ssd optimizations [pid 5064] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./22/file0") = 0 [pid 5064] getdents64(3, [pid 7478] <... mount resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./22") = 0 [pid 5064] mkdir("./23", 0777 [pid 7478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... mkdir resumed>) = 0 [pid 7478] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 7478] chdir("./file0" [pid 5064] close(3 [pid 7478] <... chdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 7478] ioctl(4, LOOP_CLR_FD [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7478] <... ioctl resumed>) = 0 [pid 7478] close(4) = 0 [pid 7478] open("./file0", O_RDONLY) = 4 [pid 7478] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}./strace-static-x86_64: Process 7573 attached [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 7573 [pid 7573] set_robust_list(0x555557145760, 24) = 0 [pid 7573] chdir("./23") = 0 [pid 7573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7573] setpgid(0, 0) = 0 [ 110.436446][ T7487] BTRFS info (device loop3): auto enabling async discard [ 110.441322][ T7480] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 110.464649][ T7487] BTRFS info (device loop3): rebuilding free space tree [ 110.465338][ T7486] BTRFS info (device loop1): disabling free space tree [pid 7573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7573] write(3, "1000", 4 [pid 7478] <... ioctl resumed>) = 0 [pid 7478] open("./file0", O_RDONLY) = 5 [pid 7478] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7478] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7478] exit_group(0) = ? [pid 7478] +++ exited with 0 +++ [ 110.498584][ T7480] BTRFS info (device loop5): checking UUID tree [ 110.511889][ T7487] BTRFS info (device loop3): disabling free space tree [ 110.519225][ T7487] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.528193][ T7486] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.529330][ T7487] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7573] <... write resumed>) = 4 [pid 7573] close(3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7478, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 7573] <... close resumed>) = 0 [pid 7573] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... restart_syscall resumed>) = 0 [pid 7573] <... symlink resumed>) = 0 [pid 7573] memfd_create("syzkaller", 0 [pid 7480] <... mount resumed>) = 0 [pid 7573] <... memfd_create resumed>) = 3 [pid 7480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7480] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7480] chdir("./file0" [pid 5066] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7480] <... chdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 7573] <... mmap resumed>) = 0x7fda9371b000 [pid 7480] ioctl(4, LOOP_CLR_FD [pid 5066] newfstatat(3, "", [pid 7480] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7480] close(4 [pid 5066] getdents64(3, [pid 7480] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7480] open("./file0", O_RDONLY [pid 5066] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7480] <... open resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7480] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./23/binderfs") = 0 [ 110.542676][ T7486] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5066] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7480] <... ioctl resumed>) = 0 [pid 7480] open("./file0", O_RDONLY) = 5 [ 110.596541][ T2855] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 7480] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7480] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7480] exit_group(0) = ? [pid 7480] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7480, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 110.669099][ T7485] BTRFS info (device loop4): enabling ssd optimizations [ 110.670575][ T7487] BTRFS info (device loop3): checking UUID tree [ 110.676056][ T7485] BTRFS info (device loop4): auto enabling async discard [ 110.708722][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./22/binderfs") = 0 [pid 5069] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7487] <... mount resumed>) = 0 [pid 7486] <... mount resumed>) = 0 [pid 7485] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 7487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7487] <... openat resumed>) = 3 [pid 7486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7485] <... openat resumed>) = 3 [pid 7487] chdir("./file0" [pid 7485] chdir("./file0" [pid 7487] <... chdir resumed>) = 0 [pid 7485] <... chdir resumed>) = 0 [pid 7487] ioctl(4, LOOP_CLR_FD) = 0 [pid 7486] <... openat resumed>) = 3 [pid 7485] ioctl(4, LOOP_CLR_FD [pid 5066] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7485] <... ioctl resumed>) = 0 [pid 7485] close(4 [ 110.730643][ T7486] BTRFS info (device loop1): checking UUID tree [ 110.752276][ T7485] BTRFS info (device loop4): rebuilding free space tree [ 110.765259][ T7485] BTRFS info (device loop4): disabling free space tree [pid 7486] chdir("./file0" [pid 7487] close(4 [pid 7485] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7486] <... chdir resumed>) = 0 [pid 7486] ioctl(4, LOOP_CLR_FD [pid 5066] newfstatat(AT_FDCWD, "./23/file0", [pid 7487] <... close resumed>) = 0 [pid 7486] <... ioctl resumed>) = 0 [pid 7485] open("./file0", O_RDONLY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7487] open("./file0", O_RDONLY [pid 7486] close(4 [pid 5066] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7487] <... open resumed>) = 4 [pid 7486] <... close resumed>) = 0 [pid 7485] <... open resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7487] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7485] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7486] open("./file0", O_RDONLY [pid 5066] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7486] <... open resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 7486] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7486] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7486] open("./file0", O_RDONLY [pid 5066] close(4) = 0 [pid 5066] rmdir("./23/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 7487] <... ioctl resumed>) = 0 [pid 5066] rmdir("./23") = 0 [pid 5066] mkdir("./24", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 7486] <... open resumed>) = 5 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7588 [pid 7487] open("./file0", O_RDONLY [pid 7486] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7487] <... open resumed>) = 5 [pid 7485] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7588 attached [pid 7588] set_robust_list(0x555557145760, 24) = 0 [pid 7588] chdir("./24") = 0 [pid 7588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7588] setpgid(0, 0) = 0 [pid 7588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7487] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7485] open("./file0", O_RDONLY [pid 7588] write(3, "1000", 4 [pid 7485] <... open resumed>) = 5 [pid 7588] <... write resumed>) = 4 [pid 7485] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7588] close(3) = 0 [pid 7588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7588] memfd_create("syzkaller", 0 [pid 7486] <... ioctl resumed>) = 0 [pid 7588] <... memfd_create resumed>) = 3 [pid 7487] <... ioctl resumed>) = 0 [pid 7486] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7485] <... ioctl resumed>) = 0 [pid 7486] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7487] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7588] <... mmap resumed>) = 0x7fda9371b000 [pid 7487] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7486] exit_group(0 [pid 7485] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7487] exit_group(0 [pid 7486] <... exit_group resumed>) = ? [pid 7485] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7487] <... exit_group resumed>) = ? [pid 7485] exit_group(0 [pid 7487] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7487, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [pid 7486] +++ exited with 0 +++ [pid 7485] <... exit_group resumed>) = ? [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7486, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 7485] +++ exited with 0 +++ [pid 5065] <... restart_syscall resumed>) = 0 [pid 5067] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7485, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(3, "", [pid 5065] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5068] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5068] newfstatat(3, "", [pid 5067] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, [pid 5065] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./22/file0", [pid 5068] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./22/binderfs" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] unlink("./22/binderfs" [pid 5067] unlink("./22/binderfs" [pid 5065] <... unlink resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... unlink resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... unlink resumed>) = 0 [pid 5065] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... openat resumed>) = 4 [pid 5067] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./22/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] close(3) = 0 [pid 5069] rmdir("./22") = 0 [pid 5069] mkdir("./23", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7590 attached , child_tidptr=0x555557145750) = 7590 [pid 7590] set_robust_list(0x555557145760, 24) = 0 [pid 7590] chdir("./23") = 0 [pid 7590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7590] setpgid(0, 0) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5067] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./22/file0", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7590] <... openat resumed>) = 3 [pid 5068] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(4, "", [pid 5065] <... openat resumed>) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(4, "", [pid 5068] newfstatat(AT_FDCWD, "./22/file0", [pid 5067] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7590] write(3, "1000", 4 [pid 5068] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] getdents64(4, [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 7590] <... write resumed>) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7590] close(3 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7590] <... close resumed>) = 0 [pid 5067] close(4 [pid 5065] close(4 [pid 7590] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 7590] <... symlink resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] rmdir("./22/file0" [pid 5065] rmdir("./22/file0" [pid 5068] <... openat resumed>) = 4 [pid 5065] <... rmdir resumed>) = 0 [pid 5068] newfstatat(4, "", [pid 5067] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(3, [pid 5068] getdents64(4, [pid 5065] close(3 [pid 7590] memfd_create("syzkaller", 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] getdents64(4, [pid 5067] close(3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... close resumed>) = 0 [pid 5065] rmdir("./22") = 0 [pid 5068] close(4 [pid 5067] rmdir("./22" [pid 5068] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5068] rmdir("./22/file0" [pid 5067] mkdir("./23", 0777 [pid 5065] mkdir("./23", 0777 [pid 5067] <... mkdir resumed>) = 0 [pid 7590] <... memfd_create resumed>) = 3 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] <... mkdir resumed>) = 0 [pid 7590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] getdents64(3, [pid 5067] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7590] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5068] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7593 [pid 5065] <... ioctl resumed>) = 0 [pid 5068] rmdir("./22" [pid 5065] close(3./strace-static-x86_64: Process 7593 attached [pid 7593] set_robust_list(0x555557145760, 24) = 0 [pid 7593] chdir("./23") = 0 [pid 7593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7593] setpgid(0, 0) = 0 [pid 7593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7593] write(3, "1000", 4) = 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 7593] close(3 [pid 7588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] mkdir("./23", 0777 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7593] <... close resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 7593] symlink("/dev/binderfs", "./binderfs" [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 7594 [pid 7593] <... symlink resumed>) = 0 [pid 7593] memfd_create("syzkaller", 0) = 3 [pid 7593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... openat resumed>) = 3 ./strace-static-x86_64: Process 7594 attached [pid 5068] ioctl(3, LOOP_CLR_FD [pid 7594] set_robust_list(0x555557145760, 24 [pid 5068] <... ioctl resumed>) = 0 [pid 7594] <... set_robust_list resumed>) = 0 [pid 5068] close(3 [pid 7594] chdir("./23" [pid 5068] <... close resumed>) = 0 [pid 7594] <... chdir resumed>) = 0 [pid 7594] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7594] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 7595 attached [pid 7594] setpgid(0, 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7595 [pid 7594] <... setpgid resumed>) = 0 [pid 7595] set_robust_list(0x555557145760, 24 [pid 7594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7594] write(3, "1000", 4) = 4 [pid 7595] <... set_robust_list resumed>) = 0 [pid 7595] chdir("./23" [pid 7594] close(3) = 0 [pid 7594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7594] memfd_create("syzkaller", 0) = 3 [pid 7595] <... chdir resumed>) = 0 [pid 7594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7594] <... mmap resumed>) = 0x7fda9371b000 [pid 7595] setpgid(0, 0) = 0 [pid 7595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7595] write(3, "1000", 4) = 4 [pid 7595] close(3) = 0 [pid 7595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7595] memfd_create("syzkaller", 0) = 3 [pid 7595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7573] <... write resumed>) = 16777216 [pid 7573] munmap(0x7fda9371b000, 138412032) = 0 [pid 7590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7573] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7573] close(3) = 0 [pid 7573] mkdir("./file0", 0777) = 0 [ 111.889820][ T7573] loop0: detected capacity change from 0 to 32768 [ 111.963710][ T7573] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7573) [pid 7573] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7588] <... write resumed>) = 16777216 [pid 7595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7588] munmap(0x7fda9371b000, 138412032) = 0 [pid 7588] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7588] close(3) = 0 [pid 7588] mkdir("./file0", 0777) = 0 [ 112.131237][ T7588] loop2: detected capacity change from 0 to 32768 [pid 7588] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7594] <... write resumed>) = 16777216 [ 112.192517][ T7588] BTRFS: device /dev/loop2 using temp-fsid bf3b8b3b-47a9-4dbe-8ff9-a4cb9a0ded5e [ 112.204626][ T7588] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7588) [pid 7594] munmap(0x7fda9371b000, 138412032) = 0 [pid 7594] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7594] close(3) = 0 [ 112.259387][ T7594] loop1: detected capacity change from 0 to 32768 [pid 7594] mkdir("./file0", 0777) = 0 [pid 7573] <... mount resumed>) = 0 [pid 7594] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7573] chdir("./file0") = 0 [pid 7573] ioctl(4, LOOP_CLR_FD) = 0 [pid 7573] close(4) = 0 [pid 7573] open("./file0", O_RDONLY) = 4 [pid 7573] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7573] open("./file0", O_RDONLY) = 5 [pid 7573] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7573] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7573] exit_group(0) = ? [pid 7573] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7573, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [ 112.300107][ T7594] BTRFS: device /dev/loop1 using temp-fsid 14b220aa-f12b-4e13-998b-3e3c89ab56b9 [ 112.311593][ T7594] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7594) [pid 5064] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./23/binderfs") = 0 [pid 5064] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5064] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./23/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 7588] <... mount resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./23") = 0 [pid 7588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] mkdir("./24", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7588] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 7588] chdir("./file0" [pid 5064] ioctl(3, LOOP_CLR_FD [pid 7588] <... chdir resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7590] <... write resumed>) = 16777216 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 7644 [pid 7593] <... write resumed>) = 16777216 [pid 7588] ioctl(4, LOOP_CLR_FD [pid 7593] munmap(0x7fda9371b000, 138412032 [pid 7588] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7644 attached [pid 7588] close(4 [pid 7644] set_robust_list(0x555557145760, 24 [pid 7588] <... close resumed>) = 0 [pid 7644] <... set_robust_list resumed>) = 0 [pid 7588] open("./file0", O_RDONLY [pid 7644] chdir("./24" [pid 7588] <... open resumed>) = 4 [pid 7644] <... chdir resumed>) = 0 [pid 7588] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7644] setpgid(0, 0) = 0 [pid 7593] <... munmap resumed>) = 0 [pid 7588] <... ioctl resumed>) = 0 [pid 7593] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7593] <... openat resumed>) = 4 [pid 7588] open("./file0", O_RDONLY [pid 7593] ioctl(4, LOOP_SET_FD, 3 [pid 7644] <... openat resumed>) = 3 [pid 7588] <... open resumed>) = 5 [pid 7644] write(3, "1000", 4 [pid 7588] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7644] <... write resumed>) = 4 [pid 7588] <... ioctl resumed>) = 0 [pid 7644] close(3 [pid 7588] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7644] <... close resumed>) = 0 [pid 7588] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7644] symlink("/dev/binderfs", "./binderfs" [pid 7588] exit_group(0 [pid 7644] <... symlink resumed>) = 0 [pid 7588] <... exit_group resumed>) = ? [pid 7644] memfd_create("syzkaller", 0 [pid 7588] +++ exited with 0 +++ [pid 7644] <... memfd_create resumed>) = 3 [pid 7595] <... write resumed>) = 16777216 [pid 7593] <... ioctl resumed>) = 0 [pid 7644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7594] <... mount resumed>) = 0 [pid 7590] munmap(0x7fda9371b000, 138412032 [pid 7644] <... mmap resumed>) = 0x7fda9371b000 [pid 7594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7590] <... munmap resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7588, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 7595] munmap(0x7fda9371b000, 138412032 [pid 7594] <... openat resumed>) = 3 [pid 7593] close(3 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 7593] <... close resumed>) = 0 [pid 7593] mkdir("./file0", 0777 [pid 5066] <... restart_syscall resumed>) = 0 [pid 7595] <... munmap resumed>) = 0 [pid 7594] chdir("./file0" [pid 7593] <... mkdir resumed>) = 0 [pid 7594] <... chdir resumed>) = 0 [pid 5066] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7593] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7595] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7595] <... openat resumed>) = 4 [ 112.553420][ T7593] loop3: detected capacity change from 0 to 32768 [pid 7594] ioctl(4, LOOP_CLR_FD [pid 5066] <... openat resumed>) = 3 [pid 7595] ioctl(4, LOOP_SET_FD, 3 [pid 7594] <... ioctl resumed>) = 0 [pid 7594] close(4) = 0 [pid 7594] open("./file0", O_RDONLY) = 4 [pid 7594] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7590] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7590] <... openat resumed>) = 4 [pid 7590] ioctl(4, LOOP_SET_FD, 3 [pid 7594] open("./file0", O_RDONLY) = 5 [pid 7594] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7595] <... ioctl resumed>) = 0 [pid 5066] getdents64(3, [pid 7595] close(3) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7595] mkdir("./file0", 0777 [pid 5066] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7594] <... ioctl resumed>) = 0 [pid 7595] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7595] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] newfstatat(AT_FDCWD, "./24/binderfs", [pid 7594] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./24/binderfs" [pid 7594] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... unlink resumed>) = 0 [pid 7594] exit_group(0 [pid 5066] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7594] <... exit_group resumed>) = ? [pid 7594] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7594, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7590] <... ioctl resumed>) = 0 [pid 5065] getdents64(3, [pid 7590] close(3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7590] <... close resumed>) = 0 [pid 5065] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7590] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7590] <... mkdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 112.599690][ T7593] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7593) [ 112.614741][ T7595] loop4: detected capacity change from 0 to 32768 [ 112.630481][ T7590] loop5: detected capacity change from 0 to 32768 [pid 7590] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] unlink("./23/binderfs") = 0 [ 112.678937][ T7595] BTRFS: device /dev/loop4 using temp-fsid 454631b6-f514-4a06-8fe7-9761cd1dbdab [ 112.709507][ T7595] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7595) [ 112.759696][ T7590] BTRFS: device /dev/loop5 using temp-fsid b61496fc-28ba-4670-a0b3-1d15b912c259 [ 112.786231][ T7590] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7590) [pid 5065] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./24/file0", [pid 5065] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5066] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(4, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5066] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 112.820000][ T7590] _btrfs_printk: 60 callbacks suppressed [ 112.820013][ T7590] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] newfstatat(4, "", [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(4 [pid 5066] getdents64(4, [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./23/file0" [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 112.876911][ T7590] BTRFS info (device loop5): force clearing of disk cache [ 112.892384][ T7593] BTRFS info (device loop3): enabling ssd optimizations [ 112.899598][ T7590] BTRFS info (device loop5): setting nodatasum [ 112.905807][ T7590] BTRFS info (device loop5): allowing degraded mounts [ 112.908833][ T7593] BTRFS info (device loop3): auto enabling async discard [ 112.912615][ T7590] BTRFS info (device loop5): enabling disk space caching [pid 5066] getdents64(4, [pid 5065] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(3, [pid 5066] close(4 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] close(3 [pid 5066] rmdir("./24/file0" [pid 5065] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] rmdir("./23" [pid 5066] getdents64(3, [pid 5065] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] mkdir("./24", 0777 [pid 5066] close(3 [pid 5065] <... mkdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] rmdir("./24" [pid 5065] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] mkdir("./25", 0777 [pid 5065] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] close(3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 7674 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7675 ./strace-static-x86_64: Process 7674 attached [pid 7674] set_robust_list(0x555557145760, 24) = 0 [pid 7674] chdir("./24") = 0 [pid 7674] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 7675 attached ) = 0 [pid 7675] set_robust_list(0x555557145760, 24 [pid 7674] setpgid(0, 0 [pid 7675] <... set_robust_list resumed>) = 0 [pid 7674] <... setpgid resumed>) = 0 [pid 7675] chdir("./25" [pid 7674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7674] write(3, "1000", 4) = 4 [pid 7674] close(3) = 0 [pid 7674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7674] memfd_create("syzkaller", 0) = 3 [pid 7674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7675] <... chdir resumed>) = 0 [pid 7675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7675] setpgid(0, 0) = 0 [pid 7675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7675] <... openat resumed>) = 3 [pid 7675] write(3, "1000", 4) = 4 [pid 7675] close(3) = 0 [pid 7675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7675] memfd_create("syzkaller", 0) = 3 [pid 7675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 112.927487][ T7590] BTRFS info (device loop5): disk space caching is enabled [ 112.948713][ T7593] BTRFS info (device loop3): rebuilding free space tree [ 113.011918][ T7593] BTRFS info (device loop3): disabling free space tree [ 113.023650][ T7593] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.035184][ T7593] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7593] <... mount resumed>) = 0 [pid 7593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7593] chdir("./file0") = 0 [pid 7593] ioctl(4, LOOP_CLR_FD) = 0 [ 113.060495][ T7593] BTRFS info (device loop3): checking UUID tree [pid 7593] close(4) = 0 [pid 7593] open("./file0", O_RDONLY) = 4 [ 113.108166][ T7595] BTRFS info (device loop4): enabling ssd optimizations [ 113.125662][ T7595] BTRFS info (device loop4): auto enabling async discard [pid 7593] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7593] open("./file0", O_RDONLY) = 5 [pid 7593] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 113.171017][ T7590] BTRFS info (device loop5): enabling ssd optimizations [ 113.177969][ T7590] BTRFS info (device loop5): auto enabling async discard [ 113.191860][ T7595] BTRFS info (device loop4): rebuilding free space tree [pid 7593] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7593] exit_group(0) = ? [pid 7593] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7593, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./23/binderfs") = 0 [ 113.212742][ T76] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 113.227271][ T7590] BTRFS info (device loop5): rebuilding free space tree [ 113.281168][ T7590] BTRFS info (device loop5): disabling free space tree [ 113.288091][ T7590] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.312207][ T7595] BTRFS info (device loop4): disabling free space tree [pid 5067] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 113.350051][ T7595] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.359779][ T7590] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7590] <... mount resumed>) = 0 [ 113.390520][ T7590] BTRFS info (device loop5): checking UUID tree [pid 7590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] <... umount2 resumed>) = 0 [pid 7590] chdir("./file0" [pid 5067] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7590] <... chdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7590] ioctl(4, LOOP_CLR_FD [pid 5067] newfstatat(AT_FDCWD, "./23/file0", [pid 7590] <... ioctl resumed>) = 0 [ 113.459583][ T7595] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7590] close(4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7590] <... close resumed>) = 0 [pid 5067] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7590] open("./file0", O_RDONLY) = 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7590] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 7590] <... ioctl resumed>) = 0 [pid 7590] open("./file0", O_RDONLY [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7590] <... open resumed>) = 5 [pid 5067] close(4 [pid 7590] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./23/file0" [pid 7590] <... ioctl resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 7590] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] getdents64(3, [pid 7590] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7590] exit_group(0 [pid 5067] close(3) = 0 [pid 7675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7590] <... exit_group resumed>) = ? [pid 5067] rmdir("./23" [pid 7590] +++ exited with 0 +++ [pid 5067] <... rmdir resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7590, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] mkdir("./24", 0777 [pid 5069] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... openat resumed>) = 3 [pid 5069] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 113.570770][ T7595] BTRFS info (device loop4): checking UUID tree [ 113.593821][ T2855] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 7595] <... mount resumed>) = 0 [pid 5069] unlink("./23/binderfs" [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] <... ioctl resumed>) = 0 [pid 7595] chdir("./file0") = 0 [pid 7595] ioctl(4, LOOP_CLR_FD) = 0 [pid 7595] close(4 [pid 5067] close(3 [pid 7595] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 7595] open("./file0", O_RDONLY) = 4 [pid 7595] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7700 attached , child_tidptr=0x555557145750) = 7700 [pid 7700] set_robust_list(0x555557145760, 24) = 0 [pid 7700] chdir("./24") = 0 [pid 7700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7700] setpgid(0, 0) = 0 [pid 7595] <... ioctl resumed>) = 0 [pid 7595] open("./file0", O_RDONLY [pid 7700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7644] <... write resumed>) = 16777216 [pid 7595] <... open resumed>) = 5 [pid 7595] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7700] <... openat resumed>) = 3 [pid 7700] write(3, "1000", 4 [pid 7595] <... ioctl resumed>) = 0 [pid 7595] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7595] exit_group(0) = ? [pid 7595] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7595, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5068] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./23/binderfs") = 0 [pid 5068] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7700] <... write resumed>) = 4 [pid 7700] close(3) = 0 [pid 7644] munmap(0x7fda9371b000, 138412032 [pid 7700] symlink("/dev/binderfs", "./binderfs" [pid 7644] <... munmap resumed>) = 0 [pid 7700] <... symlink resumed>) = 0 [pid 7644] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7700] memfd_create("syzkaller", 0 [pid 7644] <... openat resumed>) = 4 [pid 7644] ioctl(4, LOOP_SET_FD, 3 [pid 7700] <... memfd_create resumed>) = 3 [pid 7700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7644] <... ioctl resumed>) = 0 [pid 7644] close(3) = 0 [pid 7644] mkdir("./file0", 0777) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7644] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 113.765146][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 113.805320][ T7644] loop0: detected capacity change from 0 to 32768 [pid 5069] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 113.859400][ T7644] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7644) [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./23/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [ 113.948856][ T7644] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 113.958101][ T7644] BTRFS info (device loop0): force clearing of disk cache [pid 7674] <... write resumed>) = 16777216 [pid 5069] rmdir("./23") = 0 [pid 5069] mkdir("./24", 0777) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 7674] munmap(0x7fda9371b000, 138412032 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 7674] <... munmap resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... ioctl resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] close(3 [pid 5068] newfstatat(AT_FDCWD, "./23/file0", [pid 5069] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7702 attached [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 7702 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 7702] set_robust_list(0x555557145760, 24 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7702] <... set_robust_list resumed>) = 0 [ 114.038837][ T7644] BTRFS info (device loop0): setting nodatasum [ 114.045044][ T7644] BTRFS info (device loop0): allowing degraded mounts [pid 7674] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7702] chdir("./24" [pid 7674] <... openat resumed>) = 4 [pid 5068] getdents64(4, [pid 7702] <... chdir resumed>) = 0 [pid 7674] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7702] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] close(4) = 0 [pid 7702] <... prctl resumed>) = 0 [pid 5068] rmdir("./23/file0" [pid 7702] setpgid(0, 0 [pid 5068] <... rmdir resumed>) = 0 [pid 7702] <... setpgid resumed>) = 0 [pid 5068] getdents64(3, [pid 7702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7674] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7674] close(3 [pid 5068] close(3 [pid 7674] <... close resumed>) = 0 [pid 7702] <... openat resumed>) = 3 [pid 7674] mkdir("./file0", 0777 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./23") = 0 [pid 7674] <... mkdir resumed>) = 0 [ 114.091293][ T7644] BTRFS info (device loop0): enabling disk space caching [ 114.098354][ T7644] BTRFS info (device loop0): disk space caching is enabled [ 114.106386][ T7674] loop1: detected capacity change from 0 to 32768 [pid 5068] mkdir("./24", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7674] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7702] write(3, "1000", 4 [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3 [pid 7702] <... write resumed>) = 4 [pid 7702] close(3) = 0 [pid 5068] <... close resumed>) = 0 [pid 7702] symlink("/dev/binderfs", "./binderfs" [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7706 attached [pid 7702] <... symlink resumed>) = 0 [pid 7706] set_robust_list(0x555557145760, 24 [pid 7702] memfd_create("syzkaller", 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7706 [pid 7702] <... memfd_create resumed>) = 3 [pid 7706] <... set_robust_list resumed>) = 0 [pid 7702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7706] chdir("./24") = 0 [pid 7675] <... write resumed>) = 16777216 [pid 7706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 114.160114][ T7674] BTRFS: device /dev/loop1 using temp-fsid e6e787f7-aac5-4821-8bda-33081a21c187 [ 114.190628][ T7674] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7674) [pid 7675] munmap(0x7fda9371b000, 138412032 [pid 7700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7706] setpgid(0, 0 [pid 7675] <... munmap resumed>) = 0 [pid 7706] <... setpgid resumed>) = 0 [pid 7706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7706] write(3, "1000", 4) = 4 [pid 7706] close(3) = 0 [pid 7706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7706] memfd_create("syzkaller", 0) = 3 [pid 7706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7675] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7675] close(3) = 0 [pid 7675] mkdir("./file0", 0777) = 0 [ 114.300403][ T7675] loop2: detected capacity change from 0 to 32768 [ 114.339800][ T7674] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.366322][ T7675] BTRFS: device /dev/loop2 using temp-fsid 57b6f68a-1137-4ae7-a138-7324e41a7968 [ 114.415326][ T7674] BTRFS info (device loop1): force clearing of disk cache [ 114.435560][ T7675] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7675) [ 114.459958][ T7674] BTRFS info (device loop1): setting nodatasum [ 114.490038][ T7674] BTRFS info (device loop1): allowing degraded mounts [ 114.527586][ T7674] BTRFS info (device loop1): enabling disk space caching [ 114.529632][ T7675] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.558978][ T7675] BTRFS info (device loop2): force clearing of disk cache [ 114.566619][ T7644] BTRFS info (device loop0): enabling ssd optimizations [ 114.575194][ T7674] BTRFS info (device loop1): disk space caching is enabled [ 114.583251][ T7675] BTRFS info (device loop2): setting nodatasum [ 114.589553][ T7644] BTRFS info (device loop0): auto enabling async discard [ 114.599320][ T7644] BTRFS info (device loop0): rebuilding free space tree [ 114.608894][ T7675] BTRFS info (device loop2): allowing degraded mounts [ 114.615672][ T7675] BTRFS info (device loop2): enabling disk space caching [pid 7675] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 114.638883][ T7675] BTRFS info (device loop2): disk space caching is enabled [ 114.649770][ T7644] BTRFS info (device loop0): disabling free space tree [ 114.669464][ T7644] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 114.709934][ T7644] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7706] <... write resumed>) = 16777216 [pid 7706] munmap(0x7fda9371b000, 138412032 [pid 7644] <... mount resumed>) = 0 [pid 7644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7644] chdir("./file0" [pid 7706] <... munmap resumed>) = 0 [pid 7644] <... chdir resumed>) = 0 [pid 7644] ioctl(4, LOOP_CLR_FD) = 0 [ 114.781750][ T7644] BTRFS info (device loop0): checking UUID tree [ 114.790752][ T7674] BTRFS info (device loop1): enabling ssd optimizations [ 114.797702][ T7674] BTRFS info (device loop1): auto enabling async discard [pid 7706] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7706] ioctl(4, LOOP_SET_FD, 3 [pid 7644] close(4) = 0 [pid 7644] open("./file0", O_RDONLY [pid 7706] <... ioctl resumed>) = 0 [pid 7644] <... open resumed>) = 4 [pid 7706] close(3 [pid 7644] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7644] open("./file0", O_RDONLY) = 5 [pid 7706] <... close resumed>) = 0 [pid 7644] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7644] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7644] exit_group(0) = ? [pid 7644] +++ exited with 0 +++ [pid 7706] mkdir("./file0", 0777 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7644, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 7706] <... mkdir resumed>) = 0 [pid 7706] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 114.828943][ T7675] BTRFS info (device loop2): enabling ssd optimizations [ 114.831440][ T7706] loop4: detected capacity change from 0 to 32768 [ 114.836685][ T7675] BTRFS info (device loop2): auto enabling async discard [ 114.861793][ T7675] BTRFS info (device loop2): rebuilding free space tree [ 114.869288][ T7674] BTRFS info (device loop1): rebuilding free space tree [pid 5064] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7700] <... write resumed>) = 16777216 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 114.899303][ T7706] BTRFS: device /dev/loop4 using temp-fsid 425bf57e-4696-400d-a035-708fcf8886c9 [ 114.908367][ T7706] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7706) [pid 7702] <... write resumed>) = 16777216 [pid 5064] newfstatat(AT_FDCWD, "./24/binderfs", [pid 7700] munmap(0x7fda9371b000, 138412032 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7702] munmap(0x7fda9371b000, 138412032 [ 114.946216][ T7674] BTRFS info (device loop1): disabling free space tree [ 114.947573][ T7675] BTRFS info (device loop2): disabling free space tree [ 114.953439][ T7674] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 114.960781][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 114.970400][ T7674] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] unlink("./24/binderfs" [pid 7702] <... munmap resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7700] <... munmap resumed>) = 0 [pid 7700] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7674] <... mount resumed>) = 0 [pid 7700] <... openat resumed>) = 4 [pid 7700] ioctl(4, LOOP_SET_FD, 3 [pid 7674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7702] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 114.994893][ T7674] BTRFS info (device loop1): checking UUID tree [ 114.998701][ T7675] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 115.004954][ T7706] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 115.021701][ T7706] BTRFS info (device loop4): force clearing of disk cache [ 115.023514][ T7700] loop3: detected capacity change from 0 to 32768 [ 115.033332][ T7706] BTRFS info (device loop4): setting nodatasum [pid 7702] ioctl(4, LOOP_SET_FD, 3 [pid 7674] <... openat resumed>) = 3 [pid 7702] <... ioctl resumed>) = 0 [pid 7702] close(3) = 0 [pid 7702] mkdir("./file0", 0777) = 0 [pid 7702] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7674] chdir("./file0") = 0 [pid 7674] ioctl(4, LOOP_CLR_FD) = 0 [pid 7700] <... ioctl resumed>) = 0 [pid 7700] close(3) = 0 [pid 7700] mkdir("./file0", 0777) = 0 [ 115.039129][ T7702] loop5: detected capacity change from 0 to 32768 [ 115.042265][ T7706] BTRFS info (device loop4): allowing degraded mounts [ 115.057389][ T7702] BTRFS: device /dev/loop5 using temp-fsid 16be4916-340b-42ea-878d-ca04eca8203e [ 115.069027][ T7706] BTRFS info (device loop4): enabling disk space caching [ 115.076091][ T7706] BTRFS info (device loop4): disk space caching is enabled [ 115.078298][ T7675] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7700] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7674] close(4) = 0 [pid 7674] open("./file0", O_RDONLY) = 4 [ 115.088857][ T7702] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7702) [ 115.110149][ T7700] BTRFS: device /dev/loop3 using temp-fsid 3c452668-b0a7-4e59-822e-dc000f8b278c [ 115.122583][ T7702] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 115.133357][ T7700] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7700) [pid 7674] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7674] open("./file0", O_RDONLY) = 5 [pid 7674] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7674] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7674] exit_group(0) = ? [pid 7674] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7674, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./24/binderfs") = 0 [ 115.146315][ T7702] BTRFS info (device loop5): force clearing of disk cache [ 115.153901][ T7702] BTRFS info (device loop5): setting nodatasum [ 115.163362][ T76] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 115.173203][ T7702] BTRFS info (device loop5): allowing degraded mounts [ 115.195616][ T7675] BTRFS info (device loop2): checking UUID tree [ 115.203576][ T7702] BTRFS info (device loop5): enabling disk space caching [ 115.211089][ T7702] BTRFS info (device loop5): disk space caching is enabled [pid 5065] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7675] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 7675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7675] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7675] chdir("./file0" [pid 5064] newfstatat(AT_FDCWD, "./24/file0", [pid 7675] <... chdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7675] ioctl(4, LOOP_CLR_FD [pid 5064] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7675] <... ioctl resumed>) = 0 [pid 7675] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7675] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7675] open("./file0", O_RDONLY [pid 5064] <... openat resumed>) = 4 [pid 7675] <... open resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 7675] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [ 115.244079][ T7700] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] <... umount2 resumed>) = 0 [pid 5064] rmdir("./24/file0" [pid 5065] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./24/file0", [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] getdents64(3, [pid 5065] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7675] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 7675] open("./file0", O_RDONLY) = 5 [pid 5064] <... close resumed>) = 0 [pid 7675] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] rmdir("./24" [pid 5065] <... openat resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./25", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] newfstatat(4, "", [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] close(3 [pid 5065] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 7675] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7675] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] getdents64(4, [pid 7675] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7675] exit_group(0 [pid 5065] close(4 [pid 7675] <... exit_group resumed>) = ? [pid 7675] +++ exited with 0 +++ [pid 5065] <... close resumed>) = 0 ./strace-static-x86_64: Process 7782 attached [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7675, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=37 /* 0.37 s */} --- [pid 5065] rmdir("./24/file0" [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 7782 [pid 7782] set_robust_list(0x555557145760, 24 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5065] <... rmdir resumed>) = 0 [ 115.315836][ T7700] BTRFS info (device loop3): force clearing of disk cache [ 115.337259][ T7702] BTRFS info (device loop5): enabling ssd optimizations [ 115.350970][ T7700] BTRFS info (device loop3): setting nodatasum [ 115.357865][ T7700] BTRFS info (device loop3): allowing degraded mounts [pid 7782] <... set_robust_list resumed>) = 0 [pid 5066] <... restart_syscall resumed>) = 0 [pid 5065] getdents64(3, [pid 7782] chdir("./25" [pid 5066] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7782] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7782] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7782] <... prctl resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7782] setpgid(0, 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(3 [pid 7782] <... setpgid resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] rmdir("./24" [pid 5066] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 [pid 7782] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5065] mkdir("./25", 0777 [pid 7782] write(3, "1000", 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] unlink("./25/binderfs" [pid 7782] <... write resumed>) = 4 [pid 5066] <... unlink resumed>) = 0 [pid 7782] close(3 [pid 5066] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7782] <... close resumed>) = 0 [pid 7782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7782] memfd_create("syzkaller", 0) = 3 [pid 7782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [ 115.361243][ T7706] BTRFS info (device loop4): enabling ssd optimizations [ 115.364860][ T7700] BTRFS info (device loop3): enabling disk space caching [ 115.379158][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 115.393464][ T7700] BTRFS info (device loop3): disk space caching is enabled [ 115.403303][ T7702] BTRFS info (device loop5): auto enabling async discard [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7786 ./strace-static-x86_64: Process 7786 attached [pid 7786] set_robust_list(0x555557145760, 24) = 0 [pid 7786] chdir("./25") = 0 [pid 7786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 115.434198][ T7706] BTRFS info (device loop4): auto enabling async discard [ 115.449836][ T7702] BTRFS info (device loop5): rebuilding free space tree [pid 7786] setpgid(0, 0) = 0 [pid 7786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7786] write(3, "1000", 4) = 4 [pid 7786] close(3) = 0 [ 115.494386][ T7706] BTRFS info (device loop4): rebuilding free space tree [pid 7786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 115.550696][ T7702] BTRFS info (device loop5): disabling free space tree [ 115.559416][ T7702] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 115.589732][ T7702] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7786] memfd_create("syzkaller", 0) = 3 [pid 7786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... umount2 resumed>) = 0 [ 115.611045][ T7706] BTRFS info (device loop4): disabling free space tree [pid 5066] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7706] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./25/file0", [pid 7706] <... openat resumed>) = 3 [pid 7706] chdir("./file0") = 0 [pid 7706] ioctl(4, LOOP_CLR_FD) = 0 [pid 7706] close(4) = 0 [pid 7706] open("./file0", O_RDONLY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7706] <... open resumed>) = 4 [pid 7706] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./25/file0") = 0 [pid 7706] <... ioctl resumed>) = 0 [pid 7702] <... mount resumed>) = 0 [pid 5066] getdents64(3, [pid 7706] open("./file0", O_RDONLY) = 5 [pid 7702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7706] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7702] <... openat resumed>) = 3 [pid 5066] close(3 [pid 7702] chdir("./file0") = 0 [pid 7702] ioctl(4, LOOP_CLR_FD) = 0 [pid 7702] close(4) = 0 [pid 7706] <... ioctl resumed>) = 0 [pid 7702] open("./file0", O_RDONLY [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./25" [pid 7702] <... open resumed>) = 4 [pid 7702] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... rmdir resumed>) = 0 [pid 7700] <... mount resumed>) = 0 [pid 7706] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7706] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7706] exit_group(0) = ? [pid 7706] +++ exited with 0 +++ [pid 7700] <... openat resumed>) = 3 [pid 5066] mkdir("./26", 0777 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7706, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 7702] <... ioctl resumed>) = 0 [pid 7700] chdir("./file0" [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5066] <... mkdir resumed>) = 0 [pid 7702] open("./file0", O_RDONLY) = 5 [pid 5068] <... restart_syscall resumed>) = 0 [pid 7702] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7700] <... chdir resumed>) = 0 [pid 7702] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 7700] ioctl(4, LOOP_CLR_FD [pid 5068] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7702] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7700] <... ioctl resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7700] close(4 [pid 5068] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7700] <... close resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 7702] exit_group(0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7702] <... exit_group resumed>) = ? [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7700] open("./file0", O_RDONLY [pid 5068] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./24/binderfs", [pid 7702] +++ exited with 0 +++ [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./24/binderfs" [pid 7700] <... open resumed>) = 4 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7702, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5068] <... unlink resumed>) = 0 [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5068] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7700] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... restart_syscall resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5069] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5066] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./24/binderfs" [pid 5066] <... close resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7805 attached [pid 7805] set_robust_list(0x555557145760, 24 [pid 7700] <... ioctl resumed>) = 0 [pid 7700] open("./file0", O_RDONLY) = 5 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 7805 [pid 7700] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7805] <... set_robust_list resumed>) = 0 [pid 7805] chdir("./26") = 0 [pid 7805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7805] setpgid(0, 0) = 0 [pid 7805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7805] write(3, "1000", 4) = 4 [pid 7700] <... ioctl resumed>) = 0 [pid 7700] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7700] exit_group(0) = ? [pid 7700] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7700, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- [pid 5067] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7805] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7805] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 7805] symlink("/dev/binderfs", "./binderfs" [pid 5067] newfstatat(3, "", [pid 7805] <... symlink resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7805] memfd_create("syzkaller", 0 [pid 5067] getdents64(3, [pid 7805] <... memfd_create resumed>) = 3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7805] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./24/binderfs") = 0 [pid 5067] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(4, [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./24/file0", [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] getdents64(4, [pid 5069] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(4 [pid 5069] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... close resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5068] rmdir("./24/file0") = 0 [pid 5068] getdents64(3, [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./24/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./24") = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] mkdir("./25", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] close(3) = 0 [pid 5068] rmdir("./24" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 7809 ./strace-static-x86_64: Process 7809 attached [pid 7809] set_robust_list(0x555557145760, 24) = 0 [pid 7809] chdir("./25") = 0 [pid 7809] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... rmdir resumed>) = 0 [pid 7809] <... prctl resumed>) = 0 [pid 7809] setpgid(0, 0) = 0 [pid 7809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7809] write(3, "1000", 4) = 4 [pid 7809] close(3) = 0 [pid 5068] mkdir("./25", 0777 [pid 7809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 7809] memfd_create("syzkaller", 0) = 3 [pid 7809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7810 ./strace-static-x86_64: Process 7810 attached [pid 7810] set_robust_list(0x555557145760, 24) = 0 [pid 7810] chdir("./25") = 0 [pid 7810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7810] setpgid(0, 0) = 0 [pid 7810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7810] write(3, "1000", 4) = 4 [pid 7810] close(3) = 0 [pid 7810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7810] memfd_create("syzkaller", 0) = 3 [pid 7810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7782] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7782] munmap(0x7fda9371b000, 138412032 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7782] <... munmap resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] newfstatat(4, "", [pid 7782] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 116.357348][ T7782] loop0: detected capacity change from 0 to 32768 [pid 5067] getdents64(4, [pid 7782] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 7782] close(3 [pid 5067] rmdir("./24/file0" [pid 7782] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 7782] mkdir("./file0", 0777 [pid 5067] rmdir("./24" [pid 7782] <... mkdir resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./25", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7811 [pid 7782] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,"./strace-static-x86_64: Process 7811 attached [pid 7811] set_robust_list(0x555557145760, 24) = 0 [pid 7811] chdir("./25") = 0 [pid 7811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7811] setpgid(0, 0) = 0 [pid 7811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7811] write(3, "1000", 4) = 4 [pid 7811] close(3) = 0 [pid 7811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7811] memfd_create("syzkaller", 0) = 3 [pid 7811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 116.499262][ T7782] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7782) [pid 7809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7786] <... write resumed>) = 16777216 [pid 7786] munmap(0x7fda9371b000, 138412032) = 0 [pid 7786] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7786] close(3) = 0 [pid 7786] mkdir("./file0", 0777) = 0 [pid 7810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7805] <... write resumed>) = 16777216 [ 116.826714][ T7786] loop1: detected capacity change from 0 to 32768 [pid 7786] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7805] munmap(0x7fda9371b000, 138412032) = 0 [pid 7805] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 116.876828][ T7786] BTRFS: device /dev/loop1 using temp-fsid cd67a296-c51f-4182-8e16-e16cbf20cd28 [ 116.901140][ T7786] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7786) [pid 7805] ioctl(4, LOOP_SET_FD, 3 [pid 7782] <... mount resumed>) = 0 [pid 7782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7782] chdir("./file0") = 0 [pid 7782] ioctl(4, LOOP_CLR_FD) = 0 [pid 7805] <... ioctl resumed>) = 0 [pid 7782] close(4 [pid 7805] close(3 [pid 7782] <... close resumed>) = 0 [ 116.933635][ T7805] loop2: detected capacity change from 0 to 32768 [pid 7805] <... close resumed>) = 0 [pid 7782] open("./file0", O_RDONLY [pid 7805] mkdir("./file0", 0777 [pid 7782] <... open resumed>) = 4 [pid 7805] <... mkdir resumed>) = 0 [pid 7782] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7805] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7782] <... ioctl resumed>) = 0 [ 116.989107][ T7805] BTRFS: device /dev/loop2 using temp-fsid 3d1a3b48-d555-4852-b923-32aed597fd49 [pid 7782] open("./file0", O_RDONLY [pid 7811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7782] <... open resumed>) = 5 [pid 7782] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7782] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7782] exit_group(0) = ? [ 117.048317][ T7805] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7805) [pid 7782] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7782, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./25/binderfs" [pid 7809] <... write resumed>) = 16777216 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7809] munmap(0x7fda9371b000, 138412032) = 0 [pid 7809] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 7809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7809] close(3) = 0 [pid 7809] mkdir("./file0", 0777) = 0 [pid 7809] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7810] <... write resumed>) = 16777216 [pid 7810] munmap(0x7fda9371b000, 138412032) = 0 [ 117.208832][ T7809] loop5: detected capacity change from 0 to 32768 [ 117.243026][ T7809] BTRFS: device /dev/loop5 using temp-fsid 8492d528-7042-45fb-8fe6-4f2f9b802c68 [pid 7810] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7786] <... mount resumed>) = 0 [pid 7810] <... openat resumed>) = 4 [pid 7786] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7810] ioctl(4, LOOP_SET_FD, 3 [pid 7786] <... openat resumed>) = 3 [pid 7786] chdir("./file0") = 0 [pid 7786] ioctl(4, LOOP_CLR_FD) = 0 [pid 7786] close(4) = 0 [pid 7786] open("./file0", O_RDONLY) = 4 [pid 7786] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7810] <... ioctl resumed>) = 0 [pid 7786] <... ioctl resumed>) = 0 [pid 7810] close(3) = 0 [pid 7810] mkdir("./file0", 0777) = 0 [pid 7810] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7786] open("./file0", O_RDONLY) = 5 [pid 7786] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 117.268211][ T7809] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7809) [ 117.296892][ T7810] loop4: detected capacity change from 0 to 32768 [pid 7811] <... write resumed>) = 16777216 [pid 7786] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7811] munmap(0x7fda9371b000, 138412032 [pid 7786] exit_group(0) = ? [pid 7811] <... munmap resumed>) = 0 [pid 7786] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7786, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- [pid 7811] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 7811] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./25/file0", [pid 7811] ioctl(4, LOOP_SET_FD, 3 [pid 5065] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./25/file0") = 0 [pid 5064] getdents64(3, [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] close(3 [pid 5065] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./25" [pid 5065] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./26", 0777 [pid 7811] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 7811] close(3 [pid 5065] unlink("./25/binderfs" [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7811] <... close resumed>) = 0 [pid 7811] mkdir("./file0", 0777 [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 7811] <... mkdir resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 7811] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = 0 [ 117.363849][ T7810] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7810) [ 117.394994][ T7811] loop3: detected capacity change from 0 to 32768 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 7870 ./strace-static-x86_64: Process 7870 attached [pid 7870] set_robust_list(0x555557145760, 24) = 0 [pid 7870] chdir("./26") = 0 [pid 7870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7870] setpgid(0, 0) = 0 [pid 7870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 117.439058][ T7811] BTRFS: device /dev/loop3 using temp-fsid 7102df25-3658-4583-8cec-424f0d15a602 [pid 7870] write(3, "1000", 4) = 4 [pid 7870] close(3) = 0 [pid 7870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7805] <... mount resumed>) = 0 [pid 7805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7870] memfd_create("syzkaller", 0 [pid 7805] chdir("./file0" [pid 7870] <... memfd_create resumed>) = 3 [pid 7805] <... chdir resumed>) = 0 [pid 7805] ioctl(4, LOOP_CLR_FD [pid 7870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7805] <... ioctl resumed>) = 0 [pid 7870] <... mmap resumed>) = 0x7fda9371b000 [pid 7805] close(4) = 0 [pid 7805] open("./file0", O_RDONLY) = 4 [pid 7805] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 117.479507][ T7811] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7811) [pid 7805] open("./file0", O_RDONLY) = 5 [pid 7805] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7805] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7805] exit_group(0) = ? [pid 7805] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7805, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- [pid 5066] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5065] <... umount2 resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] unlink("./26/binderfs" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./25/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 7810] <... mount resumed>) = 0 [pid 5065] rmdir("./25" [pid 7809] <... mount resumed>) = 0 [pid 7810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./26", 0777 [pid 7809] <... openat resumed>) = 3 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7810] <... openat resumed>) = 3 [pid 7809] chdir("./file0" [pid 5065] <... openat resumed>) = 3 [pid 7809] <... chdir resumed>) = 0 [pid 7810] chdir("./file0" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 7809] ioctl(4, LOOP_CLR_FD [pid 7810] <... chdir resumed>) = 0 [pid 7809] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 7809] close(4 [pid 5065] close(3 [pid 7810] ioctl(4, LOOP_CLR_FD [pid 7809] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 7810] <... ioctl resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7809] open("./file0", O_RDONLY) = 4 [pid 7810] close(4 [pid 7809] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7810] <... close resumed>) = 0 [pid 7810] open("./file0", O_RDONLY./strace-static-x86_64: Process 7911 attached [pid 7911] set_robust_list(0x555557145760, 24 [pid 7810] <... open resumed>) = 4 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 7911 [pid 7911] <... set_robust_list resumed>) = 0 [pid 7911] chdir("./26") = 0 [pid 7911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7810] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7911] <... prctl resumed>) = 0 [pid 7911] setpgid(0, 0) = 0 [pid 7809] <... ioctl resumed>) = 0 [pid 7911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7809] open("./file0", O_RDONLY [pid 7911] write(3, "1000", 4 [pid 7810] <... ioctl resumed>) = 0 [pid 7911] <... write resumed>) = 4 [pid 7911] close(3 [pid 7810] open("./file0", O_RDONLY [pid 7911] <... close resumed>) = 0 [pid 7810] <... open resumed>) = 5 [pid 7809] <... open resumed>) = 5 [pid 7911] symlink("/dev/binderfs", "./binderfs" [pid 7810] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7809] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7911] <... symlink resumed>) = 0 [pid 7809] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7911] memfd_create("syzkaller", 0 [pid 7809] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./26/file0") = 0 [pid 7809] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 7809] exit_group(0 [pid 5066] getdents64(3, [pid 7810] <... ioctl resumed>) = 0 [pid 7809] <... exit_group resumed>) = ? [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./26" [pid 7809] +++ exited with 0 +++ [pid 7911] <... memfd_create resumed>) = 3 [pid 7810] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... rmdir resumed>) = 0 [pid 7810] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7809, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- [pid 5066] mkdir("./27", 0777 [pid 7911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7810] exit_group(0 [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5066] <... mkdir resumed>) = 0 [pid 5069] <... restart_syscall resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7810] <... exit_group resumed>) = ? [pid 5066] <... openat resumed>) = 3 [pid 7911] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5069] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] close(3 [pid 5069] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7810] +++ exited with 0 +++ [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7810, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- ./strace-static-x86_64: Process 7913 attached [pid 5069] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 7913 [pid 7913] set_robust_list(0x555557145760, 24 [pid 7811] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7811] <... openat resumed>) = 3 [pid 5069] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7811] chdir("./file0" [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7913] <... set_robust_list resumed>) = 0 [pid 7913] chdir("./27") = 0 [pid 7913] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7811] <... chdir resumed>) = 0 [pid 7913] <... prctl resumed>) = 0 [pid 7811] ioctl(4, LOOP_CLR_FD [pid 5068] <... openat resumed>) = 3 [pid 7811] <... ioctl resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 7913] setpgid(0, 0 [pid 7811] close(4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7913] <... setpgid resumed>) = 0 [pid 7811] <... close resumed>) = 0 [pid 5069] unlink("./25/binderfs" [pid 5068] getdents64(3, [pid 7811] open("./file0", O_RDONLY [pid 5069] <... unlink resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 7913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7811] <... open resumed>) = 4 [pid 5069] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7913] <... openat resumed>) = 3 [pid 5068] unlink("./25/binderfs") = 0 [pid 5068] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7913] write(3, "1000", 4 [pid 7811] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7913] <... write resumed>) = 4 [pid 7913] close(3) = 0 [pid 7913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7913] memfd_create("syzkaller", 0 [pid 7811] <... ioctl resumed>) = 0 [pid 7913] <... memfd_create resumed>) = 3 [pid 7913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 117.842437][ T2855] _btrfs_printk: 96 callbacks suppressed [ 117.842450][ T2855] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 7811] open("./file0", O_RDONLY) = 5 [pid 7811] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7811] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7811] exit_group(0) = ? [pid 7811] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7811, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5067] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./25/binderfs") = 0 [ 117.955512][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(4, "", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] newfstatat(AT_FDCWD, "./25/file0", [pid 5068] getdents64(4, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] getdents64(4, [pid 5069] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5068] close(4 [pid 5069] newfstatat(4, "", [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./25/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./25") = 0 [pid 5068] mkdir("./26", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... close resumed>) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./25/file0" [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 7917 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 7917 attached [pid 5069] close(3) = 0 [pid 7917] set_robust_list(0x555557145760, 24 [pid 5069] rmdir("./25" [pid 7917] <... set_robust_list resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 7917] chdir("./26") = 0 [pid 7917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] mkdir("./26", 0777 [pid 7917] setpgid(0, 0) = 0 [pid 7917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... mkdir resumed>) = 0 [pid 7917] <... openat resumed>) = 3 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 7917] write(3, "1000", 4) = 4 [pid 7917] close(3) = 0 [pid 7917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7917] memfd_create("syzkaller", 0) = 3 [pid 5069] <... openat resumed>) = 3 [pid 7917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7918 attached , child_tidptr=0x555557145750) = 7918 [pid 7918] set_robust_list(0x555557145760, 24) = 0 [pid 7918] chdir("./26") = 0 [pid 7918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7918] setpgid(0, 0) = 0 [pid 7918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7918] write(3, "1000", 4) = 4 [pid 7918] close(3) = 0 [pid 7918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7918] memfd_create("syzkaller", 0) = 3 [pid 7918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./25/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./25") = 0 [pid 5067] mkdir("./26", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7919 attached , child_tidptr=0x555557145750) = 7919 [pid 7919] set_robust_list(0x555557145760, 24) = 0 [pid 7919] chdir("./26") = 0 [pid 7919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7919] setpgid(0, 0) = 0 [pid 7919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7870] <... write resumed>) = 16777216 [pid 7919] <... openat resumed>) = 3 [pid 7870] munmap(0x7fda9371b000, 138412032 [pid 7919] write(3, "1000", 4) = 4 [pid 7919] close(3) = 0 [pid 7919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7919] memfd_create("syzkaller", 0) = 3 [pid 7917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7870] <... munmap resumed>) = 0 [pid 7919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7911] <... write resumed>) = 16777216 [pid 7870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7870] ioctl(4, LOOP_SET_FD, 3 [pid 7918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7911] munmap(0x7fda9371b000, 138412032 [pid 7870] <... ioctl resumed>) = 0 [pid 7870] close(3 [pid 7911] <... munmap resumed>) = 0 [pid 7870] <... close resumed>) = 0 [pid 7870] mkdir("./file0", 0777 [pid 7911] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7870] <... mkdir resumed>) = 0 [ 118.780092][ T7870] loop0: detected capacity change from 0 to 32768 [pid 7911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7870] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7911] close(3) = 0 [pid 7911] mkdir("./file0", 0777) = 0 [ 118.832157][ T7911] loop1: detected capacity change from 0 to 32768 [ 118.841026][ T7870] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (7870) [pid 7911] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7913] <... write resumed>) = 16777216 [ 118.954390][ T7911] BTRFS: device /dev/loop1 using temp-fsid 3f68b5fd-499f-495a-9de0-d489e8f65709 [ 118.979522][ T7870] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 7913] munmap(0x7fda9371b000, 138412032) = 0 [pid 7913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 118.988752][ T7870] BTRFS info (device loop0): force clearing of disk cache [ 119.014479][ T7911] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (7911) [pid 7913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7913] close(3) = 0 [pid 7913] mkdir("./file0", 0777) = 0 [ 119.056423][ T7913] loop2: detected capacity change from 0 to 32768 [ 119.079008][ T7870] BTRFS info (device loop0): setting nodatasum [pid 7913] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 119.107318][ T7870] BTRFS info (device loop0): allowing degraded mounts [ 119.137631][ T7913] BTRFS: device /dev/loop2 using temp-fsid 76e3d7cd-4a9d-4e0c-8b55-e8294ebe27fd [ 119.150320][ T7870] BTRFS info (device loop0): enabling disk space caching [ 119.159437][ T7911] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.179145][ T7870] BTRFS info (device loop0): disk space caching is enabled [ 119.186999][ T7911] BTRFS info (device loop1): force clearing of disk cache [ 119.187334][ T7913] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (7913) [ 119.218816][ T7911] BTRFS info (device loop1): setting nodatasum [ 119.225359][ T7911] BTRFS info (device loop1): allowing degraded mounts [pid 7919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7917] <... write resumed>) = 16777216 [pid 7917] munmap(0x7fda9371b000, 138412032) = 0 [ 119.265953][ T7911] BTRFS info (device loop1): enabling disk space caching [ 119.277438][ T7913] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.300668][ T7911] BTRFS info (device loop1): disk space caching is enabled [pid 7917] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 119.315327][ T7870] BTRFS info (device loop0): enabling ssd optimizations [ 119.318847][ T7913] BTRFS info (device loop2): force clearing of disk cache [ 119.328823][ T7870] BTRFS info (device loop0): auto enabling async discard [ 119.339572][ T7870] BTRFS info (device loop0): rebuilding free space tree [ 119.347246][ T7913] BTRFS info (device loop2): setting nodatasum [ 119.355795][ T7917] loop4: detected capacity change from 0 to 32768 [pid 7917] ioctl(4, LOOP_SET_FD, 3 [pid 7918] <... write resumed>) = 16777216 [pid 7918] munmap(0x7fda9371b000, 138412032 [pid 7917] <... ioctl resumed>) = 0 [pid 7917] close(3) = 0 [pid 7917] mkdir("./file0", 0777) = 0 [ 119.365524][ T7870] BTRFS info (device loop0): disabling free space tree [ 119.368512][ T7913] BTRFS info (device loop2): allowing degraded mounts [ 119.378854][ T7870] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 119.380266][ T7913] BTRFS info (device loop2): enabling disk space caching [ 119.389514][ T7870] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7918] <... munmap resumed>) = 0 [pid 7917] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7918] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 7918] ioctl(4, LOOP_SET_FD, 3 [pid 7870] <... mount resumed>) = 0 [pid 7870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7919] <... write resumed>) = 16777216 [pid 7918] <... ioctl resumed>) = 0 [pid 7918] close(3 [pid 7919] munmap(0x7fda9371b000, 138412032 [pid 7918] <... close resumed>) = 0 [pid 7870] <... openat resumed>) = 3 [pid 7918] mkdir("./file0", 0777) = 0 [pid 7918] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7919] <... munmap resumed>) = 0 [pid 7870] chdir("./file0" [pid 7919] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7870] <... chdir resumed>) = 0 [ 119.411418][ T7913] BTRFS info (device loop2): disk space caching is enabled [ 119.420703][ T7870] BTRFS info (device loop0): checking UUID tree [ 119.429303][ T7917] BTRFS: device /dev/loop4 using temp-fsid 1cd45fd1-1a4e-4b54-a40e-b75e23e06e13 [ 119.441417][ T7918] loop5: detected capacity change from 0 to 32768 [ 119.445765][ T7917] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (7917) [pid 7919] <... openat resumed>) = 4 [pid 7870] ioctl(4, LOOP_CLR_FD) = 0 [pid 7870] close(4 [pid 7919] ioctl(4, LOOP_SET_FD, 3 [pid 7870] <... close resumed>) = 0 [pid 7870] open("./file0", O_RDONLY) = 4 [pid 7870] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7919] <... ioctl resumed>) = 0 [pid 7870] <... ioctl resumed>) = 0 [pid 7870] open("./file0", O_RDONLY) = 5 [pid 7870] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 7919] close(3) = 0 [pid 7919] mkdir("./file0", 0777) = 0 [pid 7870] <... ioctl resumed>) = 0 [pid 7870] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7919] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 7870] exit_group(0) = ? [ 119.473154][ T7919] loop3: detected capacity change from 0 to 32768 [ 119.479422][ T7918] BTRFS: device /dev/loop5 using temp-fsid 7372c7c9-845c-48cf-9e60-f9fee93653b6 [ 119.499141][ T7918] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (7918) [ 119.515774][ T7913] BTRFS info (device loop2): enabling ssd optimizations [pid 7870] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7870, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5064] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.516797][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 119.522924][ T7913] BTRFS info (device loop2): auto enabling async discard [ 119.535602][ T7917] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.539841][ T7913] BTRFS info (device loop2): rebuilding free space tree [ 119.555369][ T7917] BTRFS info (device loop4): force clearing of disk cache [ 119.555387][ T7917] BTRFS info (device loop4): setting nodatasum [pid 5064] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 119.570987][ T7917] BTRFS info (device loop4): allowing degraded mounts [ 119.574996][ T7913] BTRFS info (device loop2): disabling free space tree [ 119.579675][ T7919] BTRFS: device /dev/loop3 using temp-fsid dd60d24d-8e41-4b55-9d7b-3312d8ff6ba4 [ 119.584844][ T7913] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 119.603531][ T7918] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.603577][ T7913] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] unlink("./26/binderfs") = 0 [ 119.623032][ T7918] BTRFS info (device loop5): force clearing of disk cache [ 119.623050][ T7918] BTRFS info (device loop5): setting nodatasum [ 119.634439][ T7917] BTRFS info (device loop4): enabling disk space caching [ 119.637392][ T7919] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (7919) [ 119.644051][ T7917] BTRFS info (device loop4): disk space caching is enabled [ 119.663328][ T7918] BTRFS info (device loop5): allowing degraded mounts [ 119.666135][ T7913] BTRFS info (device loop2): checking UUID tree [ 119.674954][ T7919] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.677751][ T7918] BTRFS info (device loop5): enabling disk space caching [ 119.695805][ T7911] BTRFS info (device loop1): enabling ssd optimizations [ 119.707589][ T7919] BTRFS info (device loop3): force clearing of disk cache [ 119.715105][ T7919] BTRFS info (device loop3): setting nodatasum [pid 5064] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 7913] <... mount resumed>) = 0 [pid 7913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7913] chdir("./file0") = 0 [pid 7913] ioctl(4, LOOP_CLR_FD) = 0 [pid 7913] close(4) = 0 [pid 7913] open("./file0", O_RDONLY) = 4 [pid 7913] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7913] open("./file0", O_RDONLY) = 5 [pid 7913] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7913] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 119.721748][ T7919] BTRFS info (device loop3): allowing degraded mounts [ 119.728698][ T7919] BTRFS info (device loop3): enabling disk space caching [ 119.736146][ T7919] BTRFS info (device loop3): disk space caching is enabled [ 119.741039][ T7911] BTRFS info (device loop1): auto enabling async discard [ 119.744358][ T7918] BTRFS info (device loop5): disk space caching is enabled [ 119.763571][ T7911] BTRFS info (device loop1): rebuilding free space tree [pid 7913] exit_group(0) = ? [pid 7913] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7913, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./27/binderfs") = 0 [pid 5066] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.820472][ T7911] BTRFS info (device loop1): disabling free space tree [ 119.836596][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 119.840568][ T7917] BTRFS info (device loop4): enabling ssd optimizations [ 119.858238][ T7911] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5064] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./26/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./26") = 0 [pid 5064] mkdir("./27", 0777) = 0 [ 119.866918][ T7917] BTRFS info (device loop4): auto enabling async discard [ 119.889647][ T7911] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 119.902752][ T7917] BTRFS info (device loop4): rebuilding free space tree [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8007 attached [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8007 [pid 8007] set_robust_list(0x555557145760, 24) = 0 [pid 8007] chdir("./27") = 0 [pid 5066] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8007] setpgid(0, 0) = 0 [pid 8007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8007] write(3, "1000", 4) = 4 [pid 8007] close(3) = 0 [pid 5066] newfstatat(AT_FDCWD, "./27/file0", [pid 8007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8007] memfd_create("syzkaller", 0 [pid 5066] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8007] <... memfd_create resumed>) = 3 [pid 8007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 119.928943][ T7911] BTRFS info (device loop1): checking UUID tree [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./27/file0") = 0 [pid 5066] getdents64(3, [pid 7911] <... mount resumed>) = 0 [pid 7911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7911] <... openat resumed>) = 3 [pid 5066] close(3 [pid 7911] chdir("./file0" [pid 5066] <... close resumed>) = 0 [pid 7911] <... chdir resumed>) = 0 [pid 7911] ioctl(4, LOOP_CLR_FD [pid 5066] rmdir("./27") = 0 [pid 7911] <... ioctl resumed>) = 0 [pid 5066] mkdir("./28", 0777 [pid 7911] close(4 [pid 5066] <... mkdir resumed>) = 0 [pid 7911] <... close resumed>) = 0 [ 119.982138][ T7917] BTRFS info (device loop4): disabling free space tree [ 120.011156][ T7919] BTRFS info (device loop3): enabling ssd optimizations [ 120.018121][ T7919] BTRFS info (device loop3): auto enabling async discard [pid 7911] open("./file0", O_RDONLY [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7911] <... open resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 7911] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8016 [pid 7911] <... ioctl resumed>) = 0 [ 120.040388][ T7917] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 120.051852][ T7917] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 120.070180][ T7918] BTRFS info (device loop5): enabling ssd optimizations [pid 7911] open("./file0", O_RDONLY) = 5 [pid 7911] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 7911] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}./strace-static-x86_64: Process 8016 attached ) = -1 EBADF (Bad file descriptor) [pid 7911] exit_group(0 [pid 8016] set_robust_list(0x555557145760, 24) = 0 [pid 7911] <... exit_group resumed>) = ? [pid 8016] chdir("./28" [pid 7911] +++ exited with 0 +++ [pid 8016] <... chdir resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7911, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8016] setpgid(0, 0 [pid 5065] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8016] <... setpgid resumed>) = 0 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./26/binderfs") = 0 [pid 5065] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8016] write(3, "1000", 4) = 4 [pid 8016] close(3) = 0 [pid 8016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8016] memfd_create("syzkaller", 0) = 3 [ 120.092082][ T7919] BTRFS info (device loop3): rebuilding free space tree [ 120.092979][ T7918] BTRFS info (device loop5): auto enabling async discard [ 120.113540][ T7917] BTRFS info (device loop4): checking UUID tree [ 120.126242][ T7918] BTRFS info (device loop5): rebuilding free space tree [ 120.131285][ T76] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 8016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 7917] <... mount resumed>) = 0 [ 120.165875][ T7919] BTRFS info (device loop3): disabling free space tree [ 120.194222][ T7918] BTRFS info (device loop5): disabling free space tree [pid 7917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7917] chdir("./file0") = 0 [pid 7917] ioctl(4, LOOP_CLR_FD) = 0 [pid 7917] close(4) = 0 [pid 7917] open("./file0", O_RDONLY) = 4 [ 120.213856][ T7919] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7917] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 7917] open("./file0", O_RDONLY) = 5 [pid 7917] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 120.269319][ T7918] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 120.271403][ T76] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 7917] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 7917] exit_group(0) = ? [pid 7917] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7917, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 120.319515][ T7919] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 120.327004][ T7918] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 5065] <... umount2 resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 120.364112][ T7919] BTRFS info (device loop3): checking UUID tree [pid 5065] newfstatat(4, "", [pid 5068] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, [pid 8007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] unlink("./26/binderfs" [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... unlink resumed>) = 0 [pid 5065] getdents64(4, [pid 5068] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 7919] <... mount resumed>) = 0 [pid 5065] close(4 [pid 7919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 7919] <... openat resumed>) = 3 [pid 5065] rmdir("./26/file0" [pid 7919] chdir("./file0") = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 7919] ioctl(4, LOOP_CLR_FD) = 0 [pid 7919] close(4) = 0 [pid 7919] open("./file0", O_RDONLY) = 4 [pid 7918] <... mount resumed>) = 0 [ 120.416051][ T7918] BTRFS info (device loop5): checking UUID tree [pid 7919] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7918] chdir("./file0") = 0 [pid 7918] ioctl(4, LOOP_CLR_FD) = 0 [pid 7918] close(4) = 0 [pid 5065] getdents64(3, [pid 7918] open("./file0", O_RDONLY) = 4 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 7918] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5065] close(3 [pid 7918] open("./file0", O_RDONLY) = 5 [pid 5065] <... close resumed>) = 0 [pid 7918] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] rmdir("./26") = 0 [pid 7919] <... ioctl resumed>) = 0 [pid 7919] open("./file0", O_RDONLY) = 5 [pid 7919] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] mkdir("./27", 0777) = 0 [pid 7918] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7918] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... openat resumed>) = 3 [pid 7918] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] ioctl(3, LOOP_CLR_FD [pid 7918] exit_group(0) = ? [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8022 attached [pid 7919] <... ioctl resumed>) = 0 [pid 7918] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7918, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- [pid 8022] set_robust_list(0x555557145760, 24 [pid 7919] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8022 [pid 8022] <... set_robust_list resumed>) = 0 [pid 5069] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8022] chdir("./27" [pid 5069] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8022] <... chdir resumed>) = 0 [pid 7919] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8022] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7919] exit_group(0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8022] <... prctl resumed>) = 0 [pid 7919] <... exit_group resumed>) = ? [pid 5069] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7919] +++ exited with 0 +++ [pid 5069] unlink("./26/binderfs" [pid 8022] setpgid(0, 0 [pid 5069] <... unlink resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7919, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [ 120.550486][ T2855] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 120.571014][ T76] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 8022] <... setpgid resumed>) = 0 [pid 5069] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 8022] <... openat resumed>) = 3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8022] write(3, "1000", 4) = 4 [pid 8022] close(3) = 0 [pid 8022] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8022] <... symlink resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8022] memfd_create("syzkaller", 0 [pid 5067] unlink("./26/binderfs" [pid 8022] <... memfd_create resumed>) = 3 [pid 8022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... unlink resumed>) = 0 [pid 8022] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./26/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./26") = 0 [pid 5068] mkdir("./27", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8025 attached [pid 8025] set_robust_list(0x555557145760, 24) = 0 [pid 8025] chdir("./27") = 0 [pid 8025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8025] setpgid(0, 0) = 0 [pid 8025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8025] write(3, "1000", 4) = 4 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 8025 [pid 8025] close(3) = 0 [pid 8025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8025] memfd_create("syzkaller", 0) = 3 [pid 8025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./26/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5067] <... umount2 resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5067] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] rmdir("./26" [pid 5067] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... rmdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] mkdir("./27", 0777 [pid 5067] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... mkdir resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] getdents64(4, [pid 5069] <... openat resumed>) = 3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] getdents64(4, [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./26/file0" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8026 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3./strace-static-x86_64: Process 8026 attached [pid 8026] set_robust_list(0x555557145760, 24) = 0 [pid 8026] chdir("./27") = 0 [pid 5067] <... close resumed>) = 0 [pid 8026] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] rmdir("./26" [pid 8026] <... prctl resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 8026] setpgid(0, 0 [pid 5067] mkdir("./27", 0777) = 0 [pid 8026] <... setpgid resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3 [pid 8026] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8027 ./strace-static-x86_64: Process 8027 attached [pid 8026] write(3, "1000", 4 [pid 8027] set_robust_list(0x555557145760, 24 [pid 8026] <... write resumed>) = 4 [pid 8027] <... set_robust_list resumed>) = 0 [pid 8026] close(3 [pid 8027] chdir("./27" [pid 8026] <... close resumed>) = 0 [pid 8027] <... chdir resumed>) = 0 [pid 8026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8026] memfd_create("syzkaller", 0 [pid 8027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8026] <... memfd_create resumed>) = 3 [pid 8026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8027] <... prctl resumed>) = 0 [pid 8026] <... mmap resumed>) = 0x7fda9371b000 [pid 8027] setpgid(0, 0) = 0 [pid 8027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8027] write(3, "1000", 4) = 4 [pid 8027] close(3) = 0 [pid 8027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8027] memfd_create("syzkaller", 0) = 3 [pid 8027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8007] <... write resumed>) = 16777216 [pid 8007] munmap(0x7fda9371b000, 138412032) = 0 [pid 8007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 121.169764][ T8007] loop0: detected capacity change from 0 to 32768 [pid 8007] close(3) = 0 [pid 8007] mkdir("./file0", 0777) = 0 [ 121.234712][ T8007] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8007) [pid 8007] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8016] <... write resumed>) = 16777216 [pid 8016] munmap(0x7fda9371b000, 138412032) = 0 [pid 8025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 121.345794][ T8007] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 121.373300][ T8007] BTRFS info (device loop0): force clearing of disk cache [ 121.401170][ T8016] loop2: detected capacity change from 0 to 32768 [ 121.429413][ T8007] BTRFS info (device loop0): setting nodatasum [pid 8016] ioctl(4, LOOP_SET_FD, 3) = 0 [ 121.468815][ T8007] BTRFS info (device loop0): allowing degraded mounts [pid 8016] close(3) = 0 [pid 8016] mkdir("./file0", 0777) = 0 [ 121.511191][ T8007] BTRFS info (device loop0): enabling disk space caching [ 121.529243][ T8007] BTRFS info (device loop0): disk space caching is enabled [ 121.539815][ T8016] BTRFS: device /dev/loop2 using temp-fsid 15a344cf-0532-4b79-8534-f6eeb264cbc6 [pid 8016] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 121.596956][ T8016] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8016) [ 121.671428][ T8016] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 121.709161][ T8016] BTRFS info (device loop2): force clearing of disk cache [ 121.731859][ T8016] BTRFS info (device loop2): setting nodatasum [ 121.772706][ T8016] BTRFS info (device loop2): allowing degraded mounts [ 121.820594][ T8007] BTRFS info (device loop0): enabling ssd optimizations [ 121.822569][ T8016] BTRFS info (device loop2): enabling disk space caching [ 121.835039][ T8016] BTRFS info (device loop2): disk space caching is enabled [ 121.854251][ T8007] BTRFS info (device loop0): auto enabling async discard [pid 8027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8026] <... write resumed>) = 16777216 [pid 8026] munmap(0x7fda9371b000, 138412032) = 0 [pid 8026] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 8026] ioctl(4, LOOP_SET_FD, 3 [pid 8027] <... write resumed>) = 16777216 [pid 8026] <... ioctl resumed>) = 0 [pid 8027] munmap(0x7fda9371b000, 138412032 [pid 8026] close(3) = 0 [pid 8026] mkdir("./file0", 0777) = 0 [pid 8026] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8007] <... mount resumed>) = 0 [pid 8007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8027] <... munmap resumed>) = 0 [ 121.942354][ T8026] loop5: detected capacity change from 0 to 32768 [pid 8007] chdir("./file0") = 0 [pid 8007] ioctl(4, LOOP_CLR_FD) = 0 [pid 8007] close(4) = 0 [pid 8027] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8027] ioctl(4, LOOP_SET_FD, 3 [pid 8022] <... write resumed>) = 16777216 [pid 8007] open("./file0", O_RDONLY) = 4 [pid 8007] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8022] munmap(0x7fda9371b000, 138412032 [pid 8025] <... write resumed>) = 16777216 [pid 8007] open("./file0", O_RDONLY) = 5 [pid 8007] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8022] <... munmap resumed>) = 0 [pid 8007] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8025] munmap(0x7fda9371b000, 138412032 [pid 8022] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8007] exit_group(0 [pid 8027] <... ioctl resumed>) = 0 [pid 8022] <... openat resumed>) = 4 [pid 8007] <... exit_group resumed>) = ? [ 122.000526][ T8026] BTRFS: device /dev/loop5 using temp-fsid a662b51e-1172-489c-b9d5-1c7613a856fd [ 122.018973][ T8027] loop3: detected capacity change from 0 to 32768 [ 122.026269][ T8026] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8026) [pid 8027] close(3 [pid 8022] ioctl(4, LOOP_SET_FD, 3 [pid 8007] +++ exited with 0 +++ [pid 8027] <... close resumed>) = 0 [pid 8027] mkdir("./file0", 0777) = 0 [pid 8027] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8007, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [pid 5064] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8025] <... munmap resumed>) = 0 [pid 8022] <... ioctl resumed>) = 0 [pid 8016] <... mount resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8016] <... openat resumed>) = 3 [pid 5064] newfstatat(AT_FDCWD, "./27/binderfs", [pid 8016] chdir("./file0") = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8016] ioctl(4, LOOP_CLR_FD [pid 5064] unlink("./27/binderfs" [pid 8016] <... ioctl resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 8016] close(4) = 0 [pid 5064] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8022] close(3 [pid 8016] open("./file0", O_RDONLY [pid 8022] <... close resumed>) = 0 [pid 8016] <... open resumed>) = 4 [pid 8022] mkdir("./file0", 0777 [pid 8016] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8022] <... mkdir resumed>) = 0 [pid 8022] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 122.057446][ T8022] loop1: detected capacity change from 0 to 32768 [ 122.070874][ T8027] BTRFS: device /dev/loop3 using temp-fsid a37a255c-092d-4a5f-a19f-acf875ec806c [ 122.084638][ T8027] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8027) [pid 8025] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8016] <... ioctl resumed>) = 0 [pid 8025] <... openat resumed>) = 4 [pid 8016] open("./file0", O_RDONLY) = 5 [pid 8025] ioctl(4, LOOP_SET_FD, 3 [pid 8016] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8016] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8016] exit_group(0) = ? [pid 8016] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8016, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- [pid 5066] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 122.107928][ T8022] BTRFS: device /dev/loop1 using temp-fsid 3aa4d0d7-1365-49b6-9227-9959d5aa1a08 [ 122.119017][ T8025] loop4: detected capacity change from 0 to 32768 [pid 5066] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8025] <... ioctl resumed>) = 0 [pid 8025] close(3 [pid 5066] unlink("./28/binderfs") = 0 [pid 5066] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8025] <... close resumed>) = 0 [pid 8025] mkdir("./file0", 0777) = 0 [ 122.159860][ T8022] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8022) [pid 8025] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8026] <... mount resumed>) = 0 [pid 8026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8026] chdir("./file0") = 0 [pid 8026] ioctl(4, LOOP_CLR_FD) = 0 [pid 8026] close(4) = 0 [pid 8026] open("./file0", O_RDONLY) = 4 [ 122.208896][ T8025] BTRFS: device /dev/loop4 using temp-fsid ad4a8c30-d1ed-466e-aef2-c6bea900d6d4 [ 122.227442][ T8025] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8025) [pid 8026] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8026] open("./file0", O_RDONLY) = 5 [pid 8026] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./28/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./27/file0", [pid 5066] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8026] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8026] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8026] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8026] exit_group(0 [pid 5066] <... openat resumed>) = 4 [pid 5064] <... openat resumed>) = 4 [pid 8026] <... exit_group resumed>) = ? [pid 5066] newfstatat(4, "", [pid 5064] newfstatat(4, "", [pid 8026] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8026, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5066] getdents64(4, [pid 5064] getdents64(4, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5064] getdents64(4, [pid 5069] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5064] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] rmdir("./28/file0" [pid 5064] rmdir("./27/file0" [pid 5069] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5066] getdents64(3, [pid 5064] getdents64(3, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(3, [pid 5066] close(3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... close resumed>) = 0 [pid 5064] close(3 [pid 5066] rmdir("./28") = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] mkdir("./29", 0777 [pid 5064] rmdir("./27" [pid 5069] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] mkdir("./28", 0777 [pid 5069] unlink("./27/binderfs") = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] <... mkdir resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5069] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8022] <... mount resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8124 attached [pid 8022] <... openat resumed>) = 3 [pid 8124] set_robust_list(0x555557145760, 24 [pid 8022] chdir("./file0") = 0 ./strace-static-x86_64: Process 8125 attached [pid 8124] <... set_robust_list resumed>) = 0 [pid 8022] ioctl(4, LOOP_CLR_FD [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 8125 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8124 [pid 8124] chdir("./28" [pid 8022] <... ioctl resumed>) = 0 [pid 8125] set_robust_list(0x555557145760, 24 [pid 8124] <... chdir resumed>) = 0 [pid 8022] close(4 [pid 8125] <... set_robust_list resumed>) = 0 [pid 8124] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8022] <... close resumed>) = 0 [pid 8125] chdir("./29" [pid 8124] <... prctl resumed>) = 0 [pid 8022] open("./file0", O_RDONLY [pid 8125] <... chdir resumed>) = 0 [pid 8124] setpgid(0, 0 [pid 8125] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8124] <... setpgid resumed>) = 0 [pid 8125] <... prctl resumed>) = 0 [pid 8125] setpgid(0, 0 [pid 8124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8022] <... open resumed>) = 4 [pid 8125] <... setpgid resumed>) = 0 [pid 8125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8022] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8125] <... openat resumed>) = 3 [pid 8124] <... openat resumed>) = 3 [pid 8125] write(3, "1000", 4 [pid 8124] write(3, "1000", 4) = 4 [pid 8125] <... write resumed>) = 4 [pid 8125] close(3 [pid 8124] close(3 [pid 8022] <... ioctl resumed>) = 0 [pid 8022] open("./file0", O_RDONLY) = 5 [pid 8022] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8027] <... mount resumed>) = 0 [pid 8027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8125] <... close resumed>) = 0 [pid 8124] <... close resumed>) = 0 [pid 8027] chdir("./file0") = 0 [pid 8022] <... ioctl resumed>) = 0 [pid 8027] ioctl(4, LOOP_CLR_FD [pid 8022] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8027] <... ioctl resumed>) = 0 [pid 8022] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8125] symlink("/dev/binderfs", "./binderfs" [pid 8124] symlink("/dev/binderfs", "./binderfs" [pid 8027] close(4 [pid 8022] exit_group(0 [pid 8125] <... symlink resumed>) = 0 [pid 8027] <... close resumed>) = 0 [pid 8022] <... exit_group resumed>) = ? [pid 8125] memfd_create("syzkaller", 0 [pid 8124] <... symlink resumed>) = 0 [pid 8027] open("./file0", O_RDONLY [pid 8124] memfd_create("syzkaller", 0 [pid 8125] <... memfd_create resumed>) = 3 [pid 8124] <... memfd_create resumed>) = 3 [pid 8022] +++ exited with 0 +++ [pid 8027] <... open resumed>) = 4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8022, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- [pid 8125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8027] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8125] <... mmap resumed>) = 0x7fda9371b000 [pid 8124] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./27/binderfs", [pid 8027] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8027] open("./file0", O_RDONLY [pid 5065] unlink("./27/binderfs") = 0 [pid 8027] <... open resumed>) = 5 [pid 5065] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8027] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8027] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8027] exit_group(0) = ? [pid 8027] +++ exited with 0 +++ [pid 5069] <... umount2 resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8027, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./27/binderfs") = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 8025] <... mount resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8025] chdir("./file0") = 0 [pid 8025] ioctl(4, LOOP_CLR_FD) = 0 [pid 8025] close(4) = 0 [pid 8025] open("./file0", O_RDONLY [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8025] <... open resumed>) = 4 [pid 8025] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] close(4) = 0 [pid 5069] rmdir("./27/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8025] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 8025] open("./file0", O_RDONLY [pid 5069] rmdir("./27" [pid 8025] <... open resumed>) = 5 [pid 5069] <... rmdir resumed>) = 0 [pid 8025] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] mkdir("./28", 0777) = 0 [pid 8025] <... ioctl resumed>) = 0 [pid 8025] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 8025] exit_group(0 [pid 5069] <... openat resumed>) = 3 [pid 8025] <... exit_group resumed>) = ? [pid 5069] ioctl(3, LOOP_CLR_FD [pid 8025] +++ exited with 0 +++ [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5069] close(3 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8025, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8131 attached [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8131 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8131] set_robust_list(0x555557145760, 24 [pid 5068] newfstatat(AT_FDCWD, "./27/binderfs", [pid 8131] <... set_robust_list resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8131] chdir("./28" [pid 5068] unlink("./27/binderfs") = 0 [pid 5068] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8131] <... chdir resumed>) = 0 [pid 8131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8131] setpgid(0, 0) = 0 [pid 8131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8131] write(3, "1000", 4) = 4 [pid 8131] close(3) = 0 [pid 8131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8131] memfd_create("syzkaller", 0) = 3 [pid 8131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5065] <... umount2 resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5065] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./27/file0", [pid 5065] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5067] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5067] <... openat resumed>) = 4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./27/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] close(3 [pid 5067] getdents64(4, [pid 5065] <... close resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./27" [pid 5067] close(4 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./28", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] <... close resumed>) = 0 [pid 5065] close(3 [pid 5067] rmdir("./27/file0" [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 8133 attached [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8133 [pid 8133] set_robust_list(0x555557145760, 24) = 0 [pid 8133] chdir("./28" [pid 5067] getdents64(3, [pid 8133] <... chdir resumed>) = 0 [pid 8133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8133] setpgid(0, 0) = 0 [pid 8133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8133] write(3, "1000", 4) = 4 [pid 8133] close(3) = 0 [pid 8133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./27") = 0 [pid 5067] mkdir("./28", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8134 ./strace-static-x86_64: Process 8134 attached [pid 8134] set_robust_list(0x555557145760, 24) = 0 [pid 8134] chdir("./28" [pid 8133] memfd_create("syzkaller", 0 [pid 8125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8133] <... memfd_create resumed>) = 3 [pid 8134] <... chdir resumed>) = 0 [pid 8134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8134] setpgid(0, 0) = 0 [pid 8134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8134] write(3, "1000", 4) = 4 [pid 8134] close(3) = 0 [pid 8134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8134] memfd_create("syzkaller", 0) = 3 [pid 8134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... umount2 resumed>) = 0 [pid 8134] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./27/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./27") = 0 [pid 5068] mkdir("./28", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8135 ./strace-static-x86_64: Process 8135 attached [pid 8135] set_robust_list(0x555557145760, 24) = 0 [pid 8135] chdir("./28") = 0 [pid 8135] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8135] <... prctl resumed>) = 0 [pid 8135] setpgid(0, 0) = 0 [pid 8135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8135] write(3, "1000", 4) = 4 [pid 8135] close(3) = 0 [pid 8135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8135] memfd_create("syzkaller", 0) = 3 [pid 8135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8125] <... write resumed>) = 16777216 [pid 8125] munmap(0x7fda9371b000, 138412032 [pid 8124] <... write resumed>) = 16777216 [pid 8125] <... munmap resumed>) = 0 [pid 8125] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8125] ioctl(4, LOOP_SET_FD, 3 [pid 8124] munmap(0x7fda9371b000, 138412032) = 0 [pid 8125] <... ioctl resumed>) = 0 [pid 8125] close(3) = 0 [pid 8125] mkdir("./file0", 0777) = 0 [pid 8124] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8125] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8124] <... openat resumed>) = 4 [ 123.775569][ T8125] loop2: detected capacity change from 0 to 32768 [ 123.832478][ T8125] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8125) [ 123.845920][ T8124] loop0: detected capacity change from 0 to 32768 [pid 8124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8124] close(3) = 0 [pid 8124] mkdir("./file0", 0777) = 0 [ 123.918637][ T8124] BTRFS: device /dev/loop0 using temp-fsid 8ed86c6b-a6c0-4151-af36-ad68312bd574 [ 123.942266][ T8124] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8124) [ 123.943194][ T8125] _btrfs_printk: 70 callbacks suppressed [pid 8124] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8131] <... write resumed>) = 16777216 [ 123.943205][ T8125] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8131] munmap(0x7fda9371b000, 138412032) = 0 [pid 8131] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 124.013894][ T8124] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.042766][ T8124] BTRFS info (device loop0): force clearing of disk cache [ 124.057252][ T8131] loop5: detected capacity change from 0 to 32768 [pid 8131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8131] close(3) = 0 [ 124.058280][ T8125] BTRFS info (device loop2): force clearing of disk cache [ 124.068839][ T8124] BTRFS info (device loop0): setting nodatasum [ 124.079655][ T8124] BTRFS info (device loop0): allowing degraded mounts [ 124.086753][ T8124] BTRFS info (device loop0): enabling disk space caching [pid 8131] mkdir("./file0", 0777) = 0 [pid 8131] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8133] <... write resumed>) = 16777216 [ 124.108797][ T8124] BTRFS info (device loop0): disk space caching is enabled [ 124.109651][ T8125] BTRFS info (device loop2): setting nodatasum [ 124.131109][ T8131] BTRFS: device /dev/loop5 using temp-fsid 8d4dc7f2-a2a3-4918-929a-d2765d6f4520 [ 124.149772][ T8131] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8131) [pid 8133] munmap(0x7fda9371b000, 138412032) = 0 [pid 8133] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8133] ioctl(4, LOOP_SET_FD, 3 [pid 8134] <... write resumed>) = 16777216 [pid 8133] <... ioctl resumed>) = 0 [pid 8134] munmap(0x7fda9371b000, 138412032 [pid 8133] close(3) = 0 [pid 8133] mkdir("./file0", 0777) = 0 [ 124.150368][ T8125] BTRFS info (device loop2): allowing degraded mounts [ 124.172557][ T8125] BTRFS info (device loop2): enabling disk space caching [ 124.182513][ T8125] BTRFS info (device loop2): disk space caching is enabled [ 124.194085][ T8133] loop1: detected capacity change from 0 to 32768 [ 124.201242][ T8131] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8133] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8134] <... munmap resumed>) = 0 [pid 8134] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 124.217978][ T8131] BTRFS info (device loop5): force clearing of disk cache [ 124.227461][ T8131] BTRFS info (device loop5): setting nodatasum [ 124.229429][ T8133] BTRFS: device /dev/loop1 using temp-fsid a461d7fa-208c-48b5-8dda-3fa4e42f0e06 [ 124.235699][ T8131] BTRFS info (device loop5): allowing degraded mounts [ 124.253240][ T8131] BTRFS info (device loop5): enabling disk space caching [pid 8134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8134] close(3) = 0 [pid 8134] mkdir("./file0", 0777) = 0 [ 124.258906][ T8133] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8133) [ 124.262814][ T8131] BTRFS info (device loop5): disk space caching is enabled [ 124.273461][ T8134] loop3: detected capacity change from 0 to 32768 [ 124.287864][ T8124] BTRFS info (device loop0): enabling ssd optimizations [ 124.296558][ T8124] BTRFS info (device loop0): auto enabling async discard [ 124.304740][ T8133] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8135] <... write resumed>) = 16777216 [pid 8134] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8135] munmap(0x7fda9371b000, 138412032) = 0 [pid 8135] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 8135] ioctl(4, LOOP_SET_FD, 3) = 0 [ 124.316413][ T8133] BTRFS info (device loop1): force clearing of disk cache [ 124.324192][ T8124] BTRFS info (device loop0): rebuilding free space tree [ 124.325213][ T8133] BTRFS info (device loop1): setting nodatasum [ 124.338931][ T8134] BTRFS: device /dev/loop3 using temp-fsid c588c637-7c69-4ff4-a1f2-1a4d4865d01d [ 124.343455][ T8135] loop4: detected capacity change from 0 to 32768 [ 124.348576][ T8134] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8134) [pid 8135] close(3) = 0 [pid 8135] mkdir("./file0", 0777) = 0 [ 124.359036][ T8133] BTRFS info (device loop1): allowing degraded mounts [ 124.369471][ T8124] BTRFS info (device loop0): disabling free space tree [ 124.375464][ T8133] BTRFS info (device loop1): enabling disk space caching [ 124.388967][ T8133] BTRFS info (device loop1): disk space caching is enabled [ 124.393853][ T8135] BTRFS: device /dev/loop4 using temp-fsid c115b016-cf31-469b-8268-839371b5c599 [ 124.397739][ T8124] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 124.408415][ T8134] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.425781][ T8134] BTRFS info (device loop3): force clearing of disk cache [ 124.432953][ T8134] BTRFS info (device loop3): setting nodatasum [ 124.435025][ T8135] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8135) [ 124.439182][ T8134] BTRFS info (device loop3): allowing degraded mounts [ 124.439201][ T8134] BTRFS info (device loop3): enabling disk space caching [ 124.462971][ T8124] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 124.465763][ T8134] BTRFS info (device loop3): disk space caching is enabled [ 124.488339][ T8135] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.490359][ T8125] BTRFS info (device loop2): enabling ssd optimizations [ 124.498784][ T8135] BTRFS info (device loop4): force clearing of disk cache [ 124.506667][ T8125] BTRFS info (device loop2): auto enabling async discard [pid 8135] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8124] <... mount resumed>) = 0 [pid 8124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8124] chdir("./file0") = 0 [pid 8124] ioctl(4, LOOP_CLR_FD) = 0 [pid 8124] close(4) = 0 [pid 8124] open("./file0", O_RDONLY) = 4 [ 124.514818][ T8124] BTRFS info (device loop0): checking UUID tree [ 124.520381][ T8125] BTRFS info (device loop2): rebuilding free space tree [ 124.526272][ T8135] BTRFS info (device loop4): setting nodatasum [ 124.539016][ T8131] BTRFS info (device loop5): enabling ssd optimizations [ 124.540858][ T8125] BTRFS info (device loop2): disabling free space tree [ 124.545947][ T8131] BTRFS info (device loop5): auto enabling async discard [ 124.552883][ T8125] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8124] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8124] open("./file0", O_RDONLY) = 5 [pid 8124] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8124] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8124] exit_group(0) = ? [pid 8124] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8124, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 5064] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 124.567555][ T8135] BTRFS info (device loop4): allowing degraded mounts [ 124.576872][ T8135] BTRFS info (device loop4): enabling disk space caching [ 124.584705][ T8135] BTRFS info (device loop4): disk space caching is enabled [ 124.593594][ T8131] BTRFS info (device loop5): rebuilding free space tree [ 124.601953][ T8125] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./28/binderfs") = 0 [ 124.620962][ T8133] BTRFS info (device loop1): enabling ssd optimizations [ 124.627915][ T8133] BTRFS info (device loop1): auto enabling async discard [ 124.628674][ T8131] BTRFS info (device loop5): disabling free space tree [ 124.643330][ T8131] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 124.647280][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8131] <... mount resumed>) = 0 [pid 8131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8131] chdir("./file0") = 0 [pid 8131] ioctl(4, LOOP_CLR_FD) = 0 [ 124.653780][ T8131] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 124.677817][ T8131] BTRFS info (device loop5): checking UUID tree [ 124.678855][ T8125] BTRFS info (device loop2): checking UUID tree [ 124.684293][ T8133] BTRFS info (device loop1): rebuilding free space tree [ 124.714528][ T8134] BTRFS info (device loop3): enabling ssd optimizations [pid 8131] close(4) = 0 [pid 8125] <... mount resumed>) = 0 [pid 8131] open("./file0", O_RDONLY [pid 8125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8131] <... open resumed>) = 4 [pid 8125] <... openat resumed>) = 3 [pid 8131] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8125] chdir("./file0") = 0 [pid 8125] ioctl(4, LOOP_CLR_FD) = 0 [pid 8125] close(4) = 0 [pid 8131] <... ioctl resumed>) = 0 [pid 8125] open("./file0", O_RDONLY [pid 8131] open("./file0", O_RDONLY [pid 8125] <... open resumed>) = 4 [pid 8131] <... open resumed>) = 5 [pid 8125] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8131] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8125] <... ioctl resumed>) = 0 [ 124.734072][ T8134] BTRFS info (device loop3): auto enabling async discard [ 124.756961][ T8134] BTRFS info (device loop3): rebuilding free space tree [pid 8131] <... ioctl resumed>) = 0 [pid 8125] open("./file0", O_RDONLY [pid 8131] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8125] <... open resumed>) = 5 [pid 5064] <... umount2 resumed>) = 0 [pid 8125] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8125] <... ioctl resumed>) = 0 [pid 8125] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5064] newfstatat(AT_FDCWD, "./28/file0", [pid 8131] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8125] exit_group(0) = ? [pid 8131] exit_group(0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8131] <... exit_group resumed>) = ? [pid 8125] +++ exited with 0 +++ [pid 5064] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8125, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- [ 124.790272][ T8134] BTRFS info (device loop3): disabling free space tree [ 124.797743][ T8134] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 124.797981][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 124.828114][ T8133] BTRFS info (device loop1): disabling free space tree [pid 8131] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8131, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [pid 5066] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] <... openat resumed>) = 4 [pid 5066] newfstatat(3, "", [pid 5069] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(3, [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", [pid 5066] newfstatat(AT_FDCWD, "./29/binderfs", [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] unlink("./29/binderfs" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5064] getdents64(4, [pid 5069] unlink("./28/binderfs" [pid 5066] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 5069] <... unlink resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5069] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [ 124.854904][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 124.865093][ T8134] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 124.884664][ T8133] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5064] rmdir("./28/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./28") = 0 [ 124.923719][ T8135] BTRFS info (device loop4): enabling ssd optimizations [ 124.949620][ T8133] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 124.962153][ T8134] BTRFS info (device loop3): checking UUID tree [pid 5064] mkdir("./29", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8232 attached [pid 8232] set_robust_list(0x555557145760, 24) = 0 [pid 8232] chdir("./29") = 0 [pid 8232] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8134] <... mount resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8232 [pid 8232] <... prctl resumed>) = 0 [pid 8134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8232] setpgid(0, 0 [pid 8134] chdir("./file0" [pid 8232] <... setpgid resumed>) = 0 [pid 8134] <... chdir resumed>) = 0 [pid 8232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8134] ioctl(4, LOOP_CLR_FD) = 0 [pid 8134] close(4) = 0 [ 124.966433][ T8135] BTRFS info (device loop4): auto enabling async discard [pid 8134] open("./file0", O_RDONLY [pid 8232] write(3, "1000", 4 [pid 8134] <... open resumed>) = 4 [pid 8232] <... write resumed>) = 4 [pid 8232] close(3) = 0 [pid 8232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8232] memfd_create("syzkaller", 0 [pid 8134] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 8133] <... mount resumed>) = 0 [pid 8232] <... memfd_create resumed>) = 3 [pid 8232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8134] <... ioctl resumed>) = 0 [pid 8133] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./29/file0", [pid 8133] chdir("./file0" [pid 5069] newfstatat(AT_FDCWD, "./28/file0", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8133] <... chdir resumed>) = 0 [ 125.017297][ T8133] BTRFS info (device loop1): checking UUID tree [ 125.031126][ T8135] BTRFS info (device loop4): rebuilding free space tree [pid 8134] open("./file0", O_RDONLY [pid 8133] ioctl(4, LOOP_CLR_FD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8133] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8133] close(4 [pid 5069] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8134] <... open resumed>) = 5 [pid 5066] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 8134] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] newfstatat(4, "", [pid 8133] <... close resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8134] <... ioctl resumed>) = 0 [pid 8133] open("./file0", O_RDONLY [pid 5069] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(4, [pid 5069] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8133] <... open resumed>) = 4 [pid 5066] getdents64(4, [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... close resumed>) = 0 [pid 5069] getdents64(4, [pid 5066] rmdir("./29/file0" [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8133] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] close(4 [pid 5066] <... rmdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./28/file0" [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./29") = 0 [pid 5066] mkdir("./30", 0777 [pid 5069] getdents64(3, [pid 5066] <... mkdir resumed>) = 0 [pid 8134] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8134] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] close(3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8134] exit_group(0) = ? [pid 8133] <... ioctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5069] rmdir("./28" [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8134] +++ exited with 0 +++ [pid 8133] open("./file0", O_RDONLY [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [ 125.083171][ T8135] BTRFS info (device loop4): disabling free space tree [ 125.105366][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 8133] <... open resumed>) = 5 [pid 5069] mkdir("./29", 0777 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8134, si_uid=0, si_status=0, si_utime=0, si_stime=46 /* 0.46 s */} --- [pid 5066] close(3 [pid 8133] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... mkdir resumed>) = 0 [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 5066] <... close resumed>) = 0 [pid 8133] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] <... restart_syscall resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8133] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}./strace-static-x86_64: Process 8236 attached ) = -1 EBADF (Bad file descriptor) [pid 5069] <... openat resumed>) = 3 [pid 8236] set_robust_list(0x555557145760, 24) = 0 [pid 8133] exit_group(0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 8236 [pid 8133] <... exit_group resumed>) = ? [pid 8236] chdir("./30" [pid 8133] +++ exited with 0 +++ [pid 5069] <... ioctl resumed>) = 0 [ 125.142137][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 125.148868][ T8135] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8236] <... chdir resumed>) = 0 [pid 5069] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8133, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5067] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 8236] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... restart_syscall resumed>) = 0 [pid 8236] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 8237 attached [pid 8236] setpgid(0, 0 [pid 5067] newfstatat(3, "", [pid 8236] <... setpgid resumed>) = 0 [pid 8237] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8237 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8237] <... set_robust_list resumed>) = 0 [pid 8236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8237] chdir("./29" [pid 8236] <... openat resumed>) = 3 [pid 5067] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 8237] <... chdir resumed>) = 0 [pid 8236] write(3, "1000", 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(3, "", [pid 8236] <... write resumed>) = 4 [pid 5067] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8236] close(3 [pid 8237] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8236] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, [pid 8236] symlink("/dev/binderfs", "./binderfs" [pid 5067] unlink("./28/binderfs" [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8236] <... symlink resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5065] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8236] memfd_create("syzkaller", 0 [pid 8237] <... prctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./28/binderfs", [pid 8237] setpgid(0, 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8237] <... setpgid resumed>) = 0 [pid 8236] <... memfd_create resumed>) = 3 [pid 5065] unlink("./28/binderfs") = 0 [pid 8237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8236] <... mmap resumed>) = 0x7fda9371b000 [pid 8237] <... openat resumed>) = 3 [ 125.222404][ T8135] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8237] write(3, "1000", 4) = 4 [pid 8237] close(3) = 0 [pid 8237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8237] memfd_create("syzkaller", 0) = 3 [pid 8237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 125.322852][ T8135] BTRFS info (device loop4): checking UUID tree [pid 8135] <... mount resumed>) = 0 [pid 8135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8135] chdir("./file0") = 0 [pid 8135] ioctl(4, LOOP_CLR_FD) = 0 [pid 8135] close(4) = 0 [pid 8135] open("./file0", O_RDONLY) = 4 [pid 8135] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8135] open("./file0", O_RDONLY) = 5 [pid 5065] <... umount2 resumed>) = 0 [pid 8135] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8135] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8135] exit_group(0) = ? [pid 8135] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8135, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- [pid 5068] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./28/file0", [pid 5068] unlink("./28/binderfs") = 0 [pid 5068] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(4, "", [pid 5067] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5065] getdents64(4, [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 125.591945][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(4, [pid 5065] close(4 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5065] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5065] rmdir("./28/file0" [pid 5067] rmdir("./28/file0" [pid 5065] <... rmdir resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5067] getdents64(3, [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5067] close(3 [pid 5065] rmdir("./28" [pid 5067] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5067] rmdir("./28" [pid 5065] mkdir("./29", 0777 [pid 5067] <... rmdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] mkdir("./29", 0777 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5067] <... mkdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8240 ./strace-static-x86_64: Process 8240 attached [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 8240] set_robust_list(0x555557145760, 24 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 8240] <... set_robust_list resumed>) = 0 [pid 5067] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8240] chdir("./29" [pid 5067] close(3 [pid 8240] <... chdir resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 8240] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8242 attached [pid 8240] <... prctl resumed>) = 0 [pid 8240] setpgid(0, 0) = 0 [pid 8242] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 8242 [pid 8240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8242] <... set_robust_list resumed>) = 0 [pid 8242] chdir("./29" [pid 8240] <... openat resumed>) = 3 [pid 8236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8242] <... chdir resumed>) = 0 [pid 8240] write(3, "1000", 4 [pid 8242] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8240] <... write resumed>) = 4 [pid 5068] <... umount2 resumed>) = 0 [pid 8240] close(3 [pid 8242] <... prctl resumed>) = 0 [pid 8242] setpgid(0, 0 [pid 8240] <... close resumed>) = 0 [pid 5068] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8242] <... setpgid resumed>) = 0 [pid 8240] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./28/file0", [pid 8240] <... symlink resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8240] memfd_create("syzkaller", 0 [pid 5068] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8240] <... memfd_create resumed>) = 3 [pid 8240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... openat resumed>) = 4 [pid 8240] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8242] <... openat resumed>) = 3 [pid 8242] write(3, "1000", 4 [pid 5068] getdents64(4, [pid 8237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8242] <... write resumed>) = 4 [pid 8242] close(3 [pid 5068] getdents64(4, [pid 8242] <... close resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 8242] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... close resumed>) = 0 [pid 8242] <... symlink resumed>) = 0 [pid 5068] rmdir("./28/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8242] memfd_create("syzkaller", 0 [pid 5068] close(3) = 0 [pid 8242] <... memfd_create resumed>) = 3 [pid 5068] rmdir("./28" [pid 8242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... rmdir resumed>) = 0 [pid 8242] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] mkdir("./29", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8243 attached [pid 8243] set_robust_list(0x555557145760, 24) = 0 [pid 8243] chdir("./29") = 0 [pid 8243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8243] setpgid(0, 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 8243 [pid 8243] <... setpgid resumed>) = 0 [pid 8243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8243] write(3, "1000", 4) = 4 [pid 8243] close(3) = 0 [pid 8243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8243] memfd_create("syzkaller", 0) = 3 [pid 8243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8236] <... write resumed>) = 16777216 [pid 8232] <... write resumed>) = 16777216 [pid 8236] munmap(0x7fda9371b000, 138412032) = 0 [pid 8232] munmap(0x7fda9371b000, 138412032 [pid 8236] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8236] ioctl(4, LOOP_SET_FD, 3 [pid 8232] <... munmap resumed>) = 0 [pid 8232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8232] ioctl(4, LOOP_SET_FD, 3 [pid 8236] <... ioctl resumed>) = 0 [pid 8236] close(3) = 0 [pid 8236] mkdir("./file0", 0777) = 0 [ 126.422804][ T8236] loop2: detected capacity change from 0 to 32768 [ 126.432696][ T8232] loop0: detected capacity change from 0 to 32768 [pid 8236] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8232] <... ioctl resumed>) = 0 [pid 8232] close(3) = 0 [pid 8232] mkdir("./file0", 0777) = 0 [pid 8232] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 126.463695][ T8236] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8236) [ 126.520451][ T8232] BTRFS: device /dev/loop0 using temp-fsid 8e3866ab-cfd9-47bc-8c00-9c1b48d23a52 [ 126.539331][ T8236] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 126.548586][ T8236] BTRFS info (device loop2): force clearing of disk cache [ 126.550998][ T8232] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8232) [pid 8243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8237] <... write resumed>) = 16777216 [pid 8237] munmap(0x7fda9371b000, 138412032) = 0 [pid 8237] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 126.591965][ T8236] BTRFS info (device loop2): setting nodatasum [ 126.621108][ T8237] loop5: detected capacity change from 0 to 32768 [ 126.628366][ T8236] BTRFS info (device loop2): allowing degraded mounts [pid 8237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8237] close(3) = 0 [pid 8237] mkdir("./file0", 0777) = 0 [ 126.639864][ T8232] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 126.660461][ T8232] BTRFS info (device loop0): force clearing of disk cache [ 126.661744][ T8236] BTRFS info (device loop2): enabling disk space caching [ 126.674849][ T8232] BTRFS info (device loop0): setting nodatasum [ 126.687089][ T8237] BTRFS: device /dev/loop5 using temp-fsid 50f0f9ce-85c8-4504-902f-f15ab6efaae8 [ 126.699269][ T8236] BTRFS info (device loop2): disk space caching is enabled [ 126.730011][ T8237] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8237) [pid 8237] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8242] <... write resumed>) = 16777216 [pid 8242] munmap(0x7fda9371b000, 138412032) = 0 [pid 8242] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 126.739672][ T8232] BTRFS info (device loop0): allowing degraded mounts [ 126.751084][ T8232] BTRFS info (device loop0): enabling disk space caching [ 126.758123][ T8232] BTRFS info (device loop0): disk space caching is enabled [ 126.776029][ T8242] loop3: detected capacity change from 0 to 32768 [ 126.783875][ T8237] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8242] close(3) = 0 [pid 8242] mkdir("./file0", 0777) = 0 [pid 8242] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8240] <... write resumed>) = 16777216 [pid 8240] munmap(0x7fda9371b000, 138412032) = 0 [ 126.809976][ T8237] BTRFS info (device loop5): force clearing of disk cache [ 126.810521][ T8242] BTRFS: device /dev/loop3 using temp-fsid 7f942390-c8e0-4781-975e-803d59880768 [ 126.825882][ T8237] BTRFS info (device loop5): setting nodatasum [ 126.831404][ T8242] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8242) [ 126.842660][ T8237] BTRFS info (device loop5): allowing degraded mounts [pid 8240] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8240] close(3) = 0 [pid 8240] mkdir("./file0", 0777) = 0 [pid 8243] <... write resumed>) = 16777216 [pid 8240] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8236] <... mount resumed>) = 0 [pid 8243] munmap(0x7fda9371b000, 138412032 [pid 8236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 126.872180][ T8240] loop1: detected capacity change from 0 to 32768 [pid 8236] chdir("./file0" [pid 8243] <... munmap resumed>) = 0 [pid 8236] <... chdir resumed>) = 0 [pid 8236] ioctl(4, LOOP_CLR_FD [pid 8243] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8236] <... ioctl resumed>) = 0 [pid 8236] close(4 [pid 8243] <... openat resumed>) = 4 [pid 8243] ioctl(4, LOOP_SET_FD, 3 [pid 8236] <... close resumed>) = 0 [pid 8236] open("./file0", O_RDONLY) = 4 [pid 8236] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8232] <... mount resumed>) = 0 [pid 8243] <... ioctl resumed>) = 0 [pid 8236] <... ioctl resumed>) = 0 [pid 8236] open("./file0", O_RDONLY) = 5 [pid 8232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8236] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8243] close(3 [pid 8236] <... ioctl resumed>) = 0 [pid 8232] <... openat resumed>) = 3 [pid 8243] <... close resumed>) = 0 [pid 8236] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8232] chdir("./file0" [pid 8243] mkdir("./file0", 0777 [pid 8236] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8232] <... chdir resumed>) = 0 [pid 8243] <... mkdir resumed>) = 0 [pid 8236] exit_group(0 [pid 8232] ioctl(4, LOOP_CLR_FD [pid 8243] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8232] <... ioctl resumed>) = 0 [pid 8236] <... exit_group resumed>) = ? [pid 8232] close(4) = 0 [pid 8232] open("./file0", O_RDONLY) = 4 [pid 8232] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8236] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8236, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [ 126.923430][ T8240] BTRFS: device /dev/loop1 using temp-fsid d8bf8864-520f-4491-82ae-37f572595327 [ 126.938881][ T8240] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8240) [ 126.953637][ T8243] loop4: detected capacity change from 0 to 32768 [pid 5066] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 8232] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8232] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./30/binderfs", [pid 8232] <... open resumed>) = 5 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./30/binderfs" [pid 8232] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8232] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8232] exit_group(0) = ? [pid 8232] +++ exited with 0 +++ [pid 8237] <... mount resumed>) = 0 [pid 8237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8232, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 8237] chdir("./file0") = 0 [pid 5064] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8237] close(4) = 0 [pid 8237] open("./file0", O_RDONLY [pid 5064] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8237] <... open resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 8237] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 126.996110][ T8243] BTRFS: device /dev/loop4 using temp-fsid e772320b-a559-494b-93b5-002d6e007d8c [ 127.025686][ T8243] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8243) [pid 8237] <... ioctl resumed>) = 0 [pid 5064] unlink("./29/binderfs" [pid 8237] open("./file0", O_RDONLY [pid 5064] <... unlink resumed>) = 0 [pid 8237] <... open resumed>) = 5 [pid 5064] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8237] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8237] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8237] exit_group(0) = ? [pid 8237] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8237, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./29/binderfs") = 0 [pid 5069] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./30/file0") = 0 [pid 8242] <... mount resumed>) = 0 [pid 5066] getdents64(3, [pid 8242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8242] <... openat resumed>) = 3 [pid 5066] close(3 [pid 8242] chdir("./file0" [pid 5066] <... close resumed>) = 0 [pid 8242] <... chdir resumed>) = 0 [pid 5066] rmdir("./30" [pid 8242] ioctl(4, LOOP_CLR_FD [pid 5066] <... rmdir resumed>) = 0 [pid 8242] <... ioctl resumed>) = 0 [pid 5066] mkdir("./31", 0777 [pid 8242] close(4 [pid 5066] <... mkdir resumed>) = 0 [pid 8242] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8242] open("./file0", O_RDONLY [pid 5066] <... openat resumed>) = 3 [pid 8242] <... open resumed>) = 4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = 0 [pid 8242] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... ioctl resumed>) = 0 [pid 5064] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./29/file0", ./strace-static-x86_64: Process 8342 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8342] set_robust_list(0x555557145760, 24) = 0 [pid 5064] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8342] chdir("./31" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8342] <... chdir resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 8342] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 8342 [pid 5064] newfstatat(4, "", [pid 8342] <... prctl resumed>) = 0 [pid 8342] setpgid(0, 0 [pid 8240] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8342] <... setpgid resumed>) = 0 [pid 8342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] getdents64(4, [pid 8342] <... openat resumed>) = 3 [pid 8242] <... ioctl resumed>) = 0 [pid 8240] <... openat resumed>) = 3 [pid 5069] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./29/file0", [pid 8240] chdir("./file0" [pid 8242] open("./file0", O_RDONLY [pid 8240] <... chdir resumed>) = 0 [pid 8342] write(3, "1000", 4 [pid 8242] <... open resumed>) = 5 [pid 8240] ioctl(4, LOOP_CLR_FD [pid 5064] close(4 [pid 8342] <... write resumed>) = 4 [pid 8240] <... ioctl resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 8342] close(3 [pid 8242] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8240] close(4 [pid 5064] rmdir("./29/file0" [pid 8342] <... close resumed>) = 0 [pid 8242] <... ioctl resumed>) = 0 [pid 8240] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8342] symlink("/dev/binderfs", "./binderfs" [pid 8240] open("./file0", O_RDONLY) = 4 [pid 5064] getdents64(3, [pid 8342] <... symlink resumed>) = 0 [pid 8240] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8242] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3 [pid 8242] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... close resumed>) = 0 [pid 8242] exit_group(0 [pid 5064] rmdir("./29" [pid 8342] memfd_create("syzkaller", 0 [pid 8242] <... exit_group resumed>) = ? [pid 5064] <... rmdir resumed>) = 0 [pid 8242] +++ exited with 0 +++ [pid 8342] <... memfd_create resumed>) = 3 [pid 5064] mkdir("./30", 0777) = 0 [pid 8342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8342] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... openat resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 8240] <... ioctl resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8242, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3 [pid 8240] open("./file0", O_RDONLY [pid 5064] <... close resumed>) = 0 [pid 8240] <... open resumed>) = 5 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 5069] getdents64(4, [pid 5067] <... restart_syscall resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8240] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 8344 attached [pid 5069] close(4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8344] set_robust_list(0x555557145760, 24 [pid 5067] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... close resumed>) = 0 [pid 8344] <... set_robust_list resumed>) = 0 [pid 5069] rmdir("./29/file0" [pid 5067] <... openat resumed>) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8344 [pid 8344] chdir("./30" [pid 5067] newfstatat(3, "", [pid 5069] <... rmdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(3, [pid 8344] <... chdir resumed>) = 0 [pid 5069] close(3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... close resumed>) = 0 [pid 8344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] rmdir("./29") = 0 [pid 8344] setpgid(0, 0 [pid 5069] mkdir("./30", 0777 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./29/binderfs", [pid 5069] <... mkdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8344] <... setpgid resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] unlink("./29/binderfs" [pid 8344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... unlink resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5067] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8344] <... openat resumed>) = 3 [pid 8344] write(3, "1000", 4 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 8344] <... write resumed>) = 4 [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8344] close(3 [pid 8240] <... ioctl resumed>) = 0 [pid 8240] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8240] exit_group(0) = ? [pid 8240] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8240, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./29/binderfs") = 0 [pid 5065] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8344] <... close resumed>) = 0 [pid 8344] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 8345 attached [pid 8344] memfd_create("syzkaller", 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8345 [pid 8344] <... memfd_create resumed>) = 3 [pid 8345] set_robust_list(0x555557145760, 24 [pid 8344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8345] <... set_robust_list resumed>) = 0 [pid 8345] chdir("./30" [pid 8344] <... mmap resumed>) = 0x7fda9371b000 [pid 8345] <... chdir resumed>) = 0 [pid 8345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8345] setpgid(0, 0) = 0 [pid 8345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8243] <... mount resumed>) = 0 [pid 8243] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8243] chdir("./file0") = 0 [pid 8345] <... openat resumed>) = 3 [pid 8243] ioctl(4, LOOP_CLR_FD [pid 8345] write(3, "1000", 4 [pid 8243] <... ioctl resumed>) = 0 [pid 8345] <... write resumed>) = 4 [pid 8345] close(3) = 0 [pid 8345] symlink("/dev/binderfs", "./binderfs" [pid 8243] close(4 [pid 8345] <... symlink resumed>) = 0 [pid 8243] <... close resumed>) = 0 [pid 8345] memfd_create("syzkaller", 0 [pid 8243] open("./file0", O_RDONLY) = 4 [pid 8345] <... memfd_create resumed>) = 3 [pid 8243] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8243] <... ioctl resumed>) = 0 [pid 8243] open("./file0", O_RDONLY) = 5 [pid 8243] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8243] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8243] exit_group(0) = ? [pid 8243] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8243, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- [pid 5068] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./29/binderfs") = 0 [pid 5068] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(AT_FDCWD, "./29/file0", [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./29/file0" [pid 5067] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./29" [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5067] getdents64(4, [pid 5065] mkdir("./30", 0777 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 5065] <... mkdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] close(4 [pid 5065] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5067] rmdir("./29/file0") = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 8342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] close(3./strace-static-x86_64: Process 8349 attached ) = 0 [pid 5067] rmdir("./29" [pid 8349] set_robust_list(0x555557145760, 24) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8349 [pid 8349] chdir("./30") = 0 [pid 5067] mkdir("./30", 0777 [pid 8349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 8349] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... openat resumed>) = 3 [pid 8349] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 8349] write(3, "1000", 4) = 4 [pid 5067] <... ioctl resumed>) = 0 [pid 8349] close(3 [pid 5067] close(3 [pid 8349] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 8349] symlink("/dev/binderfs", "./binderfs" [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8350 attached [pid 8349] <... symlink resumed>) = 0 [pid 8350] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 8350 [pid 8350] <... set_robust_list resumed>) = 0 [pid 8349] memfd_create("syzkaller", 0 [pid 8344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8349] <... memfd_create resumed>) = 3 [pid 8350] chdir("./30" [pid 8349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8350] <... chdir resumed>) = 0 [pid 8349] <... mmap resumed>) = 0x7fda9371b000 [pid 8350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8350] setpgid(0, 0) = 0 [pid 8350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8350] write(3, "1000", 4) = 4 [pid 8350] close(3) = 0 [pid 8350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8350] memfd_create("syzkaller", 0) = 3 [pid 8350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./29/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./29") = 0 [pid 5068] mkdir("./30", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 8349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8351 attached , child_tidptr=0x555557145750) = 8351 [pid 8351] set_robust_list(0x555557145760, 24) = 0 [pid 8351] chdir("./30") = 0 [pid 8351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8351] setpgid(0, 0) = 0 [pid 8351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8351] write(3, "1000", 4) = 4 [pid 8351] close(3) = 0 [pid 8351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8351] memfd_create("syzkaller", 0) = 3 [pid 8351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8342] <... write resumed>) = 16777216 [pid 8351] <... mmap resumed>) = 0x7fda9371b000 [pid 8342] munmap(0x7fda9371b000, 138412032) = 0 [pid 8350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8345] <... write resumed>) = 16777216 [pid 8342] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8345] munmap(0x7fda9371b000, 138412032) = 0 [pid 8342] close(3) = 0 [pid 8342] mkdir("./file0", 0777) = 0 [ 128.601215][ T8342] loop2: detected capacity change from 0 to 32768 [pid 8342] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8345] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 8344] <... write resumed>) = 16777216 [pid 8345] ioctl(4, LOOP_SET_FD, 3 [pid 8344] munmap(0x7fda9371b000, 138412032 [pid 8345] <... ioctl resumed>) = 0 [pid 8344] <... munmap resumed>) = 0 [pid 8345] close(3 [pid 8344] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 8345] <... close resumed>) = 0 [pid 8345] mkdir("./file0", 0777 [pid 8344] <... openat resumed>) = 4 [pid 8345] <... mkdir resumed>) = 0 [pid 8345] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 128.643241][ T8342] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8342) [ 128.659825][ T8345] loop5: detected capacity change from 0 to 32768 [pid 8344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8344] close(3) = 0 [pid 8344] mkdir("./file0", 0777) = 0 [ 128.699659][ T8344] loop0: detected capacity change from 0 to 32768 [ 128.729067][ T8344] BTRFS: device /dev/loop0 using temp-fsid 09a07447-7a45-4258-80ab-e2e804934df3 [ 128.745290][ T8344] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8344) [pid 8344] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8349] <... write resumed>) = 16777216 [pid 8349] munmap(0x7fda9371b000, 138412032) = 0 [pid 8349] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 128.819915][ T8345] BTRFS: device /dev/loop5 using temp-fsid d39f9910-cc99-4289-bf32-80b54f54bab5 [pid 8349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8349] close(3) = 0 [pid 8349] mkdir("./file0", 0777) = 0 [ 128.865788][ T8349] loop1: detected capacity change from 0 to 32768 [ 128.879673][ T8345] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8345) [pid 8349] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8350] <... write resumed>) = 16777216 [pid 8350] munmap(0x7fda9371b000, 138412032) = 0 [pid 8350] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 128.954523][ T8349] BTRFS: device /dev/loop1 using temp-fsid 759e8fbf-772c-4d79-b2f5-788f64366c75 [ 128.954914][ T8345] _btrfs_printk: 80 callbacks suppressed [ 128.954925][ T8345] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 128.969106][ T8349] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8349) [ 128.977398][ T8342] BTRFS info (device loop2): enabling ssd optimizations [ 128.999463][ T8345] BTRFS info (device loop5): force clearing of disk cache [ 129.000205][ T8350] loop3: detected capacity change from 0 to 32768 [ 129.006750][ T8345] BTRFS info (device loop5): setting nodatasum [ 129.019287][ T8345] BTRFS info (device loop5): allowing degraded mounts [ 129.026054][ T8345] BTRFS info (device loop5): enabling disk space caching [ 129.034381][ T8345] BTRFS info (device loop5): disk space caching is enabled [ 129.038045][ T8349] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8350] close(3) = 0 [pid 8350] mkdir("./file0", 0777) = 0 [ 129.043070][ T8342] BTRFS info (device loop2): auto enabling async discard [ 129.070666][ T8349] BTRFS info (device loop1): force clearing of disk cache [ 129.079663][ T8350] BTRFS: device /dev/loop3 using temp-fsid b0153d9a-2e0d-4b05-af9f-2d045e46d39e [ 129.089384][ T8342] BTRFS info (device loop2): rebuilding free space tree [ 129.099363][ T8344] BTRFS info (device loop0): enabling ssd optimizations [ 129.099712][ T8350] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8350) [ 129.106305][ T8344] BTRFS info (device loop0): auto enabling async discard [ 129.109326][ T8344] BTRFS info (device loop0): rebuilding free space tree [ 129.123187][ T8349] BTRFS info (device loop1): setting nodatasum [ 129.143092][ T8342] BTRFS info (device loop2): disabling free space tree [pid 8350] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8351] <... write resumed>) = 16777216 [pid 8351] munmap(0x7fda9371b000, 138412032) = 0 [pid 8351] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 129.152264][ T8342] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 129.164151][ T8344] BTRFS info (device loop0): disabling free space tree [ 129.166697][ T8349] BTRFS info (device loop1): allowing degraded mounts [ 129.178866][ T8342] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 129.190203][ T8350] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8351] ioctl(4, LOOP_SET_FD, 3 [pid 8342] <... mount resumed>) = 0 [pid 8351] <... ioctl resumed>) = 0 [pid 8342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8351] close(3 [pid 8342] <... openat resumed>) = 3 [pid 8351] <... close resumed>) = 0 [ 129.191963][ T8349] BTRFS info (device loop1): enabling disk space caching [ 129.203184][ T8344] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 129.206665][ T8349] BTRFS info (device loop1): disk space caching is enabled [ 129.218639][ T8351] loop4: detected capacity change from 0 to 32768 [ 129.231073][ T8342] BTRFS info (device loop2): checking UUID tree [ 129.231415][ T8350] BTRFS info (device loop3): force clearing of disk cache [ 129.237777][ T8344] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8342] chdir("./file0" [pid 8351] mkdir("./file0", 0777) = 0 [pid 8351] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8342] <... chdir resumed>) = 0 [pid 8342] ioctl(4, LOOP_CLR_FD) = 0 [ 129.260603][ T8345] BTRFS info (device loop5): enabling ssd optimizations [ 129.265852][ T8351] BTRFS: device /dev/loop4 using temp-fsid 37886703-34a1-4fc6-a092-4f0283567f12 [ 129.267778][ T8345] BTRFS info (device loop5): auto enabling async discard [ 129.278584][ T8350] BTRFS info (device loop3): setting nodatasum [ 129.285610][ T8351] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8351) [ 129.293227][ T8350] BTRFS info (device loop3): allowing degraded mounts [pid 8342] close(4) = 0 [pid 8344] <... mount resumed>) = 0 [pid 8344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8342] open("./file0", O_RDONLY [pid 8344] <... openat resumed>) = 3 [pid 8342] <... open resumed>) = 4 [pid 8344] chdir("./file0" [pid 8342] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8344] <... chdir resumed>) = 0 [pid 8344] ioctl(4, LOOP_CLR_FD) = 0 [pid 8344] close(4) = 0 [pid 8342] <... ioctl resumed>) = 0 [pid 8344] open("./file0", O_RDONLY [pid 8342] open("./file0", O_RDONLY [pid 8344] <... open resumed>) = 4 [pid 8344] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8342] <... open resumed>) = 5 [ 129.309973][ T8345] BTRFS info (device loop5): rebuilding free space tree [ 129.310538][ T8350] BTRFS info (device loop3): enabling disk space caching [ 129.318940][ T8344] BTRFS info (device loop0): checking UUID tree [ 129.324679][ T8350] BTRFS info (device loop3): disk space caching is enabled [ 129.338612][ T8345] BTRFS info (device loop5): disabling free space tree [ 129.348093][ T8351] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8342] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8344] <... ioctl resumed>) = 0 [pid 8342] <... ioctl resumed>) = 0 [pid 8342] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8342] exit_group(0) = ? [pid 8342] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8342, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5066] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 129.367881][ T8345] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 129.381390][ T8351] BTRFS info (device loop4): force clearing of disk cache [ 129.398752][ T8351] BTRFS info (device loop4): setting nodatasum [ 129.399229][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] unlink("./31/binderfs" [pid 8344] open("./file0", O_RDONLY) = 5 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8344] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8344] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8344] exit_group(0) = ? [ 129.404939][ T8351] BTRFS info (device loop4): allowing degraded mounts [ 129.414064][ T8345] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 129.437502][ T8345] BTRFS info (device loop5): checking UUID tree [ 129.445544][ T8351] BTRFS info (device loop4): enabling disk space caching [ 129.446947][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 8344] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8344, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- [pid 8345] <... mount resumed>) = 0 [pid 5064] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 8345] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 8345] chdir("./file0") = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8345] ioctl(4, LOOP_CLR_FD [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8345] <... ioctl resumed>) = 0 [pid 5064] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8345] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8345] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./30/binderfs", [pid 8345] open("./file0", O_RDONLY [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8345] <... open resumed>) = 4 [ 129.453421][ T8351] BTRFS info (device loop4): disk space caching is enabled [pid 5064] unlink("./30/binderfs") = 0 [pid 8345] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 129.507763][ T8349] BTRFS info (device loop1): enabling ssd optimizations [ 129.537034][ T8349] BTRFS info (device loop1): auto enabling async discard [pid 5064] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8345] <... ioctl resumed>) = 0 [pid 8345] open("./file0", O_RDONLY) = 5 [pid 8345] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8345] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8345] exit_group(0) = ? [pid 8345] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8345, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 5069] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 129.576342][ T8349] BTRFS info (device loop1): rebuilding free space tree [ 129.590657][ T8350] BTRFS info (device loop3): enabling ssd optimizations [ 129.609220][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./30/binderfs") = 0 [ 129.620614][ T8350] BTRFS info (device loop3): auto enabling async discard [ 129.621616][ T8349] BTRFS info (device loop1): disabling free space tree [ 129.650063][ T8350] BTRFS info (device loop3): rebuilding free space tree [ 129.652231][ T8349] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 129.668573][ T8351] BTRFS info (device loop4): enabling ssd optimizations [pid 5069] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] newfstatat(AT_FDCWD, "./30/file0", [pid 5066] getdents64(4, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./31/file0" [pid 5064] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5064] <... openat resumed>) = 4 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] newfstatat(4, "", [pid 5066] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 5066] rmdir("./31" [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] getdents64(4, [pid 5066] mkdir("./32", 0777 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] close(4 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5064] <... close resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] rmdir("./30/file0" [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] close(3 [pid 5064] getdents64(3, [pid 5066] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [ 129.670276][ T8349] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] close(3) = 0 [pid 5064] rmdir("./30") = 0 [pid 5064] mkdir("./31", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8448 ./strace-static-x86_64: Process 8448 attached [pid 8448] set_robust_list(0x555557145760, 24) = 0 ./strace-static-x86_64: Process 8449 attached [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 8449 [ 129.723999][ T8351] BTRFS info (device loop4): auto enabling async discard [ 129.725526][ T8350] BTRFS info (device loop3): disabling free space tree [ 129.743074][ T8349] BTRFS info (device loop1): checking UUID tree [ 129.750479][ T8350] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 129.762143][ T8351] BTRFS info (device loop4): rebuilding free space tree [pid 8449] set_robust_list(0x555557145760, 24) = 0 [pid 8448] chdir("./31" [pid 8449] chdir("./32") = 0 [pid 8448] <... chdir resumed>) = 0 [pid 8449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8449] setpgid(0, 0) = 0 [pid 8448] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8448] <... prctl resumed>) = 0 [pid 8349] <... mount resumed>) = 0 [pid 8449] write(3, "1000", 4) = 4 [pid 8449] close(3 [pid 8448] setpgid(0, 0 [pid 8349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8449] <... close resumed>) = 0 [pid 8448] <... setpgid resumed>) = 0 [pid 8349] <... openat resumed>) = 3 [pid 8449] symlink("/dev/binderfs", "./binderfs" [pid 8448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8349] chdir("./file0" [pid 8449] <... symlink resumed>) = 0 [pid 8448] <... openat resumed>) = 3 [pid 8349] <... chdir resumed>) = 0 [pid 8449] memfd_create("syzkaller", 0 [pid 8448] write(3, "1000", 4 [pid 8349] ioctl(4, LOOP_CLR_FD [pid 8448] <... write resumed>) = 4 [pid 8349] <... ioctl resumed>) = 0 [ 129.762253][ T8350] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8449] <... memfd_create resumed>) = 3 [pid 8349] close(4 [pid 8449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8349] <... close resumed>) = 0 [pid 8448] close(3 [pid 8349] open("./file0", O_RDONLY [pid 8448] <... close resumed>) = 0 [pid 8448] symlink("/dev/binderfs", "./binderfs" [pid 8349] <... open resumed>) = 4 [pid 8448] <... symlink resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 8448] memfd_create("syzkaller", 0 [pid 5069] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8448] <... memfd_create resumed>) = 3 [pid 8349] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8349] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8448] <... mmap resumed>) = 0x7fda9371b000 [pid 8349] open("./file0", O_RDONLY [ 129.815347][ T8350] BTRFS info (device loop3): checking UUID tree [ 129.847118][ T8351] BTRFS info (device loop4): disabling free space tree [pid 5069] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8349] <... open resumed>) = 5 [pid 5069] <... openat resumed>) = 4 [pid 8349] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] newfstatat(4, "", [pid 8349] <... ioctl resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8350] <... mount resumed>) = 0 [pid 8349] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] getdents64(4, [pid 8350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8349] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 8349] exit_group(0 [pid 8350] <... openat resumed>) = 3 [pid 8349] <... exit_group resumed>) = ? [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 8349] +++ exited with 0 +++ [pid 5069] <... close resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8349, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- [ 129.889979][ T8351] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 129.906649][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5069] rmdir("./30/file0" [pid 8350] chdir("./file0" [pid 5069] <... rmdir resumed>) = 0 [pid 5065] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8350] <... chdir resumed>) = 0 [pid 5069] getdents64(3, [pid 5065] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8350] ioctl(4, LOOP_CLR_FD [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5069] close(3 [pid 8350] <... ioctl resumed>) = 0 [pid 8350] close(4 [pid 5069] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 8350] <... close resumed>) = 0 [pid 5069] rmdir("./30" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./30/binderfs") = 0 [pid 5065] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... rmdir resumed>) = 0 [pid 8350] open("./file0", O_RDONLY) = 4 [pid 5069] mkdir("./31", 0777 [pid 8350] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 8350] <... ioctl resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8453 attached [pid 8350] open("./file0", O_RDONLY) = 5 [pid 8350] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8453] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8453 [ 129.940356][ T8351] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8453] <... set_robust_list resumed>) = 0 [pid 8453] chdir("./31") = 0 [pid 8453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8453] setpgid(0, 0) = 0 [pid 8453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8453] write(3, "1000", 4) = 4 [pid 8453] close(3) = 0 [pid 8350] <... ioctl resumed>) = 0 [pid 8453] symlink("/dev/binderfs", "./binderfs" [pid 8350] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8453] <... symlink resumed>) = 0 [pid 8350] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 130.017613][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 130.021141][ T8351] BTRFS info (device loop4): checking UUID tree [pid 8350] exit_group(0) = ? [pid 8453] memfd_create("syzkaller", 0 [pid 8350] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8350, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- [pid 8453] <... memfd_create resumed>) = 3 [pid 5067] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8453] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8351] <... mount resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 8351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8351] chdir("./file0" [pid 5067] newfstatat(AT_FDCWD, "./30/binderfs", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8351] <... chdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./30/file0", [pid 8351] ioctl(4, LOOP_CLR_FD [pid 5067] unlink("./30/binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8351] <... ioctl resumed>) = 0 [pid 5065] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8351] close(4 [pid 5067] <... unlink resumed>) = 0 [pid 8351] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8351] open("./file0", O_RDONLY [pid 5065] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8351] <... open resumed>) = 4 [pid 8351] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 8351] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8351] open("./file0", O_RDONLY [pid 5065] getdents64(4, [pid 8351] <... open resumed>) = 5 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8351] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] close(4) = 0 [pid 5065] rmdir("./30/file0") = 0 [pid 8351] <... ioctl resumed>) = 0 [pid 5065] getdents64(3, [pid 8449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8351] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8351] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] close(3 [pid 8351] exit_group(0 [pid 5065] <... close resumed>) = 0 [pid 8351] <... exit_group resumed>) = ? [pid 5065] rmdir("./30" [pid 8351] +++ exited with 0 +++ [pid 5065] <... rmdir resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8351, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- [pid 5065] mkdir("./31", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5065] close(3 [pid 5068] newfstatat(3, "", [pid 5065] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8456 [pid 5068] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 8456 attached [pid 5068] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8456] set_robust_list(0x555557145760, 24 [pid 5068] unlink("./30/binderfs" [pid 8456] <... set_robust_list resumed>) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 8456] chdir("./31" [pid 5068] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8456] <... chdir resumed>) = 0 [pid 8456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8456] setpgid(0, 0) = 0 [pid 8456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8456] write(3, "1000", 4) = 4 [ 130.301341][ T42] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 8456] close(3) = 0 [pid 8456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8456] memfd_create("syzkaller", 0) = 3 [pid 8456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./30/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./30") = 0 [pid 5067] mkdir("./31", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8458 attached [pid 8458] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 8458 [pid 8458] <... set_robust_list resumed>) = 0 [pid 8458] chdir("./31") = 0 [pid 8458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8458] setpgid(0, 0) = 0 [pid 8458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8458] write(3, "1000", 4) = 4 [pid 8458] close(3) = 0 [pid 8458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8458] memfd_create("syzkaller", 0) = 3 [pid 8458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./30/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./30") = 0 [pid 5068] mkdir("./31", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8459 ./strace-static-x86_64: Process 8459 attached [pid 8459] set_robust_list(0x555557145760, 24) = 0 [pid 8459] chdir("./31") = 0 [pid 8459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8459] setpgid(0, 0) = 0 [pid 8459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8449] <... write resumed>) = 16777216 [pid 8459] <... openat resumed>) = 3 [pid 8459] write(3, "1000", 4) = 4 [pid 8459] close(3) = 0 [pid 8459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8459] memfd_create("syzkaller", 0) = 3 [pid 8459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8449] munmap(0x7fda9371b000, 138412032) = 0 [pid 8456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8449] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8449] close(3) = 0 [pid 8449] mkdir("./file0", 0777) = 0 [ 130.964754][ T8449] loop2: detected capacity change from 0 to 32768 [ 131.024095][ T8449] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8449) [ 131.103761][ T8449] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 131.158828][ T8449] BTRFS info (device loop2): force clearing of disk cache [ 131.198819][ T8449] BTRFS info (device loop2): setting nodatasum [pid 8449] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8448] <... write resumed>) = 16777216 [ 131.205026][ T8449] BTRFS info (device loop2): allowing degraded mounts [pid 8448] munmap(0x7fda9371b000, 138412032) = 0 [pid 8448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8448] close(3) = 0 [pid 8448] mkdir("./file0", 0777 [pid 8459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8448] <... mkdir resumed>) = 0 [ 131.259810][ T8449] BTRFS info (device loop2): enabling disk space caching [ 131.266957][ T8449] BTRFS info (device loop2): disk space caching is enabled [ 131.279891][ T8448] loop0: detected capacity change from 0 to 32768 [ 131.330561][ T8448] BTRFS: device /dev/loop0 using temp-fsid aef8e893-10b2-4ca4-b9cc-5f1ec716bf6a [ 131.358880][ T8448] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8448) [pid 8448] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8453] <... write resumed>) = 16777216 [pid 8453] munmap(0x7fda9371b000, 138412032) = 0 [ 131.415423][ T8448] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8453] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 8453] ioctl(4, LOOP_SET_FD, 3 [pid 8456] <... write resumed>) = 16777216 [pid 8456] munmap(0x7fda9371b000, 138412032 [pid 8453] <... ioctl resumed>) = 0 [pid 8453] close(3) = 0 [ 131.480039][ T8448] BTRFS info (device loop0): force clearing of disk cache [ 131.487182][ T8448] BTRFS info (device loop0): setting nodatasum [ 131.505012][ T8453] loop5: detected capacity change from 0 to 32768 [ 131.520170][ T8449] BTRFS info (device loop2): enabling ssd optimizations [pid 8453] mkdir("./file0", 0777) = 0 [pid 8453] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8456] <... munmap resumed>) = 0 [pid 8456] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8459] <... write resumed>) = 16777216 [pid 8456] <... openat resumed>) = 4 [pid 8459] munmap(0x7fda9371b000, 138412032 [ 131.531787][ T8453] BTRFS: device /dev/loop5 using temp-fsid 2c55eee8-190e-4b53-90f3-bc024bd83c69 [ 131.541511][ T8449] BTRFS info (device loop2): auto enabling async discard [ 131.547344][ T8448] BTRFS info (device loop0): allowing degraded mounts [ 131.555769][ T8448] BTRFS info (device loop0): enabling disk space caching [ 131.559581][ T8449] BTRFS info (device loop2): rebuilding free space tree [ 131.563389][ T8448] BTRFS info (device loop0): disk space caching is enabled [pid 8456] ioctl(4, LOOP_SET_FD, 3 [pid 8459] <... munmap resumed>) = 0 [pid 8456] <... ioctl resumed>) = 0 [pid 8459] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8456] close(3 [pid 8459] <... openat resumed>) = 4 [pid 8459] ioctl(4, LOOP_SET_FD, 3 [pid 8456] <... close resumed>) = 0 [pid 8459] <... ioctl resumed>) = 0 [pid 8459] close(3 [pid 8456] mkdir("./file0", 0777 [pid 8459] <... close resumed>) = 0 [pid 8456] <... mkdir resumed>) = 0 [pid 8459] mkdir("./file0", 0777 [pid 8456] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8459] <... mkdir resumed>) = 0 [ 131.577803][ T8456] loop1: detected capacity change from 0 to 32768 [ 131.586091][ T8453] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8453) [ 131.602964][ T8459] loop4: detected capacity change from 0 to 32768 [ 131.621611][ T8456] BTRFS: device /dev/loop1 using temp-fsid 650be242-f5f6-475a-ae78-a1598aa9ceb4 [pid 8459] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8458] <... write resumed>) = 16777216 [ 131.632201][ T8453] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 131.642669][ T8453] BTRFS info (device loop5): force clearing of disk cache [ 131.651488][ T8456] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8456) [ 131.657731][ T8453] BTRFS info (device loop5): setting nodatasum [ 131.665984][ T8449] BTRFS info (device loop2): disabling free space tree [pid 8458] munmap(0x7fda9371b000, 138412032) = 0 [pid 8458] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8458] ioctl(4, LOOP_SET_FD, 3) = 0 [ 131.670839][ T8453] BTRFS info (device loop5): allowing degraded mounts [ 131.684523][ T8449] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 131.694073][ T8453] BTRFS info (device loop5): enabling disk space caching [ 131.702004][ T8453] BTRFS info (device loop5): disk space caching is enabled [ 131.710689][ T8458] loop3: detected capacity change from 0 to 32768 [ 131.713104][ T8456] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8458] close(3) = 0 [pid 8458] mkdir("./file0", 0777) = 0 [ 131.719338][ T8449] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 131.730418][ T8459] BTRFS: device /dev/loop4 using temp-fsid 8a09a616-8037-4531-8db6-e4f54519669a [ 131.746120][ T8459] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8459) [ 131.765297][ T8456] BTRFS info (device loop1): force clearing of disk cache [ 131.772618][ T8458] BTRFS: device /dev/loop3 using temp-fsid ec01c8e8-0e5c-4d38-9de3-abbef383ece4 [pid 8458] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8449] <... mount resumed>) = 0 [pid 8449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8449] chdir("./file0") = 0 [pid 8449] ioctl(4, LOOP_CLR_FD) = 0 [ 131.773730][ T8449] BTRFS info (device loop2): checking UUID tree [ 131.784791][ T8458] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8458) [ 131.791238][ T8456] BTRFS info (device loop1): setting nodatasum [pid 8449] close(4) = 0 [pid 8448] <... mount resumed>) = 0 [pid 8449] open("./file0", O_RDONLY [pid 8448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8449] <... open resumed>) = 4 [pid 8448] <... openat resumed>) = 3 [pid 8449] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8448] chdir("./file0") = 0 [pid 8448] ioctl(4, LOOP_CLR_FD) = 0 [pid 8448] close(4 [pid 8453] <... mount resumed>) = 0 [pid 8448] <... close resumed>) = 0 [pid 8453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8448] open("./file0", O_RDONLY [pid 8449] <... ioctl resumed>) = 0 [pid 8449] open("./file0", O_RDONLY [pid 8453] <... openat resumed>) = 3 [pid 8448] <... open resumed>) = 4 [pid 8453] chdir("./file0" [pid 8448] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8453] <... chdir resumed>) = 0 [pid 8453] ioctl(4, LOOP_CLR_FD) = 0 [pid 8449] <... open resumed>) = 5 [pid 8453] close(4 [pid 8449] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8453] <... close resumed>) = 0 [pid 8453] open("./file0", O_RDONLY) = 4 [pid 8453] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8448] <... ioctl resumed>) = 0 [pid 8448] open("./file0", O_RDONLY) = 5 [pid 8448] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8448] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8448] exit_group(0) = ? [pid 8448] +++ exited with 0 +++ [pid 8449] <... ioctl resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8448, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 8449] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 8449] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8449] exit_group(0) = ? [pid 5064] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8449] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8449, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5066] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] unlink("./31/binderfs" [pid 5066] <... openat resumed>) = 3 [pid 8453] <... ioctl resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 8453] open("./file0", O_RDONLY [pid 5064] <... unlink resumed>) = 0 [pid 8453] <... open resumed>) = 5 [pid 5064] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8453] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8453] <... ioctl resumed>) = 0 [pid 5066] unlink("./32/binderfs" [pid 8453] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8453] exit_group(0 [pid 5066] <... unlink resumed>) = 0 [pid 8453] <... exit_group resumed>) = ? [pid 8453] +++ exited with 0 +++ [pid 5066] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8453, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5069] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./31/binderfs") = 0 [pid 5069] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8459] <... mount resumed>) = 0 [pid 8458] <... mount resumed>) = 0 [pid 8456] <... mount resumed>) = 0 [pid 8458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8458] <... openat resumed>) = 3 [pid 8456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8458] chdir("./file0") = 0 [pid 8459] <... openat resumed>) = 3 [pid 8458] ioctl(4, LOOP_CLR_FD [pid 8456] <... openat resumed>) = 3 [pid 8459] chdir("./file0" [pid 8458] <... ioctl resumed>) = 0 [pid 8456] chdir("./file0" [pid 8459] <... chdir resumed>) = 0 [pid 8456] <... chdir resumed>) = 0 [pid 8459] ioctl(4, LOOP_CLR_FD [pid 8456] ioctl(4, LOOP_CLR_FD [pid 8458] close(4 [pid 8459] <... ioctl resumed>) = 0 [pid 8456] <... ioctl resumed>) = 0 [pid 8459] close(4 [pid 8458] <... close resumed>) = 0 [pid 8456] close(4 [pid 8458] open("./file0", O_RDONLY [pid 8456] <... close resumed>) = 0 [pid 8459] <... close resumed>) = 0 [pid 8456] open("./file0", O_RDONLY [pid 8458] <... open resumed>) = 4 [pid 8456] <... open resumed>) = 4 [pid 8459] open("./file0", O_RDONLY [pid 8456] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8459] <... open resumed>) = 4 [pid 8458] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8459] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8459] <... ioctl resumed>) = 0 [pid 8459] open("./file0", O_RDONLY [pid 8456] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8459] <... open resumed>) = 5 [pid 8456] open("./file0", O_RDONLY [pid 8459] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] newfstatat(AT_FDCWD, "./31/file0", [pid 8459] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8459] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8458] <... ioctl resumed>) = 0 [pid 8456] <... open resumed>) = 5 [pid 8459] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8456] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8459] exit_group(0) = ? [pid 8459] +++ exited with 0 +++ [pid 5064] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8458] open("./file0", O_RDONLY [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8459, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8456] <... ioctl resumed>) = 0 [pid 8456] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8456] exit_group(0) = ? [pid 8456] +++ exited with 0 +++ [pid 8458] <... open resumed>) = 5 [pid 5064] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8458] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8456, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 5064] <... openat resumed>) = 4 [pid 8458] <... ioctl resumed>) = 0 [pid 5068] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 8458] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8458] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8458] exit_group(0 [pid 5068] <... openat resumed>) = 3 [pid 5064] getdents64(4, [pid 8458] <... exit_group resumed>) = ? [pid 5068] newfstatat(3, "", [pid 8458] +++ exited with 0 +++ [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(3, [pid 5065] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8458, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5064] getdents64(4, [pid 5068] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5067] <... restart_syscall resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... close resumed>) = 0 [pid 5068] unlink("./31/binderfs" [pid 5065] <... openat resumed>) = 3 [pid 5064] rmdir("./31/file0" [pid 5067] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(3, "", [pid 5064] <... rmdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... unlink resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5068] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5067] <... openat resumed>) = 3 [pid 5065] getdents64(3, [pid 5067] newfstatat(3, "", [pid 5064] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] rmdir("./31" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, [pid 5065] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./32", 0777) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5065] unlink("./31/binderfs" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5065] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./31/binderfs"./strace-static-x86_64: Process 8559 attached ) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8559 [pid 5067] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8559] set_robust_list(0x555557145760, 24) = 0 [pid 8559] chdir("./32") = 0 [pid 8559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 8559] setpgid(0, 0) = 0 [pid 8559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./31/file0", [pid 8559] write(3, "1000", 4) = 4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8559] close(3 [pid 5069] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8559] <... close resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 8559] symlink("/dev/binderfs", "./binderfs" [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 8559] <... symlink resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8559] memfd_create("syzkaller", 0 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8559] <... memfd_create resumed>) = 3 [pid 5069] close(4 [pid 8559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./31/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./31" [pid 8559] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./32", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8560 ./strace-static-x86_64: Process 8560 attached [pid 8560] set_robust_list(0x555557145760, 24) = 0 [pid 8560] chdir("./32") = 0 [pid 8560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8560] setpgid(0, 0) = 0 [pid 8560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8560] write(3, "1000", 4) = 4 [pid 8560] close(3) = 0 [pid 8560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8560] memfd_create("syzkaller", 0) = 3 [pid 8560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./31/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./31") = 0 [pid 5068] mkdir("./32", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8564 ./strace-static-x86_64: Process 8564 attached [pid 8564] set_robust_list(0x555557145760, 24) = 0 [pid 8564] chdir("./32") = 0 [pid 8564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8564] setpgid(0, 0) = 0 [pid 8564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8564] write(3, "1000", 4) = 4 [pid 8564] close(3) = 0 [pid 8564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8564] memfd_create("syzkaller", 0) = 3 [pid 8564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./31/file0", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./31/file0", [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... openat resumed>) = 4 [pid 5065] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(4, "", [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5067] getdents64(4, [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] close(4 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./31/file0" [pid 5065] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5065] rmdir("./31/file0" [pid 5067] getdents64(3, [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... close resumed>) = 0 [pid 5065] close(3) = 0 [pid 5067] rmdir("./31" [pid 8559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./31" [pid 5067] mkdir("./32", 0777 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./32/file0", [pid 5065] mkdir("./32", 0777 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5066] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5065] <... openat resumed>) = 3 [pid 5067] <... ioctl resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... ioctl resumed>) = 0 [pid 5067] close(3 [pid 5066] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5065] close(3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] newfstatat(4, "", [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 8565 attached [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 8565 [pid 5066] getdents64(4, [pid 8565] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8566 [pid 5066] getdents64(4, ./strace-static-x86_64: Process 8566 attached [pid 8565] chdir("./32") = 0 [pid 8565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8565] setpgid(0, 0) = 0 [pid 8566] set_robust_list(0x555557145760, 24 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8566] <... set_robust_list resumed>) = 0 [pid 5066] close(4 [pid 8566] chdir("./32") = 0 [pid 5066] <... close resumed>) = 0 [pid 8566] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] rmdir("./32/file0" [pid 8565] <... openat resumed>) = 3 [pid 8565] write(3, "1000", 4) = 4 [pid 8565] close(3) = 0 [pid 8565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8565] memfd_create("syzkaller", 0) = 3 [pid 8565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8566] <... prctl resumed>) = 0 [pid 8564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... rmdir resumed>) = 0 [pid 8566] setpgid(0, 0 [pid 5066] getdents64(3, [pid 8566] <... setpgid resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] close(3 [pid 8566] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./32" [pid 8566] write(3, "1000", 4) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 8566] close(3) = 0 [pid 5066] mkdir("./33", 0777 [pid 8566] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 8566] <... symlink resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 8566] memfd_create("syzkaller", 0 [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5066] close(3 [pid 8566] <... memfd_create resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8567 attached [pid 8566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8567] set_robust_list(0x555557145760, 24 [pid 8566] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 8567 [pid 8567] <... set_robust_list resumed>) = 0 [pid 8567] chdir("./33") = 0 [pid 8567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8567] setpgid(0, 0) = 0 [pid 8567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8567] write(3, "1000", 4) = 4 [pid 8567] close(3) = 0 [pid 8567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8567] memfd_create("syzkaller", 0) = 3 [pid 8567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8559] <... write resumed>) = 16777216 [pid 8559] munmap(0x7fda9371b000, 138412032 [pid 8560] <... write resumed>) = 16777216 [pid 8559] <... munmap resumed>) = 0 [pid 8559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8559] ioctl(4, LOOP_SET_FD, 3 [pid 8560] munmap(0x7fda9371b000, 138412032) = 0 [pid 8559] <... ioctl resumed>) = 0 [pid 8559] close(3) = 0 [pid 8559] mkdir("./file0", 0777) = 0 [ 133.685547][ T8559] loop0: detected capacity change from 0 to 32768 [pid 8559] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8564] <... write resumed>) = 16777216 [pid 8560] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 8564] munmap(0x7fda9371b000, 138412032 [pid 8560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8560] close(3 [pid 8567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8564] <... munmap resumed>) = 0 [pid 8560] <... close resumed>) = 0 [pid 8560] mkdir("./file0", 0777) = 0 [pid 8560] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8564] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 133.723535][ T8559] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8559) [ 133.741843][ T8560] loop5: detected capacity change from 0 to 32768 [ 133.774816][ T8560] BTRFS: device /dev/loop5 using temp-fsid fb44a54e-9eb7-454d-87e7-a8374f26aa2f [ 133.799388][ T8564] loop4: detected capacity change from 0 to 32768 [pid 8564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8564] close(3) = 0 [pid 8564] mkdir("./file0", 0777) = 0 [ 133.841178][ T8560] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8560) [pid 8564] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8566] <... write resumed>) = 16777216 [pid 8566] munmap(0x7fda9371b000, 138412032) = 0 [pid 8566] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 133.890661][ T8564] BTRFS: device /dev/loop4 using temp-fsid 3226de77-72f6-453c-a29b-dd224260c2e7 [ 133.913690][ T8564] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8564) [pid 8566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8566] close(3) = 0 [pid 8566] mkdir("./file0", 0777) = 0 [ 133.940316][ T8566] loop1: detected capacity change from 0 to 32768 [ 133.979481][ T8566] BTRFS: device /dev/loop1 using temp-fsid 49f9a43e-49a0-452f-8f44-121b844e37f9 [ 133.989658][ T8564] _btrfs_printk: 68 callbacks suppressed [ 133.989670][ T8564] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 133.992269][ T8559] BTRFS info (device loop0): enabling ssd optimizations [ 134.006622][ T8564] BTRFS info (device loop4): force clearing of disk cache [ 134.019787][ T8564] BTRFS info (device loop4): setting nodatasum [ 134.025959][ T8564] BTRFS info (device loop4): allowing degraded mounts [pid 8566] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8565] <... write resumed>) = 16777216 [ 134.029031][ T8566] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8566) [ 134.033409][ T8564] BTRFS info (device loop4): enabling disk space caching [ 134.053931][ T8564] BTRFS info (device loop4): disk space caching is enabled [ 134.062667][ T8559] BTRFS info (device loop0): auto enabling async discard [ 134.076988][ T8566] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8565] munmap(0x7fda9371b000, 138412032) = 0 [pid 8565] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8565] close(3) = 0 [pid 8565] mkdir("./file0", 0777) = 0 [ 134.092674][ T8566] BTRFS info (device loop1): force clearing of disk cache [ 134.100862][ T8566] BTRFS info (device loop1): setting nodatasum [ 134.101493][ T8559] BTRFS info (device loop0): rebuilding free space tree [ 134.107613][ T8566] BTRFS info (device loop1): allowing degraded mounts [ 134.121479][ T8565] loop3: detected capacity change from 0 to 32768 [ 134.125031][ T8560] BTRFS info (device loop5): enabling ssd optimizations [ 134.134896][ T8566] BTRFS info (device loop1): enabling disk space caching [pid 8565] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8567] <... write resumed>) = 16777216 [ 134.151702][ T8565] BTRFS: device /dev/loop3 using temp-fsid f016c6aa-d4b8-4a2f-a5dd-5da93919a95d [ 134.166380][ T8559] BTRFS info (device loop0): disabling free space tree [ 134.167722][ T8566] BTRFS info (device loop1): disk space caching is enabled [ 134.174322][ T8559] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.182404][ T8560] BTRFS info (device loop5): auto enabling async discard [pid 8567] munmap(0x7fda9371b000, 138412032) = 0 [pid 8567] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 134.191179][ T8565] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8565) [ 134.203050][ T8559] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.212184][ T8560] BTRFS info (device loop5): rebuilding free space tree [ 134.225926][ T8559] BTRFS info (device loop0): checking UUID tree [ 134.232509][ T8565] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 134.243346][ T8567] loop2: detected capacity change from 0 to 32768 [pid 8567] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8567] close(3) = 0 [pid 8567] mkdir("./file0", 0777) = 0 [pid 8567] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8559] <... mount resumed>) = 0 [ 134.246636][ T8560] BTRFS info (device loop5): disabling free space tree [ 134.258022][ T8564] BTRFS info (device loop4): enabling ssd optimizations [ 134.261704][ T8565] BTRFS info (device loop3): force clearing of disk cache [ 134.266302][ T8560] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.273090][ T8567] BTRFS: device /dev/loop2 using temp-fsid c88f4449-4a45-4b1b-8705-769b6823e9d5 [ 134.282587][ T8565] BTRFS info (device loop3): setting nodatasum [pid 8559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 134.294779][ T8564] BTRFS info (device loop4): auto enabling async discard [ 134.297888][ T8565] BTRFS info (device loop3): allowing degraded mounts [ 134.297908][ T8565] BTRFS info (device loop3): enabling disk space caching [ 134.297924][ T8565] BTRFS info (device loop3): disk space caching is enabled [ 134.298562][ T8567] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8567) [ 134.311158][ T8560] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8559] chdir("./file0") = 0 [pid 8559] ioctl(4, LOOP_CLR_FD) = 0 [pid 8559] close(4) = 0 [ 134.319872][ T8564] BTRFS info (device loop4): rebuilding free space tree [ 134.351680][ T8560] BTRFS info (device loop5): checking UUID tree [ 134.361259][ T8564] BTRFS info (device loop4): disabling free space tree [ 134.369381][ T8564] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.379238][ T8564] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.380407][ T8567] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8559] open("./file0", O_RDONLY) = 4 [pid 8559] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8559] open("./file0", O_RDONLY) = 5 [pid 8559] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8559] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8559] exit_group(0 [pid 8564] <... mount resumed>) = 0 [pid 8559] <... exit_group resumed>) = ? [pid 8559] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8559, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [pid 8564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.392393][ T8564] BTRFS info (device loop4): checking UUID tree [ 134.405345][ T8567] BTRFS info (device loop2): force clearing of disk cache [ 134.412646][ T8567] BTRFS info (device loop2): setting nodatasum [ 134.422368][ T8567] BTRFS info (device loop2): allowing degraded mounts [ 134.430080][ T8567] BTRFS info (device loop2): enabling disk space caching [pid 5064] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8564] <... openat resumed>) = 3 [pid 8560] <... mount resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8564] chdir("./file0" [pid 8560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./32/binderfs") = 0 [pid 5064] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8560] <... openat resumed>) = 3 [pid 8564] <... chdir resumed>) = 0 [pid 8560] chdir("./file0" [pid 8564] ioctl(4, LOOP_CLR_FD [pid 8560] <... chdir resumed>) = 0 [pid 8564] <... ioctl resumed>) = 0 [pid 8560] ioctl(4, LOOP_CLR_FD [pid 8564] close(4 [pid 8560] <... ioctl resumed>) = 0 [pid 8564] <... close resumed>) = 0 [pid 8560] close(4 [pid 8564] open("./file0", O_RDONLY [pid 8560] <... close resumed>) = 0 [pid 8564] <... open resumed>) = 4 [pid 8560] open("./file0", O_RDONLY [pid 8564] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8560] <... open resumed>) = 4 [pid 8564] <... ioctl resumed>) = 0 [pid 8560] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8564] open("./file0", O_RDONLY [pid 8560] <... ioctl resumed>) = 0 [pid 8564] <... open resumed>) = 5 [ 134.446427][ T8567] BTRFS info (device loop2): disk space caching is enabled [ 134.451256][ T8566] BTRFS info (device loop1): enabling ssd optimizations [ 134.457004][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 134.470349][ T8566] BTRFS info (device loop1): auto enabling async discard [ 134.478098][ T8566] BTRFS info (device loop1): rebuilding free space tree [pid 8564] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8560] open("./file0", O_RDONLY) = 5 [pid 8560] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8560] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8564] <... ioctl resumed>) = 0 [pid 8560] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8564] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8560] exit_group(0 [pid 8564] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8560] <... exit_group resumed>) = ? [pid 8564] exit_group(0 [pid 8560] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8560, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- [ 134.530266][ T8565] BTRFS info (device loop3): enabling ssd optimizations [ 134.543831][ T12] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 8564] <... exit_group resumed>) = ? [pid 5069] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./32/binderfs") = 0 [pid 5069] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8564] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8564, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 134.581895][ T8565] BTRFS info (device loop3): auto enabling async discard [ 134.591040][ T8566] BTRFS info (device loop1): disabling free space tree [ 134.598144][ T8566] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.624090][ T8565] BTRFS info (device loop3): rebuilding free space tree [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./32/binderfs") = 0 [pid 5068] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [ 134.632057][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 134.683858][ T8566] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.685397][ T8567] BTRFS info (device loop2): enabling ssd optimizations [ 134.718867][ T8567] BTRFS info (device loop2): auto enabling async discard [ 134.720455][ T8565] BTRFS info (device loop3): disabling free space tree [pid 5064] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./32/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [ 134.740324][ T8567] BTRFS info (device loop2): rebuilding free space tree [ 134.745309][ T8566] BTRFS info (device loop1): checking UUID tree [ 134.779336][ T8567] BTRFS info (device loop2): disabling free space tree [pid 5064] rmdir("./32") = 0 [pid 5064] mkdir("./33", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5068] <... umount2 resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5068] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 134.786538][ T8567] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.796592][ T8565] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5064] close(3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./32/file0", [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8665 attached [pid 5069] <... umount2 resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8665] set_robust_list(0x555557145760, 24 [pid 5068] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8665 [pid 8665] <... set_robust_list resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8665] chdir("./33") = 0 [pid 8665] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8665] <... prctl resumed>) = 0 [pid 8665] setpgid(0, 0 [pid 8566] <... mount resumed>) = 0 [pid 8665] <... setpgid resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8566] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 8566] chdir("./file0" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] newfstatat(AT_FDCWD, "./32/file0", [pid 5068] getdents64(4, [pid 8566] <... chdir resumed>) = 0 [pid 8566] ioctl(4, LOOP_CLR_FD [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] getdents64(4, [pid 5069] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8566] <... ioctl resumed>) = 0 [pid 8566] close(4 [pid 5068] close(4 [pid 8566] <... close resumed>) = 0 [pid 8566] open("./file0", O_RDONLY) = 4 [pid 8566] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8665] <... openat resumed>) = 3 [pid 8665] write(3, "1000", 4 [pid 5068] <... close resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 8665] <... write resumed>) = 4 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8665] close(3) = 0 [pid 8665] symlink("/dev/binderfs", "./binderfs" [pid 5068] rmdir("./32/file0" [pid 8566] <... ioctl resumed>) = 0 [pid 5069] getdents64(4, [pid 8566] open("./file0", O_RDONLY [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8665] <... symlink resumed>) = 0 [pid 8566] <... open resumed>) = 5 [pid 5069] close(4 [pid 8566] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5069] rmdir("./32/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./32") = 0 [pid 5069] mkdir("./33", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 8665] memfd_create("syzkaller", 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8665] <... memfd_create resumed>) = 3 [pid 8665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] getdents64(3, [pid 8566] <... ioctl resumed>) = 0 [pid 8566] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8665] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8666 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8666 attached [pid 8566] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 134.832315][ T8565] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.860512][ T8567] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5068] close(3 [pid 8666] set_robust_list(0x555557145760, 24 [pid 8566] exit_group(0 [pid 5068] <... close resumed>) = 0 [pid 8666] <... set_robust_list resumed>) = 0 [pid 8566] <... exit_group resumed>) = ? [pid 8666] chdir("./33") = 0 [pid 8666] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8566] +++ exited with 0 +++ [pid 8666] <... prctl resumed>) = 0 [pid 8666] setpgid(0, 0) = 0 [pid 5068] rmdir("./32" [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8566, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 8666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] <... rmdir resumed>) = 0 [pid 8666] write(3, "1000", 4 [pid 5068] mkdir("./33", 0777 [pid 8666] <... write resumed>) = 4 [pid 8666] close(3) = 0 [pid 8666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8666] memfd_create("syzkaller", 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8666] <... memfd_create resumed>) = 3 [pid 5068] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] ioctl(3, LOOP_CLR_FD [pid 8666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] close(3 [pid 8666] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] newfstatat(3, "", ./strace-static-x86_64: Process 8667 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 134.922047][ T8565] BTRFS info (device loop3): checking UUID tree [ 134.927943][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 134.932076][ T8567] BTRFS info (device loop2): checking UUID tree [pid 8667] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 8667 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8667] <... set_robust_list resumed>) = 0 [pid 5065] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8667] chdir("./33" [pid 5065] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./32/binderfs") = 0 [pid 8565] <... mount resumed>) = 0 [pid 5065] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8565] chdir("./file0") = 0 [pid 8565] ioctl(4, LOOP_CLR_FD) = 0 [pid 8565] close(4) = 0 [pid 8565] open("./file0", O_RDONLY) = 4 [pid 8565] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8667] <... chdir resumed>) = 0 [pid 8667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8667] setpgid(0, 0) = 0 [pid 8565] <... ioctl resumed>) = 0 [pid 8565] open("./file0", O_RDONLY) = 5 [pid 8667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8567] <... mount resumed>) = 0 [pid 8565] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8667] <... openat resumed>) = 3 [pid 8667] write(3, "1000", 4 [pid 8567] <... openat resumed>) = 3 [pid 8565] <... ioctl resumed>) = 0 [pid 8567] chdir("./file0" [pid 8667] <... write resumed>) = 4 [pid 8567] <... chdir resumed>) = 0 [pid 8565] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8667] close(3 [pid 8567] ioctl(4, LOOP_CLR_FD [pid 8565] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8667] <... close resumed>) = 0 [pid 8567] <... ioctl resumed>) = 0 [pid 8565] exit_group(0) = ? [pid 8667] symlink("/dev/binderfs", "./binderfs" [pid 8567] close(4 [pid 8565] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8565, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5067] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8667] <... symlink resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 8567] <... close resumed>) = 0 [pid 5067] newfstatat(3, "", [pid 8567] open("./file0", O_RDONLY [pid 8667] memfd_create("syzkaller", 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8667] <... memfd_create resumed>) = 3 [pid 8667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8567] <... open resumed>) = 4 [pid 5067] getdents64(3, [pid 8667] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8567] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./32/binderfs") = 0 [pid 8567] <... ioctl resumed>) = 0 [ 135.102963][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 8567] open("./file0", O_RDONLY [pid 5067] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8567] <... open resumed>) = 5 [pid 8567] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8567] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8567] exit_group(0) = ? [pid 8567] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8567, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- [pid 5066] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 135.201169][ T76] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5065] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] unlink("./33/binderfs") = 0 [pid 5066] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./32/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./32") = 0 [pid 5065] mkdir("./33", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8672 ./strace-static-x86_64: Process 8672 attached [pid 8672] set_robust_list(0x555557145760, 24) = 0 [pid 8672] chdir("./33") = 0 [pid 8672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8672] setpgid(0, 0) = 0 [pid 8672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8672] <... openat resumed>) = 3 [pid 8672] write(3, "1000", 4) = 4 [pid 8672] close(3) = 0 [pid 8672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8672] memfd_create("syzkaller", 0) = 3 [pid 8672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./32/file0") = 0 [pid 5067] getdents64(3, [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./32") = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] mkdir("./33", 0777 [pid 5066] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3 [pid 5066] getdents64(4, [pid 5067] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8674 ./strace-static-x86_64: Process 8674 attached [pid 8674] set_robust_list(0x555557145760, 24) = 0 [pid 8674] chdir("./33") = 0 [pid 8674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8674] setpgid(0, 0) = 0 [pid 8674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] getdents64(4, [pid 8674] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] close(4 [pid 8674] write(3, "1000", 4 [pid 5066] <... close resumed>) = 0 [pid 8667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] rmdir("./33/file0" [pid 8674] <... write resumed>) = 4 [pid 8674] close(3) = 0 [pid 8674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8674] memfd_create("syzkaller", 0) = 3 [pid 8674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] close(3) = 0 [pid 5066] rmdir("./33") = 0 [pid 5066] mkdir("./34", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8675 attached [pid 8675] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 8675 [pid 8675] <... set_robust_list resumed>) = 0 [pid 8675] chdir("./34") = 0 [pid 8675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8675] setpgid(0, 0) = 0 [pid 8675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8675] write(3, "1000", 4) = 4 [pid 8675] close(3) = 0 [pid 8675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8675] memfd_create("syzkaller", 0) = 3 [pid 8675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8666] <... write resumed>) = 16777216 [pid 8666] munmap(0x7fda9371b000, 138412032) = 0 [pid 8665] <... write resumed>) = 16777216 [pid 8666] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 8665] munmap(0x7fda9371b000, 138412032 [pid 8666] <... openat resumed>) = 4 [pid 8665] <... munmap resumed>) = 0 [pid 8666] ioctl(4, LOOP_SET_FD, 3 [pid 8665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8666] <... ioctl resumed>) = 0 [pid 8665] ioctl(4, LOOP_SET_FD, 3 [pid 8666] close(3) = 0 [pid 8666] mkdir("./file0", 0777 [pid 8674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8666] <... mkdir resumed>) = 0 [ 136.159935][ T8666] loop5: detected capacity change from 0 to 32768 [ 136.195247][ T8665] loop0: detected capacity change from 0 to 32768 [pid 8666] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8665] <... ioctl resumed>) = 0 [pid 8665] close(3) = 0 [pid 8665] mkdir("./file0", 0777) = 0 [ 136.206003][ T8666] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8666) [pid 8665] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8672] <... write resumed>) = 16777216 [ 136.271524][ T8665] BTRFS: device /dev/loop0 using temp-fsid 8608d7af-c624-402f-b111-998a7ba11067 [ 136.292327][ T8666] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8667] <... write resumed>) = 16777216 [pid 8672] munmap(0x7fda9371b000, 138412032 [pid 8667] munmap(0x7fda9371b000, 138412032 [pid 8672] <... munmap resumed>) = 0 [pid 8667] <... munmap resumed>) = 0 [pid 8672] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8667] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 8672] <... openat resumed>) = 4 [pid 8667] <... openat resumed>) = 4 [pid 8672] ioctl(4, LOOP_SET_FD, 3 [ 136.318876][ T8665] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8665) [ 136.331916][ T8666] BTRFS info (device loop5): force clearing of disk cache [ 136.358635][ T8666] BTRFS info (device loop5): setting nodatasum [pid 8667] ioctl(4, LOOP_SET_FD, 3 [pid 8672] <... ioctl resumed>) = 0 [pid 8672] close(3) = 0 [pid 8672] mkdir("./file0", 0777) = 0 [ 136.371830][ T8672] loop1: detected capacity change from 0 to 32768 [ 136.378542][ T8667] loop4: detected capacity change from 0 to 32768 [ 136.388231][ T8665] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 136.409523][ T8666] BTRFS info (device loop5): allowing degraded mounts [pid 8672] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8667] <... ioctl resumed>) = 0 [pid 8667] close(3) = 0 [pid 8667] mkdir("./file0", 0777 [pid 8675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8667] <... mkdir resumed>) = 0 [ 136.416408][ T8672] BTRFS: device /dev/loop1 using temp-fsid a2f1cf51-852a-44a5-9a84-eed1a1d5b087 [ 136.425945][ T8666] BTRFS info (device loop5): enabling disk space caching [ 136.433304][ T8665] BTRFS info (device loop0): force clearing of disk cache [ 136.440801][ T8666] BTRFS info (device loop5): disk space caching is enabled [ 136.448082][ T8672] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8672) [ 136.467826][ T8665] BTRFS info (device loop0): setting nodatasum [ 136.477479][ T8665] BTRFS info (device loop0): allowing degraded mounts [ 136.487311][ T8667] BTRFS: device /dev/loop4 using temp-fsid 43862939-4dc1-4d3c-8b99-28d3b6ba19a2 [ 136.498090][ T8672] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 136.517478][ T8667] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8667) [ 136.537748][ T8665] BTRFS info (device loop0): enabling disk space caching [ 136.545038][ T8672] BTRFS info (device loop1): force clearing of disk cache [ 136.545636][ T8665] BTRFS info (device loop0): disk space caching is enabled [ 136.570148][ T8667] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 136.587334][ T8672] BTRFS info (device loop1): setting nodatasum [ 136.587711][ T8666] BTRFS info (device loop5): enabling ssd optimizations [ 136.594924][ T8672] BTRFS info (device loop1): allowing degraded mounts [pid 8667] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8674] <... write resumed>) = 16777216 [ 136.619703][ T8666] BTRFS info (device loop5): auto enabling async discard [ 136.619798][ T8667] BTRFS info (device loop4): force clearing of disk cache [ 136.627495][ T8666] BTRFS info (device loop5): rebuilding free space tree [ 136.642369][ T8672] BTRFS info (device loop1): enabling disk space caching [ 136.657708][ T8667] BTRFS info (device loop4): setting nodatasum [ 136.665510][ T8666] BTRFS info (device loop5): disabling free space tree [pid 8674] munmap(0x7fda9371b000, 138412032) = 0 [pid 8674] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 8674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8674] close(3) = 0 [pid 8674] mkdir("./file0", 0777) = 0 [ 136.668972][ T8667] BTRFS info (device loop4): allowing degraded mounts [ 136.672973][ T8672] BTRFS info (device loop1): disk space caching is enabled [ 136.681120][ T8674] loop3: detected capacity change from 0 to 32768 [ 136.690392][ T8665] BTRFS info (device loop0): enabling ssd optimizations [ 136.693065][ T8666] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8674] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8666] <... mount resumed>) = 0 [pid 8665] <... mount resumed>) = 0 [pid 8666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8666] <... openat resumed>) = 3 [pid 8665] <... openat resumed>) = 3 [pid 8666] chdir("./file0") = 0 [pid 8665] chdir("./file0") = 0 [pid 8666] ioctl(4, LOOP_CLR_FD [pid 8665] ioctl(4, LOOP_CLR_FD [pid 8666] <... ioctl resumed>) = 0 [pid 8665] <... ioctl resumed>) = 0 [pid 8666] close(4 [pid 8665] close(4 [pid 8666] <... close resumed>) = 0 [pid 8665] <... close resumed>) = 0 [pid 8666] open("./file0", O_RDONLY [pid 8665] open("./file0", O_RDONLY [pid 8666] <... open resumed>) = 4 [pid 8665] <... open resumed>) = 4 [pid 8666] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 136.720700][ T8674] BTRFS: device /dev/loop3 using temp-fsid b7b9c207-95e6-4eb3-92db-8cdaac017a46 [ 136.735811][ T8674] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8674) [pid 8665] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8666] <... ioctl resumed>) = 0 [pid 8666] open("./file0", O_RDONLY) = 5 [pid 8666] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8666] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8665] open("./file0", O_RDONLY [pid 8666] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8665] <... open resumed>) = 5 [pid 8666] exit_group(0) = ? [pid 8666] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8666, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 8665] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8665] <... ioctl resumed>) = 0 [pid 5069] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8665] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8665] exit_group(0 [pid 8675] <... write resumed>) = 16777216 [pid 8665] <... exit_group resumed>) = ? [pid 5069] newfstatat(AT_FDCWD, "./33/binderfs", [pid 8675] munmap(0x7fda9371b000, 138412032 [pid 8665] +++ exited with 0 +++ [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8665, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] unlink("./33/binderfs" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... unlink resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8675] <... munmap resumed>) = 0 [pid 5069] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8675] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./33/binderfs", [pid 8675] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8675] ioctl(4, LOOP_SET_FD, 3 [pid 5064] unlink("./33/binderfs") = 0 [pid 8672] <... mount resumed>) = 0 [pid 5064] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8667] <... mount resumed>) = 0 [pid 8675] <... ioctl resumed>) = 0 [pid 8672] <... openat resumed>) = 3 [pid 8667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8675] close(3 [pid 8672] chdir("./file0" [pid 8667] <... openat resumed>) = 3 [pid 8675] <... close resumed>) = 0 [pid 8675] mkdir("./file0", 0777) = 0 [pid 8675] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8672] <... chdir resumed>) = 0 [pid 8667] chdir("./file0" [pid 8672] ioctl(4, LOOP_CLR_FD) = 0 [pid 8667] <... chdir resumed>) = 0 [pid 8672] close(4) = 0 [pid 8672] open("./file0", O_RDONLY [pid 8667] ioctl(4, LOOP_CLR_FD [pid 8672] <... open resumed>) = 4 [pid 8667] <... ioctl resumed>) = 0 [ 136.870949][ T8675] loop2: detected capacity change from 0 to 32768 [pid 8667] close(4 [pid 8672] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8667] <... close resumed>) = 0 [pid 8667] open("./file0", O_RDONLY) = 4 [pid 8672] <... ioctl resumed>) = 0 [pid 8672] open("./file0", O_RDONLY) = 5 [pid 8667] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = 0 [pid 8667] <... ioctl resumed>) = 0 [ 136.926386][ T8675] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8675) [pid 8672] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8667] open("./file0", O_RDONLY) = 5 [pid 8667] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8667] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8667] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] newfstatat(AT_FDCWD, "./33/file0", [pid 8667] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8667] exit_group(0 [pid 5069] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8667] <... exit_group resumed>) = ? [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8667] +++ exited with 0 +++ [pid 5069] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8667, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [pid 5068] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(4, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8672] <... ioctl resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] getdents64(4, [pid 5068] <... openat resumed>) = 3 [pid 8672] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] newfstatat(3, "", [pid 8672] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] getdents64(4, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8672] exit_group(0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] getdents64(3, [pid 8672] <... exit_group resumed>) = ? [pid 5069] close(4 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8672] +++ exited with 0 +++ [pid 5069] <... close resumed>) = 0 [pid 5068] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8672, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- [pid 5069] rmdir("./33/file0" [pid 5068] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5065] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] unlink("./33/binderfs" [pid 5065] <... openat resumed>) = 3 [pid 5068] <... unlink resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5069] getdents64(3, [pid 5068] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(3, [pid 5064] <... umount2 resumed>) = 0 [pid 5069] close(3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... close resumed>) = 0 [pid 5065] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] rmdir("./33" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... rmdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5069] mkdir("./34", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... mkdir resumed>) = 0 [pid 5065] unlink("./33/binderfs" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5065] <... unlink resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./33/file0", [pid 5065] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./33/file0" [pid 5069] <... openat resumed>) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5064] close(3) = 0 [pid 5069] close(3 [pid 5064] rmdir("./33" [pid 5069] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./34", 0777 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 8773 attached [pid 5064] close(3 [pid 8773] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... close resumed>) = 0 [pid 8773] chdir("./34" [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8773 [pid 8773] <... chdir resumed>) = 0 [pid 8773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8776 ./strace-static-x86_64: Process 8776 attached [pid 8776] set_robust_list(0x555557145760, 24 [pid 8773] setpgid(0, 0 [pid 8776] <... set_robust_list resumed>) = 0 [pid 8776] chdir("./34" [pid 8773] <... setpgid resumed>) = 0 [pid 8674] <... mount resumed>) = 0 [pid 8674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8776] <... chdir resumed>) = 0 [pid 8773] <... openat resumed>) = 3 [pid 8674] <... openat resumed>) = 3 [pid 8776] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 8674] chdir("./file0" [pid 8776] <... prctl resumed>) = 0 [pid 8674] <... chdir resumed>) = 0 [pid 8776] setpgid(0, 0) = 0 [pid 8674] ioctl(4, LOOP_CLR_FD [pid 8776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8773] write(3, "1000", 4 [pid 8674] <... ioctl resumed>) = 0 [pid 8674] close(4 [pid 8776] <... openat resumed>) = 3 [pid 8773] <... write resumed>) = 4 [pid 8674] <... close resumed>) = 0 [pid 8773] close(3) = 0 [pid 8776] write(3, "1000", 4 [pid 8773] symlink("/dev/binderfs", "./binderfs" [pid 8674] open("./file0", O_RDONLY [pid 8776] <... write resumed>) = 4 [pid 8773] <... symlink resumed>) = 0 [pid 8674] <... open resumed>) = 4 [pid 8776] close(3 [pid 8773] memfd_create("syzkaller", 0 [pid 8674] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8776] <... close resumed>) = 0 [pid 8776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8773] <... memfd_create resumed>) = 3 [pid 8776] memfd_create("syzkaller", 0 [pid 8773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8776] <... memfd_create resumed>) = 3 [pid 8773] <... mmap resumed>) = 0x7fda9371b000 [pid 8776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8675] <... mount resumed>) = 0 [pid 8674] <... ioctl resumed>) = 0 [pid 8675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8674] open("./file0", O_RDONLY [pid 8675] <... openat resumed>) = 3 [pid 8674] <... open resumed>) = 5 [pid 8674] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8675] chdir("./file0") = 0 [pid 8675] ioctl(4, LOOP_CLR_FD) = 0 [pid 8675] close(4) = 0 [pid 8675] open("./file0", O_RDONLY) = 4 [pid 8675] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8674] <... ioctl resumed>) = 0 [pid 8674] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... umount2 resumed>) = 0 [pid 8674] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8674] exit_group(0) = ? [pid 8675] <... ioctl resumed>) = 0 [pid 8674] +++ exited with 0 +++ [pid 5065] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 8675] open("./file0", O_RDONLY [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8674, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./33/file0" [pid 8675] <... open resumed>) = 5 [pid 8675] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./33" [pid 8675] <... ioctl resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./34", 0777 [pid 5067] <... openat resumed>) = 3 [pid 8675] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] newfstatat(3, "", [pid 8675] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] getdents64(3, [pid 8675] exit_group(0) = ? [pid 5068] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8675] +++ exited with 0 +++ [pid 5068] newfstatat(AT_FDCWD, "./33/file0", [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8778 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8675, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- ./strace-static-x86_64: Process 8778 attached [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8778] set_robust_list(0x555557145760, 24 [pid 5068] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5066] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 4 [pid 5066] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8778] <... set_robust_list resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5068] newfstatat(4, "", [pid 8778] chdir("./34") = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(3, "", [pid 8778] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] getdents64(4, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8778] <... prctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(3, [pid 8778] setpgid(0, 0 [pid 5068] getdents64(4, [pid 5067] unlink("./33/binderfs" [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... unlink resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(4 [pid 5066] newfstatat(AT_FDCWD, "./34/binderfs", [pid 8778] <... setpgid resumed>) = 0 [pid 8778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8778] <... openat resumed>) = 3 [pid 5066] unlink("./34/binderfs" [pid 8778] write(3, "1000", 4 [pid 5066] <... unlink resumed>) = 0 [pid 8778] <... write resumed>) = 4 [pid 8778] close(3) = 0 [pid 8778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8778] memfd_create("syzkaller", 0) = 3 [pid 5068] <... close resumed>) = 0 [pid 5067] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] rmdir("./33/file0" [pid 8778] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./33") = 0 [pid 5068] mkdir("./34", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8781 attached , child_tidptr=0x555557145750) = 8781 [pid 8781] set_robust_list(0x555557145760, 24) = 0 [pid 8781] chdir("./34") = 0 [pid 8781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8781] setpgid(0, 0) = 0 [pid 8781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8781] write(3, "1000", 4) = 4 [pid 8781] close(3) = 0 [pid 8781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8781] memfd_create("syzkaller", 0) = 3 [pid 8781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./34/file0", [pid 5067] <... umount2 resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] close(4) = 0 [pid 5066] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] rmdir("./33/file0" [pid 5066] <... openat resumed>) = 4 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5067] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(4, [pid 5067] close(3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... close resumed>) = 0 [pid 5066] getdents64(4, [pid 5067] rmdir("./33" [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] close(4 [pid 5067] mkdir("./34", 0777 [pid 5066] <... close resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5066] rmdir("./34/file0" [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5067] close(3 [pid 5066] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5066] rmdir("./34" [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./35", 0777 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 8782 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8783 attached , child_tidptr=0x555557145750) = 8783 [pid 8783] set_robust_list(0x555557145760, 24) = 0 [pid 8783] chdir("./35"./strace-static-x86_64: Process 8782 attached ) = 0 [pid 8782] set_robust_list(0x555557145760, 24 [pid 8783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8782] <... set_robust_list resumed>) = 0 [pid 8783] setpgid(0, 0) = 0 [pid 8782] chdir("./34" [pid 8783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8782] <... chdir resumed>) = 0 [pid 8783] <... openat resumed>) = 3 [pid 8783] write(3, "1000", 4) = 4 [pid 8783] close(3) = 0 [pid 8783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8783] memfd_create("syzkaller", 0) = 3 [pid 8783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8782] setpgid(0, 0) = 0 [pid 8782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8782] write(3, "1000", 4) = 4 [pid 8782] close(3) = 0 [pid 8782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8782] memfd_create("syzkaller", 0) = 3 [pid 8782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8776] <... write resumed>) = 16777216 [pid 8776] munmap(0x7fda9371b000, 138412032 [pid 8773] <... write resumed>) = 16777216 [pid 8776] <... munmap resumed>) = 0 [pid 8776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8773] munmap(0x7fda9371b000, 138412032 [pid 8776] ioctl(4, LOOP_SET_FD, 3 [pid 8773] <... munmap resumed>) = 0 [pid 8782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8776] <... ioctl resumed>) = 0 [pid 8776] close(3) = 0 [pid 8773] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 8776] mkdir("./file0", 0777 [ 138.506008][ T8776] loop0: detected capacity change from 0 to 32768 [pid 8773] ioctl(4, LOOP_SET_FD, 3 [pid 8776] <... mkdir resumed>) = 0 [pid 8776] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8773] <... ioctl resumed>) = 0 [pid 8773] close(3) = 0 [pid 8773] mkdir("./file0", 0777) = 0 [ 138.550336][ T8773] loop5: detected capacity change from 0 to 32768 [ 138.560362][ T8776] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8776) [pid 8773] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8778] <... write resumed>) = 16777216 [pid 8778] munmap(0x7fda9371b000, 138412032) = 0 [pid 8778] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 138.624185][ T8773] BTRFS: device /dev/loop5 using temp-fsid 415304c1-3066-45af-89c6-ec47ea9efdf3 [ 138.651038][ T8773] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8773) [pid 8778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8778] close(3) = 0 [pid 8778] mkdir("./file0", 0777) = 0 [ 138.704039][ T8778] loop1: detected capacity change from 0 to 32768 [pid 8778] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8781] <... write resumed>) = 16777216 [pid 8781] munmap(0x7fda9371b000, 138412032) = 0 [pid 8781] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 138.757414][ T8778] BTRFS: device /dev/loop1 using temp-fsid d36beab3-d008-4851-809c-e9abcae19322 [ 138.773675][ T8778] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8778) [pid 8781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8781] close(3) = 0 [pid 8781] mkdir("./file0", 0777) = 0 [ 138.803408][ T8781] loop4: detected capacity change from 0 to 32768 [pid 8781] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8782] <... write resumed>) = 16777216 [pid 8782] munmap(0x7fda9371b000, 138412032) = 0 [pid 8773] <... mount resumed>) = 0 [pid 8773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8773] chdir("./file0" [pid 8782] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8773] <... chdir resumed>) = 0 [pid 8782] <... openat resumed>) = 4 [ 138.829582][ T8781] BTRFS: device /dev/loop4 using temp-fsid 8721fe76-8d8b-4ce3-9a03-dcbd7b2b1dc4 [ 138.838646][ T8781] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8781) [pid 8773] ioctl(4, LOOP_CLR_FD [pid 8782] ioctl(4, LOOP_SET_FD, 3 [pid 8776] <... mount resumed>) = 0 [pid 8773] <... ioctl resumed>) = 0 [pid 8782] <... ioctl resumed>) = 0 [pid 8776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8773] close(4 [pid 8776] <... openat resumed>) = 3 [pid 8773] <... close resumed>) = 0 [pid 8773] open("./file0", O_RDONLY [pid 8776] chdir("./file0" [pid 8773] <... open resumed>) = 4 [pid 8776] <... chdir resumed>) = 0 [pid 8773] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8776] ioctl(4, LOOP_CLR_FD [pid 8783] <... write resumed>) = 16777216 [pid 8782] close(3 [pid 8776] <... ioctl resumed>) = 0 [pid 8783] munmap(0x7fda9371b000, 138412032 [pid 8782] <... close resumed>) = 0 [pid 8776] close(4 [pid 8773] <... ioctl resumed>) = 0 [pid 8783] <... munmap resumed>) = 0 [pid 8782] mkdir("./file0", 0777 [pid 8776] <... close resumed>) = 0 [pid 8773] open("./file0", O_RDONLY [pid 8782] <... mkdir resumed>) = 0 [pid 8776] open("./file0", O_RDONLY [pid 8773] <... open resumed>) = 5 [pid 8773] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8782] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 138.890197][ T8782] loop3: detected capacity change from 0 to 32768 [pid 8783] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8776] <... open resumed>) = 4 [pid 8783] ioctl(4, LOOP_SET_FD, 3 [pid 8776] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8773] <... ioctl resumed>) = 0 [pid 8773] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8773] exit_group(0) = ? [pid 8773] +++ exited with 0 +++ [pid 8783] <... ioctl resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8773, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=17 /* 0.17 s */} --- [pid 8783] close(3) = 0 [pid 8783] mkdir("./file0", 0777 [pid 8776] <... ioctl resumed>) = 0 [pid 8783] <... mkdir resumed>) = 0 [pid 5069] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 8776] open("./file0", O_RDONLY [pid 5069] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8783] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8776] <... open resumed>) = 5 [pid 5069] <... openat resumed>) = 3 [pid 8776] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./34/binderfs") = 0 [pid 5069] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8778] <... mount resumed>) = 0 [pid 8778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 138.938028][ T8782] BTRFS: device /dev/loop3 using temp-fsid a0e0140c-4772-41a9-9ce5-6992125c6bbb [ 138.949292][ T8783] loop2: detected capacity change from 0 to 32768 [ 138.951988][ T8782] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8782) [pid 8778] chdir("./file0") = 0 [pid 8778] ioctl(4, LOOP_CLR_FD) = 0 [pid 8778] close(4 [pid 8776] <... ioctl resumed>) = 0 [pid 8778] <... close resumed>) = 0 [pid 8778] open("./file0", O_RDONLY [pid 8776] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8778] <... open resumed>) = 4 [pid 8778] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8776] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 138.999038][ T8783] BTRFS: device /dev/loop2 using temp-fsid e9184ca8-4305-465a-a30b-d320c0bbac2b [ 139.011433][ T8782] _btrfs_printk: 108 callbacks suppressed [ 139.011445][ T8782] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 139.033662][ T8783] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8783) [ 139.046742][ T8782] BTRFS info (device loop3): force clearing of disk cache [ 139.058249][ T8781] BTRFS info (device loop4): checking UUID tree [ 139.066784][ T76] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 139.070972][ T8782] BTRFS info (device loop3): setting nodatasum [ 139.080859][ T8783] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 139.084470][ T8782] BTRFS info (device loop3): allowing degraded mounts [pid 8776] exit_group(0) = ? [pid 8781] <... mount resumed>) = 0 [pid 8778] <... ioctl resumed>) = 0 [pid 8776] +++ exited with 0 +++ [pid 8781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8778] open("./file0", O_RDONLY) = 5 [pid 8781] <... openat resumed>) = 3 [pid 8778] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8781] chdir("./file0" [pid 8778] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8781] <... chdir resumed>) = 0 [pid 8778] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8776, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 8781] close(4 [pid 8778] exit_group(0 [pid 5064] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8781] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8778] <... exit_group resumed>) = ? [pid 5064] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8781] open("./file0", O_RDONLY [pid 5064] <... openat resumed>) = 3 [ 139.098482][ T8783] BTRFS info (device loop2): force clearing of disk cache [ 139.101427][ T8782] BTRFS info (device loop3): enabling disk space caching [ 139.107732][ T8783] BTRFS info (device loop2): setting nodatasum [ 139.116838][ T8782] BTRFS info (device loop3): disk space caching is enabled [ 139.140863][ T8783] BTRFS info (device loop2): allowing degraded mounts [pid 8781] <... open resumed>) = 4 [pid 8778] +++ exited with 0 +++ [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8781] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8778, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] unlink("./34/binderfs") = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8781] <... ioctl resumed>) = 0 [pid 5065] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8781] open("./file0", O_RDONLY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 139.150284][ T8783] BTRFS info (device loop2): enabling disk space caching [ 139.157723][ T8783] BTRFS info (device loop2): disk space caching is enabled [pid 8781] <... open resumed>) = 5 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5069] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./34/file0", [pid 8781] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] unlink("./34/binderfs" [pid 5069] <... openat resumed>) = 4 [pid 5065] <... unlink resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 8781] <... ioctl resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 8781] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [ 139.193468][ T76] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5069] rmdir("./34/file0" [pid 8781] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... rmdir resumed>) = 0 [pid 8781] exit_group(0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8781] <... exit_group resumed>) = ? [pid 8781] +++ exited with 0 +++ [pid 5069] close(3) = 0 [pid 5069] rmdir("./34") = 0 [pid 5069] mkdir("./35", 0777) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8781, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3 [pid 5068] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./34/binderfs"./strace-static-x86_64: Process 8872 attached [pid 8872] set_robust_list(0x555557145760, 24) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 8872] chdir("./35" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 8872 [pid 5068] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8872] <... chdir resumed>) = 0 [pid 8872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8872] setpgid(0, 0) = 0 [pid 8872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8872] write(3, "1000", 4 [pid 5064] <... umount2 resumed>) = 0 [pid 8872] <... write resumed>) = 4 [pid 5064] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8872] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8872] <... close resumed>) = 0 [pid 8872] symlink("/dev/binderfs", "./binderfs" [ 139.284351][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5064] newfstatat(AT_FDCWD, "./34/file0", [pid 8872] <... symlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8872] memfd_create("syzkaller", 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8872] <... memfd_create resumed>) = 3 [pid 5064] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... openat resumed>) = 4 [pid 8872] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./34/file0" [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5065] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 5064] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(4, [pid 5064] close(3 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./34" [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./34/file0" [pid 5064] <... rmdir resumed>) = 0 [ 139.413888][ T8783] BTRFS info (device loop2): enabling ssd optimizations [ 139.451058][ T8782] BTRFS info (device loop3): enabling ssd optimizations [pid 5065] <... rmdir resumed>) = 0 [pid 5064] mkdir("./35", 0777 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5065] rmdir("./34") = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] mkdir("./35", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8884 attached ./strace-static-x86_64: Process 8883 attached [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 8883 [pid 8884] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8884 [pid 8884] chdir("./35" [pid 8883] set_robust_list(0x555557145760, 24 [pid 8884] <... chdir resumed>) = 0 [pid 8883] <... set_robust_list resumed>) = 0 [pid 8884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8883] chdir("./35" [pid 5068] <... umount2 resumed>) = 0 [pid 8884] setpgid(0, 0 [pid 8883] <... chdir resumed>) = 0 [pid 5068] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8884] <... setpgid resumed>) = 0 [pid 8884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 8883] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8883] <... prctl resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./34/file0", [pid 8884] <... openat resumed>) = 3 [pid 8883] setpgid(0, 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8883] <... setpgid resumed>) = 0 [ 139.458055][ T8782] BTRFS info (device loop3): auto enabling async discard [ 139.469785][ T8783] BTRFS info (device loop2): auto enabling async discard [ 139.490651][ T8783] BTRFS info (device loop2): rebuilding free space tree [pid 5068] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8884] write(3, "1000", 4 [pid 8883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8884] <... write resumed>) = 4 [pid 8883] <... openat resumed>) = 3 [pid 5068] <... openat resumed>) = 4 [pid 8883] write(3, "1000", 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8883] <... write resumed>) = 4 [pid 5068] getdents64(4, [pid 8883] close(3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8883] <... close resumed>) = 0 [pid 5068] getdents64(4, [pid 8883] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8883] <... symlink resumed>) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./34/file0") = 0 [pid 8883] memfd_create("syzkaller", 0 [pid 5068] getdents64(3, [pid 8883] <... memfd_create resumed>) = 3 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] close(3) = 0 [pid 8884] close(3 [pid 5068] rmdir("./34" [pid 8884] <... close resumed>) = 0 [pid 8872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... rmdir resumed>) = 0 [pid 8884] symlink("/dev/binderfs", "./binderfs" [pid 8883] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] mkdir("./35", 0777 [pid 8884] <... symlink resumed>) = 0 [pid 8884] memfd_create("syzkaller", 0 [pid 5068] <... mkdir resumed>) = 0 [pid 8884] <... memfd_create resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 8884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] close(3 [pid 8884] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... close resumed>) = 0 [ 139.549197][ T8782] BTRFS info (device loop3): rebuilding free space tree [ 139.561866][ T8783] BTRFS info (device loop2): disabling free space tree [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8885 ./strace-static-x86_64: Process 8885 attached [pid 8885] set_robust_list(0x555557145760, 24) = 0 [pid 8885] chdir("./35") = 0 [pid 8885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8885] setpgid(0, 0) = 0 [ 139.603595][ T8783] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 139.618385][ T8782] BTRFS info (device loop3): disabling free space tree [ 139.638808][ T8783] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8885] write(3, "1000", 4) = 4 [pid 8885] close(3) = 0 [pid 8885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8885] memfd_create("syzkaller", 0) = 3 [pid 8885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 139.649208][ T8782] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 139.708795][ T8782] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 139.742548][ T8783] BTRFS info (device loop2): checking UUID tree [ 139.779931][ T8782] BTRFS info (device loop3): checking UUID tree [pid 8783] <... mount resumed>) = 0 [pid 8782] <... mount resumed>) = 0 [pid 8782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8782] <... openat resumed>) = 3 [pid 8782] chdir("./file0" [pid 8783] chdir("./file0" [pid 8782] <... chdir resumed>) = 0 [pid 8783] <... chdir resumed>) = 0 [pid 8782] ioctl(4, LOOP_CLR_FD [pid 8783] ioctl(4, LOOP_CLR_FD) = 0 [pid 8783] close(4 [pid 8782] <... ioctl resumed>) = 0 [pid 8783] <... close resumed>) = 0 [pid 8783] open("./file0", O_RDONLY [pid 8782] close(4) = 0 [pid 8783] <... open resumed>) = 4 [pid 8783] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8782] open("./file0", O_RDONLY) = 4 [pid 8782] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8783] <... ioctl resumed>) = 0 [ 140.005544][ T76] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 8783] open("./file0", O_RDONLY) = 5 [pid 8782] open("./file0", O_RDONLY [pid 8783] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8782] <... open resumed>) = 5 [pid 8782] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8782] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8783] <... ioctl resumed>) = 0 [pid 8782] exit_group(0) = ? [pid 8782] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8782, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 8883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8783] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8783] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8783] exit_group(0 [pid 5067] <... openat resumed>) = 3 [pid 8783] <... exit_group resumed>) = ? [pid 8783] +++ exited with 0 +++ [ 140.086117][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5067] newfstatat(3, "", [pid 8884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8783, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5066] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(3, "", [pid 5067] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(3, [pid 5067] unlink("./34/binderfs" [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... unlink resumed>) = 0 [pid 5066] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8872] <... write resumed>) = 16777216 [pid 5066] unlink("./35/binderfs") = 0 [pid 8885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8872] munmap(0x7fda9371b000, 138412032) = 0 [pid 8872] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 8872] ioctl(4, LOOP_SET_FD, 3) = 0 [ 140.313418][ T8872] loop5: detected capacity change from 0 to 32768 [pid 8872] close(3) = 0 [pid 8872] mkdir("./file0", 0777) = 0 [ 140.382093][ T8872] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8872) [pid 8872] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5067] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./35/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 140.448589][ T8872] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 140.475903][ T8872] BTRFS info (device loop5): force clearing of disk cache [pid 5066] rmdir("./35" [pid 5067] newfstatat(AT_FDCWD, "./34/file0", [pid 5066] <... rmdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] mkdir("./36", 0777 [pid 5067] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5067] getdents64(4, [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... ioctl resumed>) = 0 [pid 5067] getdents64(4, [pid 5066] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... close resumed>) = 0 [pid 5067] close(4 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./34/file0" [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 8891 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 8891 attached [pid 5067] close(3) = 0 [pid 5067] rmdir("./34") = 0 [pid 5067] mkdir("./35", 0777) = 0 [pid 8891] set_robust_list(0x555557145760, 24 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 8891] <... set_robust_list resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 8891] chdir("./36" [pid 5067] ioctl(3, LOOP_CLR_FD [pid 8891] <... chdir resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 8891] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] close(3 [pid 8891] <... prctl resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 8891] setpgid(0, 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 8891] <... setpgid resumed>) = 0 [pid 8891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 8892 [pid 8891] <... openat resumed>) = 3 ./strace-static-x86_64: Process 8892 attached [ 140.532689][ T8872] BTRFS info (device loop5): setting nodatasum [ 140.560443][ T8872] BTRFS info (device loop5): allowing degraded mounts [pid 8891] write(3, "1000", 4 [pid 8892] set_robust_list(0x555557145760, 24 [pid 8891] <... write resumed>) = 4 [pid 8891] close(3) = 0 [pid 8891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8892] <... set_robust_list resumed>) = 0 [pid 8891] memfd_create("syzkaller", 0 [pid 8892] chdir("./35" [pid 8891] <... memfd_create resumed>) = 3 [pid 8892] <... chdir resumed>) = 0 [pid 8891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 140.606191][ T8872] BTRFS info (device loop5): enabling disk space caching [pid 8892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8892] setpgid(0, 0) = 0 [pid 8892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8892] write(3, "1000", 4) = 4 [ 140.653520][ T8872] BTRFS info (device loop5): disk space caching is enabled [pid 8892] close(3) = 0 [pid 8892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8892] memfd_create("syzkaller", 0) = 3 [pid 8892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8884] <... write resumed>) = 16777216 [pid 8884] munmap(0x7fda9371b000, 138412032) = 0 [pid 8892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8884] ioctl(4, LOOP_SET_FD, 3 [pid 8883] <... write resumed>) = 16777216 [pid 8883] munmap(0x7fda9371b000, 138412032) = 0 [pid 8883] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 8883] ioctl(4, LOOP_SET_FD, 3 [pid 8884] <... ioctl resumed>) = 0 [pid 8883] <... ioctl resumed>) = 0 [pid 8884] close(3) = 0 [pid 8884] mkdir("./file0", 0777) = 0 [ 140.891932][ T8884] loop0: detected capacity change from 0 to 32768 [ 140.920118][ T8883] loop1: detected capacity change from 0 to 32768 [pid 8884] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8883] close(3 [pid 8891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8883] <... close resumed>) = 0 [pid 8883] mkdir("./file0", 0777) = 0 [ 140.941121][ T8884] BTRFS: device /dev/loop0 using temp-fsid 09006ef1-0a50-4f1f-8267-e3948655e638 [pid 8883] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8885] <... write resumed>) = 16777216 [ 141.021847][ T8884] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8884) [pid 8885] munmap(0x7fda9371b000, 138412032) = 0 [pid 8885] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 141.092240][ T8883] BTRFS: device /dev/loop1 using temp-fsid 391d8290-a576-4f00-831f-4a7956d8d1c1 [ 141.108889][ T8884] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 141.124380][ T8885] loop4: detected capacity change from 0 to 32768 [ 141.131395][ T8872] BTRFS info (device loop5): enabling ssd optimizations [pid 8885] ioctl(4, LOOP_SET_FD, 3) = 0 [ 141.169837][ T8872] BTRFS info (device loop5): auto enabling async discard [ 141.178052][ T8883] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8883) [ 141.188910][ T8884] BTRFS info (device loop0): force clearing of disk cache [ 141.198631][ T8884] BTRFS info (device loop0): setting nodatasum [ 141.208848][ T8884] BTRFS info (device loop0): allowing degraded mounts [pid 8885] close(3) = 0 [pid 8891] <... write resumed>) = 16777216 [pid 8885] mkdir("./file0", 0777) = 0 [pid 8891] munmap(0x7fda9371b000, 138412032 [pid 8885] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8891] <... munmap resumed>) = 0 [ 141.209127][ T8872] BTRFS info (device loop5): rebuilding free space tree [ 141.215641][ T8884] BTRFS info (device loop0): enabling disk space caching [ 141.242214][ T8884] BTRFS info (device loop0): disk space caching is enabled [ 141.250004][ T8883] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 141.260710][ T8885] BTRFS: device /dev/loop4 using temp-fsid b0d09b2a-3c78-4f76-a418-ee3c3335e808 [pid 8891] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 8891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8891] close(3) = 0 [pid 8891] mkdir("./file0", 0777) = 0 [ 141.277017][ T8883] BTRFS info (device loop1): force clearing of disk cache [ 141.284737][ T8885] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (8885) [ 141.299335][ T8891] loop2: detected capacity change from 0 to 32768 [ 141.299373][ T8872] BTRFS info (device loop5): disabling free space tree [ 141.306544][ T8883] BTRFS info (device loop1): setting nodatasum [ 141.323816][ T8891] BTRFS: device /dev/loop2 using temp-fsid 6d582e48-07f5-484f-8ce1-bc1e7885ee40 [ 141.336472][ T8883] BTRFS info (device loop1): allowing degraded mounts [ 141.343371][ T8883] BTRFS info (device loop1): enabling disk space caching [ 141.350475][ T8883] BTRFS info (device loop1): disk space caching is enabled [ 141.352529][ T8885] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 141.359014][ T8872] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 141.377955][ T8872] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 141.381714][ T8891] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (8891) [ 141.390328][ T8885] BTRFS info (device loop4): force clearing of disk cache [ 141.407874][ T8885] BTRFS info (device loop4): setting nodatasum [ 141.414271][ T8885] BTRFS info (device loop4): allowing degraded mounts [pid 8891] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8872] <... mount resumed>) = 0 [pid 8872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8872] chdir("./file0") = 0 [pid 8872] ioctl(4, LOOP_CLR_FD) = 0 [pid 8872] close(4) = 0 [pid 8872] open("./file0", O_RDONLY) = 4 [pid 8872] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8872] open("./file0", O_RDONLY) = 5 [pid 8872] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8872] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8872] exit_group(0) = ? [ 141.424417][ T8885] BTRFS info (device loop4): enabling disk space caching [ 141.431964][ T8872] BTRFS info (device loop5): checking UUID tree [ 141.443177][ T8885] BTRFS info (device loop4): disk space caching is enabled [pid 8872] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8872, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- [pid 5069] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./35/binderfs") = 0 [ 141.490252][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 141.512794][ T8891] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5069] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8892] <... write resumed>) = 16777216 [pid 8892] munmap(0x7fda9371b000, 138412032) = 0 [pid 8892] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 141.535600][ T8883] BTRFS info (device loop1): enabling ssd optimizations [ 141.540866][ T8884] BTRFS info (device loop0): enabling ssd optimizations [ 141.550457][ T8883] BTRFS info (device loop1): auto enabling async discard [ 141.569419][ T8891] BTRFS info (device loop2): force clearing of disk cache [ 141.571856][ T8884] BTRFS info (device loop0): auto enabling async discard [pid 8892] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... umount2 resumed>) = 0 [ 141.592527][ T8883] BTRFS info (device loop1): rebuilding free space tree [ 141.609324][ T8884] BTRFS info (device loop0): rebuilding free space tree [ 141.611165][ T8891] BTRFS info (device loop2): setting nodatasum [ 141.616988][ T8892] loop3: detected capacity change from 0 to 32768 [pid 5069] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 8892] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 141.642268][ T8891] BTRFS info (device loop2): allowing degraded mounts [ 141.649475][ T8891] BTRFS info (device loop2): enabling disk space caching [ 141.656512][ T8891] BTRFS info (device loop2): disk space caching is enabled [ 141.659930][ T8884] BTRFS info (device loop0): disabling free space tree [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 8892] close(3 [pid 5069] rmdir("./35/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./35") = 0 [pid 5069] mkdir("./36", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 8892] <... close resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 8959 ./strace-static-x86_64: Process 8959 attached [pid 8959] set_robust_list(0x555557145760, 24 [pid 8892] mkdir("./file0", 0777) = 0 [pid 8959] <... set_robust_list resumed>) = 0 [pid 8892] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8959] chdir("./36") = 0 [pid 8959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 141.694477][ T8883] BTRFS info (device loop1): disabling free space tree [ 141.699415][ T8884] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 141.712842][ T8884] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 141.730641][ T8883] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8959] setpgid(0, 0) = 0 [pid 8959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8959] write(3, "1000", 4) = 4 [ 141.742548][ T8892] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (8892) [ 141.742605][ T8883] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 141.756441][ T8884] BTRFS info (device loop0): checking UUID tree [ 141.773170][ T8885] BTRFS info (device loop4): enabling ssd optimizations [pid 8959] close(3) = 0 [pid 8959] symlink("/dev/binderfs", "./binderfs") = 0 [ 141.791199][ T8883] BTRFS info (device loop1): checking UUID tree [pid 8959] memfd_create("syzkaller", 0) = 3 [pid 8959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8884] <... mount resumed>) = 0 [pid 8884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8883] <... mount resumed>) = 0 [pid 8884] <... openat resumed>) = 3 [ 141.818738][ T8885] BTRFS info (device loop4): auto enabling async discard [ 141.829191][ T8892] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 141.829362][ T8885] BTRFS info (device loop4): rebuilding free space tree [ 141.860953][ T8892] BTRFS info (device loop3): force clearing of disk cache [pid 8883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 8884] chdir("./file0" [pid 8883] <... openat resumed>) = 3 [pid 8884] <... chdir resumed>) = 0 [pid 8883] chdir("./file0" [pid 8884] ioctl(4, LOOP_CLR_FD [pid 8883] <... chdir resumed>) = 0 [pid 8884] <... ioctl resumed>) = 0 [pid 8883] ioctl(4, LOOP_CLR_FD [pid 8884] close(4 [pid 8883] <... ioctl resumed>) = 0 [pid 8884] <... close resumed>) = 0 [pid 8883] close(4) = 0 [pid 8884] open("./file0", O_RDONLY [pid 8883] open("./file0", O_RDONLY [pid 8884] <... open resumed>) = 4 [pid 8883] <... open resumed>) = 4 [pid 8884] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 141.871111][ T8892] BTRFS info (device loop3): setting nodatasum [ 141.891742][ T8892] BTRFS info (device loop3): allowing degraded mounts [pid 8883] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8884] <... ioctl resumed>) = 0 [pid 8883] open("./file0", O_RDONLY [pid 8884] open("./file0", O_RDONLY [pid 8883] <... open resumed>) = 5 [ 141.918687][ T8885] BTRFS info (device loop4): disabling free space tree [ 141.919028][ T76] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 141.934935][ T8892] BTRFS info (device loop3): enabling disk space caching [ 141.942169][ T8885] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 141.942192][ T8885] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8884] <... open resumed>) = 5 [pid 8883] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8884] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8883] <... ioctl resumed>) = 0 [pid 8884] <... ioctl resumed>) = 0 [pid 8883] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8883] exit_group(0) = ? [pid 8884] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8883] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8883, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5065] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8884] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8884] exit_group(0 [pid 5065] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8885] <... mount resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 8885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8885] <... openat resumed>) = 3 [pid 8884] <... exit_group resumed>) = ? [pid 5065] getdents64(3, [pid 8885] chdir("./file0" [pid 8884] +++ exited with 0 +++ [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 8885] <... chdir resumed>) = 0 [pid 5065] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8884, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... restart_syscall resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./35/binderfs", [pid 5064] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8885] ioctl(4, LOOP_CLR_FD [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] unlink("./35/binderfs") = 0 [pid 5064] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 8885] <... ioctl resumed>) = 0 [ 141.968476][ T8891] BTRFS info (device loop2): enabling ssd optimizations [ 141.983699][ T8885] BTRFS info (device loop4): checking UUID tree [ 141.996485][ T8891] BTRFS info (device loop2): auto enabling async discard [ 142.010641][ T8891] BTRFS info (device loop2): rebuilding free space tree [pid 5064] newfstatat(3, "", [pid 8885] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8885] <... close resumed>) = 0 [pid 8885] open("./file0", O_RDONLY [pid 5064] getdents64(3, [pid 8885] <... open resumed>) = 4 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./35/binderfs") = 0 [pid 8891] <... mount resumed>) = 0 [pid 5064] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8891] chdir("./file0") = 0 [pid 8885] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 8891] ioctl(4, LOOP_CLR_FD) = 0 [pid 8891] close(4) = 0 [pid 8891] open("./file0", O_RDONLY) = 4 [pid 8891] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8891] open("./file0", O_RDONLY) = 5 [pid 8885] <... ioctl resumed>) = 0 [pid 8891] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 8885] open("./file0", O_RDONLY [pid 8891] <... ioctl resumed>) = 0 [pid 8885] <... open resumed>) = 5 [pid 8885] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8891] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8885] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 8891] exit_group(0 [pid 8885] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 8891] <... exit_group resumed>) = ? [pid 8885] exit_group(0) = ? [pid 8891] +++ exited with 0 +++ [pid 8885] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8885, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=42 /* 0.42 s */} --- [pid 5068] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8891, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] newfstatat(AT_FDCWD, "./35/binderfs", [pid 5066] <... openat resumed>) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(3, "", [pid 5068] unlink("./35/binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5066] getdents64(3, [pid 5068] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./36/binderfs") = 0 [pid 5066] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8892] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 8892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 8892] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8892] chdir("./file0" [pid 5064] close(4) = 0 [pid 5064] rmdir("./35/file0" [pid 8892] <... chdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8892] ioctl(4, LOOP_CLR_FD [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8892] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] close(3 [pid 8892] close(4 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./35" [pid 8892] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 8892] open("./file0", O_RDONLY [pid 5064] mkdir("./36", 0777 [pid 8892] <... open resumed>) = 4 [pid 5064] <... mkdir resumed>) = 0 [pid 8892] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... openat resumed>) = 4 [pid 8892] <... ioctl resumed>) = 0 [pid 5065] newfstatat(4, "", [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 8997 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, ./strace-static-x86_64: Process 8997 attached [pid 8997] set_robust_list(0x555557145760, 24 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 8997] <... set_robust_list resumed>) = 0 [pid 8997] chdir("./36" [pid 8892] open("./file0", O_RDONLY [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 8892] <... open resumed>) = 5 [pid 5065] close(4) = 0 [pid 8997] <... chdir resumed>) = 0 [pid 5065] rmdir("./35/file0" [pid 8997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8997] setpgid(0, 0) = 0 [pid 8997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... rmdir resumed>) = 0 [pid 8997] <... openat resumed>) = 3 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./35" [pid 8997] write(3, "1000", 4) = 4 [pid 8997] close(3) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 8997] symlink("/dev/binderfs", "./binderfs" [pid 5065] mkdir("./36", 0777 [pid 8997] <... symlink resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 8997] memfd_create("syzkaller", 0 [pid 8892] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 8892] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 8997] <... memfd_create resumed>) = 3 [pid 8892] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 8997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8892] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] close(3) = 0 [pid 8997] <... mmap resumed>) = 0x7fda9371b000 [pid 8892] exit_group(0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8998 attached , child_tidptr=0x555557145750) = 8998 [pid 8998] set_robust_list(0x555557145760, 24 [pid 8892] <... exit_group resumed>) = ? [pid 8998] <... set_robust_list resumed>) = 0 [pid 8892] +++ exited with 0 +++ [pid 5068] <... umount2 resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8892, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 8998] chdir("./36" [pid 5068] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(AT_FDCWD, "./35/file0", [pid 8998] <... chdir resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8998] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8998] <... prctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... openat resumed>) = 3 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 5067] newfstatat(3, "", [pid 8998] setpgid(0, 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8998] <... setpgid resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 8998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] getdents64(4, [pid 5067] getdents64(3, [pid 5066] <... umount2 resumed>) = 0 [pid 8998] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(4, [pid 8998] write(3, "1000", 4 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8998] <... write resumed>) = 4 [pid 5068] close(4 [pid 5067] newfstatat(AT_FDCWD, "./35/binderfs", [pid 5066] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] rmdir("./35/file0" [pid 5067] unlink("./35/binderfs" [pid 8998] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8998] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./36/file0", [pid 8998] symlink("/dev/binderfs", "./binderfs" [pid 5067] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 8998] <... symlink resumed>) = 0 [pid 5066] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8998] memfd_create("syzkaller", 0 [pid 5068] getdents64(3, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5068] close(3 [pid 8998] <... memfd_create resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 8998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] rmdir("./35" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 8998] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] mkdir("./36", 0777 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5068] <... mkdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] rmdir("./36/file0" [pid 5068] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5066] getdents64(3, [pid 5068] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5066] close(3 [pid 5068] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] rmdir("./36") = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9000 [pid 5066] mkdir("./37", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 9000 attached [pid 5066] close(3 [pid 9000] set_robust_list(0x555557145760, 24 [pid 5066] <... close resumed>) = 0 [pid 9000] <... set_robust_list resumed>) = 0 [pid 9000] chdir("./36" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9000] <... chdir resumed>) = 0 [pid 9000] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 9001 attached ) = 0 [pid 9001] set_robust_list(0x555557145760, 24 [pid 9000] setpgid(0, 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9001 [pid 9001] <... set_robust_list resumed>) = 0 [pid 9000] <... setpgid resumed>) = 0 [pid 9001] chdir("./37" [pid 9000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9001] <... chdir resumed>) = 0 [pid 9000] <... openat resumed>) = 3 [pid 9000] write(3, "1000", 4 [pid 9001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9000] <... write resumed>) = 4 [pid 9001] <... prctl resumed>) = 0 [pid 9001] setpgid(0, 0 [pid 9000] close(3 [pid 9001] <... setpgid resumed>) = 0 [pid 9000] <... close resumed>) = 0 [pid 9001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9000] memfd_create("syzkaller", 0) = 3 [pid 9000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9001] <... openat resumed>) = 3 [pid 9001] write(3, "1000", 4) = 4 [pid 9001] close(3) = 0 [pid 9001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9001] memfd_create("syzkaller", 0) = 3 [pid 9001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8959] <... write resumed>) = 16777216 [pid 8959] munmap(0x7fda9371b000, 138412032) = 0 [pid 8959] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 8959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 8959] close(3 [pid 5067] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8959] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8959] mkdir("./file0", 0777 [ 142.859369][ T8959] loop5: detected capacity change from 0 to 32768 [pid 5067] newfstatat(AT_FDCWD, "./35/file0", [pid 8959] <... mkdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 8959] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./35/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./35") = 0 [ 142.938907][ T8959] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (8959) [pid 5067] mkdir("./36", 0777) = 0 [pid 8997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9004 attached [pid 9004] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9004 [pid 9004] <... set_robust_list resumed>) = 0 [pid 9004] chdir("./36" [pid 8998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9004] <... chdir resumed>) = 0 [pid 9004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9004] setpgid(0, 0) = 0 [pid 9004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9004] write(3, "1000", 4) = 4 [pid 9004] close(3 [pid 9001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9004] <... close resumed>) = 0 [pid 9004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9004] memfd_create("syzkaller", 0) = 3 [pid 9004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 8959] <... mount resumed>) = 0 [pid 8959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8959] chdir("./file0") = 0 [pid 8959] ioctl(4, LOOP_CLR_FD) = 0 [pid 8959] close(4) = 0 [pid 8959] open("./file0", O_RDONLY) = 4 [pid 8959] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8959] open("./file0", O_RDONLY) = 5 [pid 8959] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8959] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8959] exit_group(0) = ? [pid 8959] +++ exited with 0 +++ [pid 8997] <... write resumed>) = 16777216 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8959, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=20 /* 0.20 s */} --- [pid 5069] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./36/binderfs" [pid 9000] <... write resumed>) = 16777216 [pid 8997] munmap(0x7fda9371b000, 138412032 [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8997] <... munmap resumed>) = 0 [pid 9000] munmap(0x7fda9371b000, 138412032 [pid 8997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8997] ioctl(4, LOOP_SET_FD, 3 [pid 9000] <... munmap resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 9000] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5069] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9000] <... openat resumed>) = 4 [pid 8997] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 143.626247][ T8997] loop0: detected capacity change from 0 to 32768 [pid 9000] ioctl(4, LOOP_SET_FD, 3 [pid 8997] close(3 [pid 5069] newfstatat(AT_FDCWD, "./36/file0", [pid 9000] <... ioctl resumed>) = 0 [pid 8997] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9000] close(3 [pid 8998] <... write resumed>) = 16777216 [pid 8997] mkdir("./file0", 0777 [pid 5069] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9000] <... close resumed>) = 0 [pid 8998] munmap(0x7fda9371b000, 138412032 [pid 8997] <... mkdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 8997] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", [pid 9000] mkdir("./file0", 0777 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 9000] <... mkdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9000] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] getdents64(4, [pid 8998] <... munmap resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [ 143.670370][ T9000] loop4: detected capacity change from 0 to 32768 [ 143.687341][ T8997] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (8997) [pid 5069] close(4 [pid 8998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... close resumed>) = 0 [pid 8998] <... openat resumed>) = 4 [pid 5069] rmdir("./36/file0" [pid 8998] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 8998] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 8998] close(3 [pid 5069] <... close resumed>) = 0 [pid 8998] <... close resumed>) = 0 [pid 5069] rmdir("./36" [pid 8998] mkdir("./file0", 0777 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./37", 0777 [pid 8998] <... mkdir resumed>) = 0 [ 143.720673][ T9000] BTRFS: device /dev/loop4 using temp-fsid b0a1d9ce-6a51-4e99-95c6-4cf973cab432 [ 143.738874][ T9000] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9000) [ 143.755394][ T8998] loop1: detected capacity change from 0 to 32768 [pid 8998] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9033 attached , child_tidptr=0x555557145750) = 9033 [pid 9033] set_robust_list(0x555557145760, 24) = 0 [pid 9033] chdir("./37") = 0 [pid 9033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9033] setpgid(0, 0) = 0 [pid 9033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9001] <... write resumed>) = 16777216 [pid 9001] munmap(0x7fda9371b000, 138412032 [pid 9033] <... openat resumed>) = 3 [pid 9033] write(3, "1000", 4) = 4 [pid 9033] close(3) = 0 [pid 9033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9033] memfd_create("syzkaller", 0) = 3 [ 143.777940][ T8998] BTRFS: device /dev/loop1 using temp-fsid ece509e9-01aa-4f13-9ba0-830af0dae9e1 [ 143.815336][ T8998] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (8998) [pid 9033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9001] <... munmap resumed>) = 0 [pid 9001] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9001] <... openat resumed>) = 4 [pid 9001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9001] close(3) = 0 [pid 9001] mkdir("./file0", 0777) = 0 [ 143.861606][ T9001] loop2: detected capacity change from 0 to 32768 [ 143.908134][ T9001] BTRFS: device /dev/loop2 using temp-fsid 0491d603-5a25-4d8d-97e1-057b6b5b9918 [pid 9001] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 8997] <... mount resumed>) = 0 [pid 8997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8997] chdir("./file0") = 0 [pid 8997] ioctl(4, LOOP_CLR_FD) = 0 [pid 8997] close(4) = 0 [pid 8997] open("./file0", O_RDONLY) = 4 [pid 8997] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8997] open("./file0", O_RDONLY) = 5 [ 143.967200][ T9001] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9001) [pid 8997] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 8997] <... ioctl resumed>) = 0 [pid 8997] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 8997] exit_group(0) = ? [pid 8997] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8997, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./36/binderfs") = 0 [ 144.041694][ T1047] _btrfs_printk: 55 callbacks suppressed [ 144.041708][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 144.061353][ T9001] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 144.119930][ T9001] BTRFS info (device loop2): force clearing of disk cache [ 144.127239][ T9000] BTRFS info (device loop4): enabling ssd optimizations [ 144.138854][ T8998] BTRFS info (device loop1): enabling ssd optimizations [ 144.158800][ T8998] BTRFS info (device loop1): auto enabling async discard [ 144.166677][ T8998] BTRFS info (device loop1): rebuilding free space tree [ 144.169504][ T9000] BTRFS info (device loop4): auto enabling async discard [ 144.180651][ T9001] BTRFS info (device loop2): setting nodatasum [ 144.180673][ T9001] BTRFS info (device loop2): allowing degraded mounts [ 144.180691][ T9001] BTRFS info (device loop2): enabling disk space caching [ 144.180706][ T9001] BTRFS info (device loop2): disk space caching is enabled [ 144.227883][ T8998] BTRFS info (device loop1): disabling free space tree [ 144.240169][ T9000] BTRFS info (device loop4): rebuilding free space tree [ 144.247698][ T8998] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 144.268819][ T8998] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 144.294252][ T8998] BTRFS info (device loop1): checking UUID tree [ 144.305164][ T9000] BTRFS info (device loop4): disabling free space tree [pid 5064] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 8998] <... mount resumed>) = 0 [pid 8998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8998] chdir("./file0") = 0 [pid 8998] ioctl(4, LOOP_CLR_FD) = 0 [ 144.331868][ T9000] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 144.343263][ T9000] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8998] close(4) = 0 [pid 8998] open("./file0", O_RDONLY) = 4 [pid 8998] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 8998] open("./file0", O_RDONLY) = 5 [pid 8998] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 8998] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 144.394333][ T9000] BTRFS info (device loop4): checking UUID tree [pid 8998] exit_group(0) = ? [pid 8998] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8998, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 9000] <... mount resumed>) = 0 [pid 9000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9000] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9000] chdir("./file0") = 0 [pid 5065] <... openat resumed>) = 3 [pid 9000] ioctl(4, LOOP_CLR_FD [pid 5065] newfstatat(3, "", [pid 9000] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9000] close(4) = 0 [pid 5065] getdents64(3, [pid 9000] open("./file0", O_RDONLY) = 4 [pid 9000] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./36/binderfs") = 0 [pid 5065] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9000] <... ioctl resumed>) = 0 [pid 9000] open("./file0", O_RDONLY) = 5 [pid 9000] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9000] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9000] exit_group(0) = ? [pid 9000] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9000, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [ 144.466297][ T1047] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 144.499057][ T9001] BTRFS info (device loop2): enabling ssd optimizations [pid 5068] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./36/binderfs") = 0 [pid 5068] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 144.540712][ T9001] BTRFS info (device loop2): auto enabling async discard [ 144.561245][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 9004] <... write resumed>) = 16777216 [pid 5064] close(4 [pid 9004] munmap(0x7fda9371b000, 138412032 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./36/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9004] <... munmap resumed>) = 0 [pid 9004] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5064] close(3) = 0 [ 144.591887][ T9001] BTRFS info (device loop2): rebuilding free space tree [pid 9004] ioctl(4, LOOP_SET_FD, 3 [pid 5064] rmdir("./36") = 0 [pid 5064] mkdir("./37", 0777 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9004] <... ioctl resumed>) = 0 [pid 5065] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 9004] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9004] <... close resumed>) = 0 [pid 9004] mkdir("./file0", 0777) = 0 [pid 9004] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] newfstatat(AT_FDCWD, "./36/file0", [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 144.637611][ T9004] loop3: detected capacity change from 0 to 32768 [ 144.649352][ T9001] BTRFS info (device loop2): disabling free space tree [ 144.673595][ T9004] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9004) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] close(3 [pid 5065] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 9087 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, ./strace-static-x86_64: Process 9087 attached [pid 9087] set_robust_list(0x555557145760, 24) = 0 [pid 9087] chdir("./37") = 0 [pid 9087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9087] setpgid(0, 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 9087] <... setpgid resumed>) = 0 [pid 9087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 9087] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 9087] write(3, "1000", 4 [pid 5065] rmdir("./36/file0" [pid 9087] <... write resumed>) = 4 [pid 9087] close(3) = 0 [pid 9087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 9087] memfd_create("syzkaller", 0) = 3 [pid 9087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] getdents64(3, [pid 9087] <... mmap resumed>) = 0x7fda9371b000 [ 144.687244][ T9001] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9033] <... write resumed>) = 16777216 [pid 5065] close(3 [pid 9033] munmap(0x7fda9371b000, 138412032 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./36") = 0 [ 144.739361][ T9001] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 144.768997][ T9004] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 144.778231][ T9004] BTRFS info (device loop3): force clearing of disk cache [pid 5065] mkdir("./37", 0777 [pid 9033] <... munmap resumed>) = 0 [pid 9033] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 9033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./36/file0", [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9033] close(3) = 0 [pid 9033] mkdir("./file0", 0777) = 0 [pid 9033] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,"./strace-static-x86_64: Process 9088 attached [pid 5068] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9088] set_robust_list(0x555557145760, 24) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9088 [ 144.790394][ T9033] loop5: detected capacity change from 0 to 32768 [ 144.816200][ T9033] BTRFS: device /dev/loop5 using temp-fsid 56ab7217-a68a-4de2-abcd-25432977f38b [ 144.829893][ T9001] BTRFS info (device loop2): checking UUID tree [pid 9088] chdir("./37") = 0 [pid 5068] newfstatat(4, "", [pid 9088] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9088] <... prctl resumed>) = 0 [pid 9088] setpgid(0, 0 [pid 5068] getdents64(4, [pid 9088] <... setpgid resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 9001] <... mount resumed>) = 0 [pid 9088] <... openat resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 9088] write(3, "1000", 4 [pid 5068] rmdir("./36/file0" [pid 9001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9001] chdir("./file0" [pid 5068] <... rmdir resumed>) = 0 [pid 9088] <... write resumed>) = 4 [pid 9001] <... chdir resumed>) = 0 [pid 9001] ioctl(4, LOOP_CLR_FD) = 0 [pid 9001] close(4) = 0 [pid 9001] open("./file0", O_RDONLY) = 4 [pid 9001] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 144.836872][ T9004] BTRFS info (device loop3): setting nodatasum [ 144.858835][ T9033] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9033) [ 144.871991][ T9004] BTRFS info (device loop3): allowing degraded mounts [pid 9088] close(3) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9088] symlink("/dev/binderfs", "./binderfs" [pid 5068] close(3 [pid 9088] <... symlink resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./36" [pid 9088] memfd_create("syzkaller", 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./37", 0777 [pid 9088] <... memfd_create resumed>) = 3 [pid 9001] <... ioctl resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 9001] open("./file0", O_RDONLY) = 5 [pid 9001] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9001] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9001] exit_group(0) = ? [pid 9001] +++ exited with 0 +++ [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9001, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 5068] <... openat resumed>) = 3 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5066] <... restart_syscall resumed>) = 0 [pid 9088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... ioctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... openat resumed>) = 3 ./strace-static-x86_64: Process 9090 attached [pid 9090] set_robust_list(0x555557145760, 24) = 0 [ 144.884612][ T9004] BTRFS info (device loop3): enabling disk space caching [pid 9090] chdir("./37") = 0 [pid 9090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] newfstatat(3, "", [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9090 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 9090] <... prctl resumed>) = 0 [pid 9090] setpgid(0, 0) = 0 [pid 9090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9090] write(3, "1000", 4) = 4 [pid 9090] close(3) = 0 [pid 9090] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9090] <... symlink resumed>) = 0 [pid 5066] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./37/binderfs", [pid 9090] memfd_create("syzkaller", 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9090] <... memfd_create resumed>) = 3 [pid 5066] unlink("./37/binderfs" [pid 9090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... unlink resumed>) = 0 [ 144.925111][ T9033] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 144.938834][ T9004] BTRFS info (device loop3): disk space caching is enabled [ 144.964782][ T2855] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 145.002044][ T9033] BTRFS info (device loop5): force clearing of disk cache [ 145.056508][ T9033] BTRFS info (device loop5): setting nodatasum [pid 5066] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./37/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [ 145.109253][ T9033] BTRFS info (device loop5): allowing degraded mounts [ 145.139757][ T9033] BTRFS info (device loop5): enabling disk space caching [pid 5066] close(3) = 0 [pid 5066] rmdir("./37") = 0 [pid 5066] mkdir("./38", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9107 ./strace-static-x86_64: Process 9107 attached [ 145.199180][ T9033] BTRFS info (device loop5): disk space caching is enabled [ 145.228880][ T9004] BTRFS info (device loop3): enabling ssd optimizations [pid 9107] set_robust_list(0x555557145760, 24) = 0 [pid 9107] chdir("./38") = 0 [ 145.268855][ T9004] BTRFS info (device loop3): auto enabling async discard [ 145.289699][ T9004] BTRFS info (device loop3): rebuilding free space tree [ 145.302241][ T9004] BTRFS info (device loop3): disabling free space tree [pid 9107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9107] setpgid(0, 0) = 0 [pid 9107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9107] write(3, "1000", 4) = 4 [pid 9107] close(3) = 0 [pid 9107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9107] memfd_create("syzkaller", 0) = 3 [pid 9107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 145.311023][ T9004] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 145.321044][ T9004] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 145.336662][ T9004] BTRFS info (device loop3): checking UUID tree [pid 9088] <... write resumed>) = 16777216 [pid 9004] <... mount resumed>) = 0 [pid 9088] munmap(0x7fda9371b000, 138412032 [pid 9004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9004] chdir("./file0") = 0 [pid 9004] ioctl(4, LOOP_CLR_FD) = 0 [pid 9004] close(4 [pid 9088] <... munmap resumed>) = 0 [pid 9004] <... close resumed>) = 0 [pid 9088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9004] open("./file0", O_RDONLY [pid 9088] <... openat resumed>) = 4 [pid 9004] <... open resumed>) = 4 [pid 9004] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9004] <... ioctl resumed>) = 0 [pid 9004] open("./file0", O_RDONLY) = 5 [pid 9004] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9004] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9088] close(3 [pid 9004] exit_group(0 [pid 9088] <... close resumed>) = 0 [pid 9004] <... exit_group resumed>) = ? [pid 9088] mkdir("./file0", 0777 [pid 9004] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9004, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 9088] <... mkdir resumed>) = 0 [pid 5067] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9088] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 145.430933][ T9088] loop1: detected capacity change from 0 to 32768 [ 145.450847][ T9033] BTRFS info (device loop5): enabling ssd optimizations [ 145.471878][ T9033] BTRFS info (device loop5): auto enabling async discard [pid 5067] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./36/binderfs") = 0 [pid 9090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 145.499417][ T2855] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 145.509381][ T9088] BTRFS: device /dev/loop1 using temp-fsid df2550ff-9f0c-4467-b007-ce8f12f11eff [ 145.518451][ T9088] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9088) [ 145.523680][ T9033] BTRFS info (device loop5): rebuilding free space tree [ 145.599327][ T9033] BTRFS info (device loop5): disabling free space tree [ 145.606250][ T9033] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 145.639144][ T9088] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 145.659443][ T9088] BTRFS info (device loop1): force clearing of disk cache [ 145.666570][ T9088] BTRFS info (device loop1): setting nodatasum [ 145.669115][ T9033] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 145.724303][ T9088] BTRFS info (device loop1): allowing degraded mounts [pid 5067] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./36/file0", [pid 9033] <... mount resumed>) = 0 [pid 9033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9033] chdir("./file0") = 0 [pid 9033] ioctl(4, LOOP_CLR_FD) = 0 [pid 9033] close(4) = 0 [ 145.770320][ T9033] BTRFS info (device loop5): checking UUID tree [ 145.799012][ T9088] BTRFS info (device loop1): enabling disk space caching [ 145.806057][ T9088] BTRFS info (device loop1): disk space caching is enabled [pid 9033] open("./file0", O_RDONLY [pid 9087] <... write resumed>) = 16777216 [pid 9033] <... open resumed>) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9033] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 9033] <... ioctl resumed>) = 0 [pid 9033] open("./file0", O_RDONLY [pid 5067] newfstatat(4, "", [pid 9033] <... open resumed>) = 5 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 9087] munmap(0x7fda9371b000, 138412032 [pid 9033] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9033] <... ioctl resumed>) = 0 [pid 5067] getdents64(4, [pid 9033] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 9033] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... close resumed>) = 0 [pid 9087] <... munmap resumed>) = 0 [pid 9033] exit_group(0 [pid 5067] rmdir("./36/file0" [pid 9087] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9033] <... exit_group resumed>) = ? [pid 5067] <... rmdir resumed>) = 0 [pid 9087] <... openat resumed>) = 4 [pid 9033] +++ exited with 0 +++ [pid 5067] getdents64(3, [pid 9087] ioctl(4, LOOP_SET_FD, 3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9033, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./36") = 0 [pid 5067] mkdir("./37", 0777 [pid 5069] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... mkdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... openat resumed>) = 3 [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 9087] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, [pid 5067] close(3 [pid 9087] close(3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... close resumed>) = 0 [pid 9087] <... close resumed>) = 0 [pid 5069] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9134 attached [pid 9087] mkdir("./file0", 0777 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9134] set_robust_list(0x555557145760, 24 [pid 9087] <... mkdir resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./37/binderfs", [pid 9134] <... set_robust_list resumed>) = 0 [pid 9087] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9134 [pid 9134] chdir("./37" [pid 5069] unlink("./37/binderfs" [pid 9134] <... chdir resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 9134] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9134] <... prctl resumed>) = 0 [pid 9134] setpgid(0, 0) = 0 [ 145.899724][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 145.933799][ T9087] loop0: detected capacity change from 0 to 32768 [pid 9134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9134] write(3, "1000", 4) = 4 [pid 9134] close(3) = 0 [pid 9134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9134] memfd_create("syzkaller", 0) = 3 [pid 9134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 145.963686][ T9087] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9087) [pid 9090] <... write resumed>) = 16777216 [ 146.022089][ T9087] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 9090] munmap(0x7fda9371b000, 138412032) = 0 [pid 9090] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 146.090085][ T9087] BTRFS info (device loop0): force clearing of disk cache [ 146.097221][ T9087] BTRFS info (device loop0): setting nodatasum [ 146.109887][ T9088] BTRFS info (device loop1): enabling ssd optimizations [ 146.116844][ T9088] BTRFS info (device loop1): auto enabling async discard [pid 9090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9090] close(3) = 0 [pid 9090] mkdir("./file0", 0777) = 0 [ 146.138836][ T9090] loop4: detected capacity change from 0 to 32768 [ 146.150053][ T9087] BTRFS info (device loop0): allowing degraded mounts [ 146.168862][ T9090] BTRFS: device /dev/loop4 using temp-fsid 3f05c32a-13b3-44eb-8634-a79caec0275a [ 146.177975][ T9090] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9090) [pid 9090] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [ 146.190643][ T9087] BTRFS info (device loop0): enabling disk space caching [ 146.197680][ T9087] BTRFS info (device loop0): disk space caching is enabled [ 146.211481][ T9088] BTRFS info (device loop1): rebuilding free space tree [pid 5069] rmdir("./37/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./37") = 0 [pid 5069] mkdir("./38", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [ 146.285361][ T9090] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 146.289934][ T9088] BTRFS info (device loop1): disabling free space tree [ 146.319809][ T9088] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [ 146.334884][ T9090] BTRFS info (device loop4): force clearing of disk cache [ 146.343368][ T9090] BTRFS info (device loop4): setting nodatasum [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9155 attached [pid 9155] set_robust_list(0x555557145760, 24) = 0 [pid 9155] chdir("./38") = 0 [pid 9155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 146.378844][ T9088] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 146.409102][ T9090] BTRFS info (device loop4): allowing degraded mounts [ 146.415882][ T9090] BTRFS info (device loop4): enabling disk space caching [pid 9155] setpgid(0, 0) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 9155 [pid 9155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9155] write(3, "1000", 4) = 4 [pid 9155] close(3) = 0 [pid 9155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9155] memfd_create("syzkaller", 0) = 3 [ 146.446474][ T9088] BTRFS info (device loop1): checking UUID tree [ 146.485633][ T9090] BTRFS info (device loop4): disk space caching is enabled [pid 9155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9088] <... mount resumed>) = 0 [pid 9088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9088] <... openat resumed>) = 3 [pid 9107] <... write resumed>) = 16777216 [pid 9088] chdir("./file0") = 0 [pid 9088] ioctl(4, LOOP_CLR_FD [pid 9107] munmap(0x7fda9371b000, 138412032 [pid 9088] <... ioctl resumed>) = 0 [ 146.493684][ T9087] BTRFS info (device loop0): enabling ssd optimizations [ 146.501744][ T9087] BTRFS info (device loop0): auto enabling async discard [ 146.513664][ T9087] BTRFS info (device loop0): rebuilding free space tree [pid 9088] close(4) = 0 [pid 9107] <... munmap resumed>) = 0 [pid 9088] open("./file0", O_RDONLY) = 4 [pid 9088] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9107] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9107] ioctl(4, LOOP_SET_FD, 3 [pid 9088] <... ioctl resumed>) = 0 [pid 9088] open("./file0", O_RDONLY) = 5 [pid 9088] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9107] <... ioctl resumed>) = 0 [pid 9107] close(3) = 0 [pid 9107] mkdir("./file0", 0777 [pid 9088] <... ioctl resumed>) = 0 [pid 9107] <... mkdir resumed>) = 0 [pid 9088] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 146.572622][ T9087] BTRFS info (device loop0): disabling free space tree [ 146.584525][ T9107] loop2: detected capacity change from 0 to 32768 [ 146.602315][ T9087] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9088] exit_group(0 [pid 9107] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9088] <... exit_group resumed>) = ? [pid 9088] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9088, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5065] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./37/binderfs") = 0 [ 146.624199][ T9107] BTRFS: device /dev/loop2 using temp-fsid a85e44c2-9b52-42ca-97f0-53c43233431f [ 146.635077][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 146.639121][ T9087] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 146.650687][ T9107] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9107) [ 146.657998][ T9087] BTRFS info (device loop0): checking UUID tree [pid 5065] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9087] <... mount resumed>) = 0 [pid 9087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 146.734676][ T9090] BTRFS info (device loop4): enabling ssd optimizations [ 146.774258][ T9107] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 9087] chdir("./file0") = 0 [pid 9087] ioctl(4, LOOP_CLR_FD) = 0 [pid 9087] close(4) = 0 [pid 9087] open("./file0", O_RDONLY) = 4 [pid 9087] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9087] open("./file0", O_RDONLY) = 5 [ 146.799005][ T9090] BTRFS info (device loop4): auto enabling async discard [ 146.828998][ T9107] BTRFS info (device loop2): force clearing of disk cache [ 146.836130][ T9107] BTRFS info (device loop2): setting nodatasum [pid 9087] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9087] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9087] exit_group(0) = ? [pid 9087] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9087, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5065] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 146.868981][ T9090] BTRFS info (device loop4): rebuilding free space tree [ 146.877715][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./37/file0") = 0 [pid 5064] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] newfstatat(AT_FDCWD, "./37/binderfs", [pid 5065] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9134] <... write resumed>) = 16777216 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] unlink("./37/binderfs" [pid 5065] close(3) = 0 [pid 9134] munmap(0x7fda9371b000, 138412032 [pid 5065] rmdir("./37" [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./38", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [ 146.909910][ T9090] BTRFS info (device loop4): disabling free space tree [pid 5065] close(3 [pid 9134] <... munmap resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9134] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9134] <... openat resumed>) = 4 [pid 9134] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 9185 attached [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9185 [pid 9185] set_robust_list(0x555557145760, 24) = 0 [pid 9185] chdir("./38") = 0 [pid 9134] <... ioctl resumed>) = 0 [pid 9090] <... mount resumed>) = 0 [pid 9185] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9134] close(3 [pid 9090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9185] <... prctl resumed>) = 0 [pid 9134] <... close resumed>) = 0 [pid 9185] setpgid(0, 0 [pid 9134] mkdir("./file0", 0777 [pid 9090] <... openat resumed>) = 3 [pid 9134] <... mkdir resumed>) = 0 [pid 9185] <... setpgid resumed>) = 0 [pid 9185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9134] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9185] <... openat resumed>) = 3 [pid 9185] write(3, "1000", 4) = 4 [pid 9185] close(3 [pid 9090] chdir("./file0") = 0 [pid 9185] <... close resumed>) = 0 [pid 9090] ioctl(4, LOOP_CLR_FD [pid 9185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9090] <... ioctl resumed>) = 0 [pid 9090] close(4) = 0 [ 146.987341][ T9134] loop3: detected capacity change from 0 to 32768 [ 147.013465][ T9134] BTRFS: device /dev/loop3 using temp-fsid 3732d497-fe9d-4b1d-88ac-0f82730652e0 [pid 9185] memfd_create("syzkaller", 0 [pid 9090] open("./file0", O_RDONLY [pid 9185] <... memfd_create resumed>) = 3 [pid 9090] <... open resumed>) = 4 [pid 9185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9090] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 147.090514][ T9134] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9134) [pid 9090] open("./file0", O_RDONLY) = 5 [pid 9090] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9090] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9090] exit_group(0) = ? [pid 9090] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9090, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5068] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./37/binderfs") = 0 [pid 5068] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./37/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./37") = 0 [pid 5068] mkdir("./38", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9215 attached [pid 9215] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9215 [pid 9215] <... set_robust_list resumed>) = 0 [pid 9215] chdir("./38" [pid 9107] <... mount resumed>) = 0 [pid 9215] <... chdir resumed>) = 0 [pid 9215] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9215] <... prctl resumed>) = 0 [pid 9215] setpgid(0, 0 [pid 9107] <... openat resumed>) = 3 [pid 9107] chdir("./file0") = 0 [pid 9107] ioctl(4, LOOP_CLR_FD [pid 9215] <... setpgid resumed>) = 0 [pid 9107] <... ioctl resumed>) = 0 [pid 9215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9107] close(4) = 0 [pid 9215] <... openat resumed>) = 3 [pid 9107] open("./file0", O_RDONLY) = 4 [pid 9107] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9215] write(3, "1000", 4) = 4 [pid 9215] close(3 [pid 9155] <... write resumed>) = 16777216 [pid 9215] <... close resumed>) = 0 [pid 9215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9155] munmap(0x7fda9371b000, 138412032 [pid 9134] <... mount resumed>) = 0 [pid 9107] <... ioctl resumed>) = 0 [pid 9134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9107] open("./file0", O_RDONLY [pid 9215] memfd_create("syzkaller", 0 [pid 9134] <... openat resumed>) = 3 [pid 9107] <... open resumed>) = 5 [pid 9134] chdir("./file0" [pid 9107] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9134] <... chdir resumed>) = 0 [pid 9107] <... ioctl resumed>) = 0 [pid 9215] <... memfd_create resumed>) = 3 [pid 9155] <... munmap resumed>) = 0 [pid 9134] ioctl(4, LOOP_CLR_FD [pid 9107] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9134] <... ioctl resumed>) = 0 [pid 9107] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9134] close(4 [pid 9107] exit_group(0 [pid 9215] <... mmap resumed>) = 0x7fda9371b000 [pid 9134] <... close resumed>) = 0 [pid 9107] <... exit_group resumed>) = ? [pid 9155] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 9134] open("./file0", O_RDONLY [pid 9107] +++ exited with 0 +++ [pid 9155] ioctl(4, LOOP_SET_FD, 3 [pid 9134] <... open resumed>) = 4 [pid 9134] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9107, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./38/binderfs") = 0 [pid 5066] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9134] <... ioctl resumed>) = 0 [pid 9134] open("./file0", O_RDONLY) = 5 [pid 9134] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9134] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9134] exit_group(0) = ? [pid 9134] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9134, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 9155] <... ioctl resumed>) = 0 [pid 5067] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 147.455177][ T9155] loop5: detected capacity change from 0 to 32768 [pid 9155] close(3 [pid 5067] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9155] <... close resumed>) = 0 [pid 9155] mkdir("./file0", 0777 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", [pid 9155] <... mkdir resumed>) = 0 [pid 9155] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./37/binderfs") = 0 [ 147.543006][ T9155] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9155) [pid 5067] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./38/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./37/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] close(3) = 0 [pid 5067] rmdir("./37") = 0 [pid 5066] <... openat resumed>) = 4 [pid 5064] getdents64(4, [pid 5067] mkdir("./38", 0777 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] newfstatat(4, "", [pid 5064] close(4 [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9228 attached [pid 5066] getdents64(4, [pid 5064] rmdir("./37/file0" [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9228 [pid 9228] set_robust_list(0x555557145760, 24 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(4, [pid 5064] close(3 [pid 9228] <... set_robust_list resumed>) = 0 [pid 9228] chdir("./38" [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] close(4 [pid 5064] rmdir("./37" [pid 9228] <... chdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] rmdir("./38/file0") = 0 [pid 9228] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] getdents64(3, [pid 9228] <... prctl resumed>) = 0 [pid 5064] mkdir("./38", 0777) = 0 [pid 9228] setpgid(0, 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9228] <... setpgid resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 9228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] <... close resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] rmdir("./38" [pid 9228] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./39", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 9228] write(3, "1000", 4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 9228] <... write resumed>) = 4 [pid 5066] <... ioctl resumed>) = 0 [pid 9228] close(3 [pid 5066] close(3 [pid 9228] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9233 attached ./strace-static-x86_64: Process 9232 attached [pid 9228] symlink("/dev/binderfs", "./binderfs" [pid 9233] set_robust_list(0x555557145760, 24) = 0 [pid 9232] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9232 [pid 9232] <... set_robust_list resumed>) = 0 [pid 9232] chdir("./39" [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 9233 [pid 9232] <... chdir resumed>) = 0 [pid 9232] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9228] <... symlink resumed>) = 0 [pid 9233] chdir("./38") = 0 [pid 9232] <... prctl resumed>) = 0 [pid 9233] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9232] setpgid(0, 0 [pid 9228] memfd_create("syzkaller", 0 [pid 9233] <... prctl resumed>) = 0 [pid 9233] setpgid(0, 0 [pid 9232] <... setpgid resumed>) = 0 [pid 9228] <... memfd_create resumed>) = 3 [pid 9228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9233] <... setpgid resumed>) = 0 [pid 9232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9232] write(3, "1000", 4 [pid 9233] <... openat resumed>) = 3 [pid 9232] <... write resumed>) = 4 [pid 9233] write(3, "1000", 4 [pid 9232] close(3) = 0 [pid 9233] <... write resumed>) = 4 [pid 9232] symlink("/dev/binderfs", "./binderfs" [pid 9233] close(3) = 0 [pid 9232] <... symlink resumed>) = 0 [pid 9233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9232] memfd_create("syzkaller", 0 [pid 9233] memfd_create("syzkaller", 0 [pid 9232] <... memfd_create resumed>) = 3 [pid 9232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9233] <... memfd_create resumed>) = 3 [pid 9233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9232] <... mmap resumed>) = 0x7fda9371b000 [pid 9233] <... mmap resumed>) = 0x7fda9371b000 [pid 9215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9155] <... mount resumed>) = 0 [pid 9155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9155] chdir("./file0") = 0 [pid 9155] ioctl(4, LOOP_CLR_FD) = 0 [pid 9155] close(4) = 0 [pid 9155] open("./file0", O_RDONLY) = 4 [pid 9155] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9155] open("./file0", O_RDONLY) = 5 [pid 9155] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9155] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9155] exit_group(0) = ? [pid 9155] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9155, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- [pid 5069] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./38/binderfs") = 0 [pid 5069] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9185] <... write resumed>) = 16777216 [pid 9185] munmap(0x7fda9371b000, 138412032) = 0 [pid 9185] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9185] close(3) = 0 [pid 9185] mkdir("./file0", 0777) = 0 [ 148.273967][ T9185] loop1: detected capacity change from 0 to 32768 [pid 9185] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.330176][ T9185] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9185) [pid 5069] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 9233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./38/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./38") = 0 [pid 5069] mkdir("./39", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9215] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 9248 attached [pid 9248] set_robust_list(0x555557145760, 24) = 0 [pid 9248] chdir("./39") = 0 [pid 9248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9248] setpgid(0, 0) = 0 [pid 9248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9248] write(3, "1000", 4) = 4 [pid 9215] munmap(0x7fda9371b000, 138412032 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 9248 [pid 9248] close(3 [pid 9215] <... munmap resumed>) = 0 [pid 9248] <... close resumed>) = 0 [pid 9248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9248] memfd_create("syzkaller", 0 [pid 9215] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9248] <... memfd_create resumed>) = 3 [pid 9215] <... openat resumed>) = 4 [pid 9248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9215] ioctl(4, LOOP_SET_FD, 3 [pid 9248] <... mmap resumed>) = 0x7fda9371b000 [pid 9228] <... write resumed>) = 16777216 [pid 9228] munmap(0x7fda9371b000, 138412032 [pid 9215] <... ioctl resumed>) = 0 [pid 9215] close(3 [pid 9228] <... munmap resumed>) = 0 [pid 9215] <... close resumed>) = 0 [ 148.624882][ T9215] loop4: detected capacity change from 0 to 32768 [pid 9215] mkdir("./file0", 0777 [pid 9228] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9215] <... mkdir resumed>) = 0 [pid 9228] <... openat resumed>) = 4 [pid 9215] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9185] <... mount resumed>) = 0 [pid 9185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9228] close(3 [pid 9185] chdir("./file0") = 0 [pid 9228] <... close resumed>) = 0 [pid 9185] ioctl(4, LOOP_CLR_FD [pid 9228] mkdir("./file0", 0777 [pid 9185] <... ioctl resumed>) = 0 [pid 9185] close(4 [pid 9228] <... mkdir resumed>) = 0 [pid 9185] <... close resumed>) = 0 [pid 9228] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9185] open("./file0", O_RDONLY) = 4 [ 148.711398][ T9215] BTRFS: device /dev/loop4 using temp-fsid 05a5821b-2132-480b-a1bd-dfb913dd388e [ 148.721665][ T9228] loop3: detected capacity change from 0 to 32768 [ 148.738830][ T9215] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9215) [pid 9185] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9185] open("./file0", O_RDONLY) = 5 [pid 9185] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9185] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9185] exit_group(0) = ? [pid 9185] +++ exited with 0 +++ [ 148.778159][ T9228] BTRFS: device /dev/loop3 using temp-fsid a596c6b4-abf8-4614-ab7e-3e88b9d8c7de [ 148.810169][ T9228] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9228) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9185, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./38/binderfs") = 0 [pid 5065] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9233] <... write resumed>) = 16777216 [pid 9233] munmap(0x7fda9371b000, 138412032) = 0 [pid 9233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9233] ioctl(4, LOOP_SET_FD, 3 [pid 9215] <... mount resumed>) = 0 [pid 9215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9215] chdir("./file0" [pid 9233] <... ioctl resumed>) = 0 [pid 9215] <... chdir resumed>) = 0 [pid 9233] close(3 [pid 9215] ioctl(4, LOOP_CLR_FD [pid 9233] <... close resumed>) = 0 [pid 9215] <... ioctl resumed>) = 0 [pid 9233] mkdir("./file0", 0777 [pid 9215] close(4 [pid 9233] <... mkdir resumed>) = 0 [pid 9215] <... close resumed>) = 0 [pid 9215] open("./file0", O_RDONLY [pid 9233] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9215] <... open resumed>) = 4 [pid 9215] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9232] <... write resumed>) = 16777216 [pid 9232] munmap(0x7fda9371b000, 138412032) = 0 [ 148.967812][ T9233] loop0: detected capacity change from 0 to 32768 [pid 9215] <... ioctl resumed>) = 0 [pid 9215] open("./file0", O_RDONLY) = 5 [pid 9215] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9232] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9232] ioctl(4, LOOP_SET_FD, 3 [pid 9215] <... ioctl resumed>) = 0 [pid 9215] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9215] exit_group(0) = ? [pid 9215] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9215, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 5068] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [ 149.018117][ T9233] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9233) [ 149.044457][ T9232] loop2: detected capacity change from 0 to 32768 [ 149.053547][ T9228] _btrfs_printk: 79 callbacks suppressed [ 149.053559][ T9228] BTRFS info (device loop3): disabling free space tree [pid 9232] <... ioctl resumed>) = 0 [pid 5065] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./38/binderfs") = 0 [pid 5068] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9232] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./38/file0", [pid 9232] <... close resumed>) = 0 [pid 9232] mkdir("./file0", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9232] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9232] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... openat resumed>) = 4 [ 149.076369][ T9228] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 149.094157][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 149.105264][ T9232] BTRFS: device /dev/loop2 using temp-fsid c080d04c-4c33-4493-9ece-634a64109f4c [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./38/file0") = 0 [ 149.126330][ T9233] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 149.134889][ T9228] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 149.152024][ T9232] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9232) [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./38") = 0 [pid 5065] mkdir("./39", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9228] <... mount resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 9228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9228] chdir("./file0") = 0 [pid 9228] ioctl(4, LOOP_CLR_FD) = 0 [pid 9228] close(4) = 0 [pid 9228] open("./file0", O_RDONLY) = 4 [ 149.176252][ T9228] BTRFS info (device loop3): checking UUID tree [ 149.176357][ T9233] BTRFS info (device loop0): force clearing of disk cache [ 149.205908][ T9233] BTRFS info (device loop0): setting nodatasum [pid 9228] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9289 attached [ 149.223038][ T9233] BTRFS info (device loop0): allowing degraded mounts [pid 9289] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9289 [pid 9289] <... set_robust_list resumed>) = 0 [pid 9289] chdir("./39") = 0 [pid 9289] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... umount2 resumed>) = 0 [pid 9289] <... prctl resumed>) = 0 [pid 5068] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 149.249231][ T9232] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 149.267917][ T9233] BTRFS info (device loop0): enabling disk space caching [pid 9289] setpgid(0, 0) = 0 [pid 9228] <... ioctl resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9228] open("./file0", O_RDONLY) = 5 [pid 9228] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9228] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9228] exit_group(0) = ? [pid 9228] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9228, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./38/binderfs") = 0 [pid 5067] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9289] <... openat resumed>) = 3 [pid 9289] write(3, "1000", 4 [pid 5068] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] <... write resumed>) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9289] close(3 [pid 5068] <... openat resumed>) = 4 [pid 9289] <... close resumed>) = 0 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 9289] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 9289] <... symlink resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [ 149.299187][ T9232] BTRFS info (device loop2): force clearing of disk cache [ 149.310323][ T9233] BTRFS info (device loop0): disk space caching is enabled [ 149.317924][ T9232] BTRFS info (device loop2): setting nodatasum [pid 5068] close(4 [pid 9289] memfd_create("syzkaller", 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./38/file0" [pid 9289] <... memfd_create resumed>) = 3 [pid 5068] <... rmdir resumed>) = 0 [pid 9289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] getdents64(3, [pid 9289] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./38") = 0 [pid 5068] mkdir("./39", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [ 149.359445][ T9232] BTRFS info (device loop2): allowing degraded mounts [ 149.360031][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 149.366378][ T9232] BTRFS info (device loop2): enabling disk space caching [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9295 attached [pid 9295] set_robust_list(0x555557145760, 24) = 0 [pid 9295] chdir("./39") = 0 [pid 9295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9295] setpgid(0, 0) = 0 [pid 9295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9295 [pid 9295] write(3, "1000", 4) = 4 [pid 9295] close(3) = 0 [pid 9295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9295] memfd_create("syzkaller", 0) = 3 [pid 9295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 149.411584][ T9232] BTRFS info (device loop2): disk space caching is enabled [pid 5067] <... umount2 resumed>) = 0 [pid 9248] <... write resumed>) = 16777216 [pid 5067] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9248] munmap(0x7fda9371b000, 138412032 [pid 5067] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9248] <... munmap resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 149.592384][ T9233] BTRFS info (device loop0): enabling ssd optimizations [pid 9248] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9248] <... openat resumed>) = 4 [pid 5067] getdents64(4, [pid 9248] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./38/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [ 149.640056][ T9233] BTRFS info (device loop0): auto enabling async discard [ 149.663127][ T9248] loop5: detected capacity change from 0 to 32768 [ 149.681096][ T9232] BTRFS info (device loop2): enabling ssd optimizations [pid 9248] <... ioctl resumed>) = 0 [pid 5067] rmdir("./38" [pid 9248] close(3) = 0 [pid 9295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9248] mkdir("./file0", 0777 [pid 5067] <... rmdir resumed>) = 0 [pid 9248] <... mkdir resumed>) = 0 [pid 5067] mkdir("./39", 0777 [pid 9248] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 149.688220][ T9232] BTRFS info (device loop2): auto enabling async discard [ 149.696951][ T9233] BTRFS info (device loop0): rebuilding free space tree [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9322 attached [pid 9322] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9322 [ 149.735210][ T9248] BTRFS: device /dev/loop5 using temp-fsid 84927343-438c-4512-a52b-342035888daf [ 149.747368][ T9233] BTRFS info (device loop0): disabling free space tree [ 149.757087][ T9232] BTRFS info (device loop2): rebuilding free space tree [pid 9322] <... set_robust_list resumed>) = 0 [pid 9322] chdir("./39") = 0 [pid 9322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9322] setpgid(0, 0) = 0 [ 149.779749][ T9233] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 149.798967][ T9248] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9248) [pid 9322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9322] write(3, "1000", 4) = 4 [pid 9322] close(3) = 0 [pid 9322] symlink("/dev/binderfs", "./binderfs") = 0 [ 149.839736][ T9233] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 149.851821][ T9232] BTRFS info (device loop2): disabling free space tree [ 149.859760][ T9232] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 149.864199][ T9248] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 9322] memfd_create("syzkaller", 0) = 3 [pid 9322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 149.888858][ T9248] BTRFS info (device loop5): force clearing of disk cache [ 149.891531][ T9232] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 149.898923][ T9248] BTRFS info (device loop5): setting nodatasum [ 149.908217][ T9233] BTRFS info (device loop0): checking UUID tree [pid 9289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9233] <... mount resumed>) = 0 [pid 9233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9233] chdir("./file0") = 0 [pid 9233] ioctl(4, LOOP_CLR_FD) = 0 [pid 9233] close(4) = 0 [pid 9233] open("./file0", O_RDONLY) = 4 [pid 9233] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 149.948825][ T9248] BTRFS info (device loop5): allowing degraded mounts [ 149.953040][ T9232] BTRFS info (device loop2): checking UUID tree [ 149.962174][ T9248] BTRFS info (device loop5): enabling disk space caching [pid 9233] open("./file0", O_RDONLY) = 5 [pid 9233] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9233] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9233] exit_group(0) = ? [pid 9233] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9233, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5064] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9232] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 9232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9232] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 9232] chdir("./file0") = 0 [pid 9232] ioctl(4, LOOP_CLR_FD [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9232] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9232] close(4) = 0 [pid 9232] open("./file0", O_RDONLY) = 4 [pid 9232] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] unlink("./38/binderfs") = 0 [pid 5064] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9232] <... ioctl resumed>) = 0 [pid 9232] open("./file0", O_RDONLY) = 5 [ 150.005548][ T9248] BTRFS info (device loop5): disk space caching is enabled [ 150.035272][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 9232] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9295] <... write resumed>) = 16777216 [pid 9232] <... ioctl resumed>) = 0 [pid 9295] munmap(0x7fda9371b000, 138412032 [pid 9232] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9232] exit_group(0) = ? [pid 9232] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9232, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5066] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 9295] <... munmap resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9295] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] newfstatat(AT_FDCWD, "./39/binderfs", [pid 9295] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9295] ioctl(4, LOOP_SET_FD, 3 [pid 5066] unlink("./39/binderfs") = 0 [ 150.189883][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 150.205565][ T9295] loop4: detected capacity change from 0 to 32768 [pid 5066] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9295] <... ioctl resumed>) = 0 [pid 9289] <... write resumed>) = 16777216 [pid 9289] munmap(0x7fda9371b000, 138412032) = 0 [pid 9295] close(3) = 0 [pid 9295] mkdir("./file0", 0777) = 0 [pid 9295] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9289] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9289] ioctl(4, LOOP_SET_FD, 3 [pid 5064] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 9289] <... ioctl resumed>) = 0 [ 150.273053][ T9295] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9295) [ 150.303517][ T9248] BTRFS info (device loop5): enabling ssd optimizations [ 150.311688][ T9289] loop1: detected capacity change from 0 to 32768 [pid 5064] <... close resumed>) = 0 [pid 9289] close(3 [pid 5064] rmdir("./38/file0") = 0 [pid 9289] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 9289] mkdir("./file0", 0777 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9289] <... mkdir resumed>) = 0 [pid 9289] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] close(3) = 0 [pid 5064] rmdir("./38") = 0 [pid 5064] mkdir("./39", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9342 attached [pid 9342] set_robust_list(0x555557145760, 24) = 0 [pid 9322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 9342 [pid 9342] chdir("./39") = 0 [ 150.325583][ T9248] BTRFS info (device loop5): auto enabling async discard [ 150.355821][ T9248] BTRFS info (device loop5): rebuilding free space tree [pid 9342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9342] setpgid(0, 0) = 0 [pid 9342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 150.393238][ T9289] BTRFS: device /dev/loop1 using temp-fsid 96e7c41d-0a37-4404-a44f-7f5a02802312 [ 150.394447][ T9295] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 150.418365][ T9248] BTRFS info (device loop5): disabling free space tree [pid 9342] write(3, "1000", 4) = 4 [pid 9342] close(3) = 0 [pid 9342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9342] memfd_create("syzkaller", 0) = 3 [ 150.440587][ T9295] BTRFS info (device loop4): force clearing of disk cache [ 150.441425][ T9289] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9289) [ 150.471582][ T9248] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 150.475198][ T9295] BTRFS info (device loop4): setting nodatasum [pid 9342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 150.500049][ T9295] BTRFS info (device loop4): allowing degraded mounts [ 150.507433][ T9248] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 150.519802][ T9295] BTRFS info (device loop4): enabling disk space caching [ 150.534691][ T9295] BTRFS info (device loop4): disk space caching is enabled [ 150.547262][ T9289] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 150.590566][ T9248] BTRFS info (device loop5): checking UUID tree [pid 5066] <... umount2 resumed>) = 0 [ 150.599762][ T9289] BTRFS info (device loop1): force clearing of disk cache [ 150.606898][ T9289] BTRFS info (device loop1): setting nodatasum [ 150.637657][ T9289] BTRFS info (device loop1): allowing degraded mounts [pid 5066] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 9248] <... mount resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] getdents64(4, [pid 9248] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 9248] chdir("./file0" [pid 5066] close(4 [pid 9248] <... chdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 9248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] rmdir("./39/file0" [ 150.645167][ T9289] BTRFS info (device loop1): enabling disk space caching [ 150.652431][ T9289] BTRFS info (device loop1): disk space caching is enabled [pid 9248] close(4) = 0 [pid 9248] open("./file0", O_RDONLY) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 9248] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./39" [pid 9342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./40", 0777) = 0 [pid 9248] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9248] open("./file0", O_RDONLY [pid 5066] <... openat resumed>) = 3 [pid 9248] <... open resumed>) = 5 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9367 attached [pid 9248] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9367] set_robust_list(0x555557145760, 24 [pid 9248] <... ioctl resumed>) = 0 [pid 9248] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9367 [pid 9248] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9248] exit_group(0) = ? [pid 9367] <... set_robust_list resumed>) = 0 [pid 9248] +++ exited with 0 +++ [pid 9367] chdir("./40" [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9248, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5069] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9367] <... chdir resumed>) = 0 [pid 5069] unlink("./39/binderfs" [pid 9367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9367] <... prctl resumed>) = 0 [ 150.762610][ T9295] BTRFS info (device loop4): enabling ssd optimizations [pid 9367] setpgid(0, 0) = 0 [pid 9367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9367] write(3, "1000", 4) = 4 [pid 9367] close(3) = 0 [pid 9367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9367] memfd_create("syzkaller", 0) = 3 [ 150.815096][ T2855] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 150.826147][ T9295] BTRFS info (device loop4): auto enabling async discard [pid 9367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9322] <... write resumed>) = 16777216 [pid 9322] munmap(0x7fda9371b000, 138412032) = 0 [ 150.911257][ T9295] BTRFS info (device loop4): rebuilding free space tree [ 150.935199][ T9289] BTRFS info (device loop1): enabling ssd optimizations [pid 9322] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 150.989464][ T9289] BTRFS info (device loop1): auto enabling async discard [ 150.991114][ T9295] BTRFS info (device loop4): disabling free space tree [ 151.005929][ T9322] loop3: detected capacity change from 0 to 32768 [ 151.018844][ T9295] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 151.029326][ T9295] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9322] close(3) = 0 [pid 9322] mkdir("./file0", 0777) = 0 [ 151.050265][ T9289] BTRFS info (device loop1): rebuilding free space tree [ 151.061187][ T9295] BTRFS info (device loop4): checking UUID tree [ 151.076303][ T9322] BTRFS: device /dev/loop3 using temp-fsid 4080b97a-9a15-4742-ac0d-728a6c44316c [pid 9322] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9295] <... mount resumed>) = 0 [pid 9295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9295] chdir("./file0") = 0 [ 151.105382][ T9322] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9322) [ 151.123084][ T9289] BTRFS info (device loop1): disabling free space tree [pid 9295] ioctl(4, LOOP_CLR_FD) = 0 [pid 9367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9342] <... write resumed>) = 16777216 [pid 9295] close(4 [pid 9342] munmap(0x7fda9371b000, 138412032 [pid 9295] <... close resumed>) = 0 [pid 9342] <... munmap resumed>) = 0 [pid 9295] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = 0 [ 151.161847][ T9289] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 151.162067][ T9322] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5069] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9295] <... open resumed>) = 4 [pid 9295] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9295] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 9295] open("./file0", O_RDONLY [pid 5069] newfstatat(4, "", [pid 9295] <... open resumed>) = 5 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9342] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9295] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9342] <... openat resumed>) = 4 [pid 9295] <... ioctl resumed>) = 0 [pid 5069] getdents64(4, [pid 9342] ioctl(4, LOOP_SET_FD, 3 [pid 9295] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 9295] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 151.220618][ T9289] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 151.257918][ T9322] BTRFS info (device loop3): force clearing of disk cache [pid 9295] exit_group(0 [pid 5069] close(4 [pid 9295] <... exit_group resumed>) = ? [pid 5069] <... close resumed>) = 0 [pid 9295] +++ exited with 0 +++ [pid 5069] rmdir("./39/file0" [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9295, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [pid 5069] <... rmdir resumed>) = 0 [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 9342] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, [ 151.285199][ T9342] loop0: detected capacity change from 0 to 32768 [ 151.298556][ T9322] BTRFS info (device loop3): setting nodatasum [ 151.299831][ T9289] BTRFS info (device loop1): checking UUID tree [ 151.305810][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9342] close(3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9342] <... close resumed>) = 0 [pid 5069] close(3 [pid 5068] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9342] mkdir("./file0", 0777 [pid 5069] <... close resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 9342] <... mkdir resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 5069] rmdir("./39" [pid 9342] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] mkdir("./40", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] getdents64(3, [pid 5069] close(3) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [ 151.331982][ T9322] BTRFS info (device loop3): allowing degraded mounts [ 151.351076][ T9342] BTRFS: device /dev/loop0 using temp-fsid 6e485fcf-df88-441b-a6fb-b82b62c4f93b [ 151.363208][ T9322] BTRFS info (device loop3): enabling disk space caching [pid 9289] <... mount resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9289] chdir("./file0") = 0 [pid 9289] ioctl(4, LOOP_CLR_FD) = 0 [pid 9289] close(4./strace-static-x86_64: Process 9380 attached ) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9380] set_robust_list(0x555557145760, 24 [pid 5068] newfstatat(AT_FDCWD, "./39/binderfs", [pid 9380] <... set_robust_list resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 9380 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./39/binderfs" [pid 9289] open("./file0", O_RDONLY [pid 9380] chdir("./40") = 0 [pid 9289] <... open resumed>) = 4 [pid 5068] <... unlink resumed>) = 0 [pid 9380] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9289] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 151.387124][ T9342] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9342) [ 151.400083][ T9322] BTRFS info (device loop3): disk space caching is enabled [ 151.425869][ T9342] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5068] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9380] <... prctl resumed>) = 0 [pid 9380] setpgid(0, 0) = 0 [pid 9380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9289] <... ioctl resumed>) = 0 [pid 9380] <... openat resumed>) = 3 [pid 9289] open("./file0", O_RDONLY [pid 9380] write(3, "1000", 4 [pid 9289] <... open resumed>) = 5 [pid 9380] <... write resumed>) = 4 [ 151.470554][ T9342] BTRFS info (device loop0): force clearing of disk cache [ 151.498922][ T9342] BTRFS info (device loop0): setting nodatasum [ 151.505126][ T9342] BTRFS info (device loop0): allowing degraded mounts [pid 9289] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9380] close(3 [pid 9289] <... ioctl resumed>) = 0 [pid 9380] <... close resumed>) = 0 [pid 9380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9380] memfd_create("syzkaller", 0) = 3 [pid 9380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9289] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9289] exit_group(0) = ? [pid 9289] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9289, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [ 151.514240][ T2855] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./39/binderfs" [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 151.601647][ T9342] BTRFS info (device loop0): enabling disk space caching [pid 9367] <... write resumed>) = 16777216 [pid 5068] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9367] munmap(0x7fda9371b000, 138412032 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 9367] <... munmap resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9367] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 9367] close(3) = 0 [pid 9367] mkdir("./file0", 0777 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 9367] <... mkdir resumed>) = 0 [pid 9367] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] rmdir("./39/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./39") = 0 [pid 5068] mkdir("./40", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [ 151.671575][ T9367] loop2: detected capacity change from 0 to 32768 [ 151.671651][ T9322] BTRFS info (device loop3): enabling ssd optimizations [ 151.688051][ T9342] BTRFS info (device loop0): disk space caching is enabled [ 151.702774][ T9367] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9367) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 9399 ./strace-static-x86_64: Process 9399 attached [pid 9399] set_robust_list(0x555557145760, 24) = 0 [pid 9399] chdir("./40") = 0 [pid 9399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9399] setpgid(0, 0) = 0 [pid 9399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9399] write(3, "1000", 4) = 4 [pid 9399] close(3) = 0 [pid 9399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9399] memfd_create("syzkaller", 0) = 3 [pid 9399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 151.748977][ T9322] BTRFS info (device loop3): auto enabling async discard [ 151.757524][ T9322] BTRFS info (device loop3): rebuilding free space tree [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./39/file0") = 0 [ 151.829055][ T9367] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 151.856712][ T9367] BTRFS info (device loop2): force clearing of disk cache [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./39") = 0 [pid 5065] mkdir("./40", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 9414 [ 151.916525][ T9322] BTRFS info (device loop3): disabling free space tree [ 151.924682][ T9342] BTRFS info (device loop0): enabling ssd optimizations [ 151.931827][ T9367] BTRFS info (device loop2): setting nodatasum [ 151.938003][ T9367] BTRFS info (device loop2): allowing degraded mounts ./strace-static-x86_64: Process 9414 attached [pid 9414] set_robust_list(0x555557145760, 24) = 0 [pid 9414] chdir("./40") = 0 [pid 9414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9414] setpgid(0, 0) = 0 [pid 9414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9414] write(3, "1000", 4) = 4 [pid 9414] close(3) = 0 [pid 9399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9414] symlink("/dev/binderfs", "./binderfs") = 0 [ 151.979943][ T9322] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 152.002681][ T9342] BTRFS info (device loop0): auto enabling async discard [pid 9414] memfd_create("syzkaller", 0) = 3 [pid 9414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 152.030556][ T9367] BTRFS info (device loop2): enabling disk space caching [pid 9322] <... mount resumed>) = 0 [pid 9322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9322] chdir("./file0") = 0 [pid 9322] ioctl(4, LOOP_CLR_FD) = 0 [pid 9322] close(4) = 0 [pid 9322] open("./file0", O_RDONLY) = 4 [pid 9322] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9342] <... mount resumed>) = 0 [pid 9380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9322] <... ioctl resumed>) = 0 [pid 9342] chdir("./file0") = 0 [pid 9322] open("./file0", O_RDONLY [pid 9342] ioctl(4, LOOP_CLR_FD [pid 9322] <... open resumed>) = 5 [pid 9342] <... ioctl resumed>) = 0 [pid 9322] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9342] close(4) = 0 [pid 9322] <... ioctl resumed>) = 0 [pid 9342] open("./file0", O_RDONLY [pid 9322] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9342] <... open resumed>) = 4 [pid 9322] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9342] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9322] exit_group(0) = ? [pid 9322] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9322, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 9342] <... ioctl resumed>) = 0 [pid 9342] open("./file0", O_RDONLY) = 5 [pid 9342] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9342] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9342] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9342] exit_group(0) = ? [pid 5067] <... openat resumed>) = 3 [pid 9342] +++ exited with 0 +++ [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9342, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5064] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./39/binderfs" [pid 5067] unlink("./39/binderfs") = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 9367] <... mount resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9367] chdir("./file0") = 0 [pid 9367] ioctl(4, LOOP_CLR_FD) = 0 [pid 9367] close(4) = 0 [pid 5064] getdents64(4, [pid 9367] open("./file0", O_RDONLY) = 4 [pid 9367] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... umount2 resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./39/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] rmdir("./39/file0" [pid 5067] close(3) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5067] rmdir("./39") = 0 [pid 5067] mkdir("./40", 0777) = 0 [pid 5064] getdents64(3, [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9367] <... ioctl resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9367] open("./file0", O_RDONLY [pid 5064] close(3 [pid 9367] <... open resumed>) = 5 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 9367] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] <... ioctl resumed>) = 0 [pid 9367] <... ioctl resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9367] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] close(3 [pid 5064] rmdir("./39" [pid 9367] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... close resumed>) = 0 [pid 9367] exit_group(0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9367] <... exit_group resumed>) = ? [pid 9367] +++ exited with 0 +++ ./strace-static-x86_64: Process 9435 attached [pid 9435] set_robust_list(0x555557145760, 24 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9367, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5064] <... rmdir resumed>) = 0 [pid 9435] <... set_robust_list resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9435 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5064] mkdir("./40", 0777 [pid 9435] chdir("./40" [pid 5066] <... restart_syscall resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 9435] <... chdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9435] setpgid(0, 0 [pid 5066] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9435] <... setpgid resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... openat resumed>) = 3 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5064] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] unlink("./40/binderfs" [pid 9435] write(3, "1000", 4 [pid 5066] <... unlink resumed>) = 0 [pid 9435] <... write resumed>) = 4 [pid 9435] close(3 [pid 5066] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9435] <... close resumed>) = 0 [pid 9435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 9436 [pid 9435] memfd_create("syzkaller", 0./strace-static-x86_64: Process 9436 attached [pid 9436] set_robust_list(0x555557145760, 24 [pid 9435] <... memfd_create resumed>) = 3 [pid 9436] <... set_robust_list resumed>) = 0 [pid 9436] chdir("./40") = 0 [pid 9435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9436] setpgid(0, 0) = 0 [pid 9436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9436] write(3, "1000", 4) = 4 [pid 9436] close(3) = 0 [pid 9436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9436] memfd_create("syzkaller", 0) = 3 [pid 9436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9399] <... write resumed>) = 16777216 [pid 9436] <... mmap resumed>) = 0x7fda9371b000 [pid 9399] munmap(0x7fda9371b000, 138412032) = 0 [pid 9399] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./40/file0", [pid 9399] close(3) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9399] mkdir("./file0", 0777) = 0 [ 152.759811][ T9399] loop4: detected capacity change from 0 to 32768 [pid 9399] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./40/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./40") = 0 [pid 5066] mkdir("./41", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 9438 ./strace-static-x86_64: Process 9438 attached [pid 9438] set_robust_list(0x555557145760, 24) = 0 [pid 9438] chdir("./41") = 0 [pid 9438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9438] setpgid(0, 0) = 0 [pid 9438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9438] write(3, "1000", 4) = 4 [pid 9438] close(3) = 0 [pid 9438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9438] memfd_create("syzkaller", 0) = 3 [pid 9438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 152.849083][ T9399] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9399) [pid 9380] <... write resumed>) = 16777216 [pid 9380] munmap(0x7fda9371b000, 138412032) = 0 [pid 9414] <... write resumed>) = 16777216 [pid 9380] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 9380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9414] munmap(0x7fda9371b000, 138412032 [pid 9380] close(3 [pid 9414] <... munmap resumed>) = 0 [pid 9380] <... close resumed>) = 0 [pid 9380] mkdir("./file0", 0777 [ 153.010121][ T9380] loop5: detected capacity change from 0 to 32768 [pid 9414] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9380] <... mkdir resumed>) = 0 [pid 9414] ioctl(4, LOOP_SET_FD, 3 [pid 9380] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9414] <... ioctl resumed>) = 0 [pid 9414] close(3) = 0 [pid 9414] mkdir("./file0", 0777 [pid 9438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9414] <... mkdir resumed>) = 0 [ 153.079584][ T9414] loop1: detected capacity change from 0 to 32768 [ 153.086282][ T9380] BTRFS: device /dev/loop5 using temp-fsid 520f020f-c72b-432c-a66c-673b266c44aa [pid 9414] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 153.139117][ T9380] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9380) [ 153.229611][ T9414] BTRFS: device /dev/loop1 using temp-fsid 691288d6-303a-4136-aca3-959df55f331f [ 153.249388][ T9414] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9414) [pid 9436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9399] <... mount resumed>) = 0 [pid 9399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9399] chdir("./file0") = 0 [pid 9399] ioctl(4, LOOP_CLR_FD) = 0 [pid 9399] close(4) = 0 [pid 9399] open("./file0", O_RDONLY) = 4 [pid 9399] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9435] <... write resumed>) = 16777216 [pid 9435] munmap(0x7fda9371b000, 138412032) = 0 [pid 9399] <... ioctl resumed>) = 0 [pid 9435] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9399] open("./file0", O_RDONLY [pid 9435] <... openat resumed>) = 4 [pid 9414] <... mount resumed>) = 0 [pid 9399] <... open resumed>) = 5 [pid 9380] <... mount resumed>) = 0 [pid 9399] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9435] ioctl(4, LOOP_SET_FD, 3 [pid 9414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9414] <... openat resumed>) = 3 [pid 9380] <... openat resumed>) = 3 [pid 9435] <... ioctl resumed>) = 0 [pid 9414] chdir("./file0" [pid 9380] chdir("./file0" [pid 9414] <... chdir resumed>) = 0 [pid 9399] <... ioctl resumed>) = 0 [pid 9380] <... chdir resumed>) = 0 [pid 9414] ioctl(4, LOOP_CLR_FD [pid 9399] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9380] ioctl(4, LOOP_CLR_FD [pid 9414] <... ioctl resumed>) = 0 [pid 9399] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9380] <... ioctl resumed>) = 0 [pid 9414] close(4 [pid 9399] exit_group(0 [pid 9380] close(4 [pid 9414] <... close resumed>) = 0 [pid 9380] <... close resumed>) = 0 [pid 9414] open("./file0", O_RDONLY [pid 9399] <... exit_group resumed>) = ? [pid 9414] <... open resumed>) = 4 [pid 9380] open("./file0", O_RDONLY [pid 9414] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9399] +++ exited with 0 +++ [pid 9380] <... open resumed>) = 4 [pid 9380] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9399, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 9380] <... ioctl resumed>) = 0 [pid 5068] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 9435] close(3 [pid 9380] open("./file0", O_RDONLY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9380] <... open resumed>) = 5 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9435] <... close resumed>) = 0 [pid 9380] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9435] mkdir("./file0", 0777 [pid 9380] <... ioctl resumed>) = 0 [ 153.502073][ T9435] loop3: detected capacity change from 0 to 32768 [pid 5068] unlink("./40/binderfs" [pid 9435] <... mkdir resumed>) = 0 [pid 9380] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... unlink resumed>) = 0 [pid 9435] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9414] <... ioctl resumed>) = 0 [pid 9380] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9414] open("./file0", O_RDONLY [pid 9380] exit_group(0 [pid 9414] <... open resumed>) = 5 [pid 9380] <... exit_group resumed>) = ? [pid 9380] +++ exited with 0 +++ [pid 9414] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9380, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=23 /* 0.23 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9414] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./40/binderfs") = 0 [pid 9414] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9414] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9414] exit_group(0) = ? [pid 9414] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9414, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=25 /* 0.25 s */} --- [pid 5065] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 153.572217][ T9435] BTRFS: device /dev/loop3 using temp-fsid 160b90b7-07bb-482f-88c5-b9449c43213a [ 153.609022][ T9435] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9435) [pid 9438] <... write resumed>) = 16777216 [pid 5065] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./40/binderfs") = 0 [pid 5065] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9438] munmap(0x7fda9371b000, 138412032) = 0 [pid 9438] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9438] ioctl(4, LOOP_SET_FD, 3 [pid 9436] <... write resumed>) = 16777216 [pid 9436] munmap(0x7fda9371b000, 138412032) = 0 [pid 9436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9438] <... ioctl resumed>) = 0 [pid 9438] close(3 [pid 9436] close(3 [pid 9438] <... close resumed>) = 0 [pid 9436] <... close resumed>) = 0 [pid 9438] mkdir("./file0", 0777 [ 153.713494][ T9438] loop2: detected capacity change from 0 to 32768 [ 153.751772][ T9436] loop0: detected capacity change from 0 to 32768 [pid 9436] mkdir("./file0", 0777 [pid 9438] <... mkdir resumed>) = 0 [pid 9436] <... mkdir resumed>) = 0 [pid 9438] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9436] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [ 153.801085][ T9436] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9436) [ 153.831587][ T9438] BTRFS: device /dev/loop2 using temp-fsid e3fd017d-9dfb-4c92-adb8-29b23e5b5faa [pid 5068] rmdir("./40/file0" [pid 5069] <... umount2 resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5069] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./40/file0", [pid 5068] getdents64(3, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [ 153.841638][ T9438] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9438) [pid 5068] close(3 [pid 5069] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./40") = 0 [pid 5068] mkdir("./41", 0777 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5069] <... openat resumed>) = 4 [pid 5068] <... openat resumed>) = 3 [pid 5069] newfstatat(4, "", [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9511 [pid 5069] getdents64(4, ./strace-static-x86_64: Process 9511 attached 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 9511] set_robust_list(0x555557145760, 24 [pid 5069] close(4 [pid 9511] <... set_robust_list resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 9511] chdir("./41" [pid 5069] rmdir("./40/file0" [pid 9511] <... chdir resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 9511] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] getdents64(3, [pid 9511] <... prctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9511] setpgid(0, 0 [pid 5069] close(3 [pid 5065] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9511] <... setpgid resumed>) = 0 [pid 5069] rmdir("./40" [pid 5065] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9511] <... openat resumed>) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9511] write(3, "1000", 4 [pid 5069] mkdir("./41", 0777 [pid 5065] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9511] <... write resumed>) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 9511] close(3 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5065] newfstatat(4, "", [pid 9511] <... close resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9511] symlink("/dev/binderfs", "./binderfs" [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5065] getdents64(4, [pid 9511] <... symlink resumed>) = 0 [pid 5069] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9511] memfd_create("syzkaller", 0 [pid 5069] close(3 [pid 5065] getdents64(4, [pid 9511] <... memfd_create resumed>) = 3 [pid 5069] <... close resumed>) = 0 [pid 9511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 9530 attached [pid 9511] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] close(4 [pid 9530] set_robust_list(0x555557145760, 24 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./40/file0" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 9530 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 9530] <... set_robust_list resumed>) = 0 [pid 5065] rmdir("./40" [pid 9530] chdir("./41") = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./41", 0777 [pid 9530] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... mkdir resumed>) = 0 [pid 9530] <... prctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9530] setpgid(0, 0) = 0 [pid 9530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... openat resumed>) = 3 [pid 9530] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9530] write(3, "1000", 4) = 4 [pid 5065] <... ioctl resumed>) = 0 [pid 9530] close(3) = 0 [pid 9530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] close(3 [pid 9530] memfd_create("syzkaller", 0 [pid 5065] <... close resumed>) = 0 [pid 9530] <... memfd_create resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 ./strace-static-x86_64: Process 9535 attached [pid 9535] set_robust_list(0x555557145760, 24) = 0 [pid 9535] chdir("./41") = 0 [pid 9535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9535] setpgid(0, 0) = 0 [pid 9535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9535] write(3, "1000", 4) = 4 [pid 9535] close(3) = 0 [pid 9535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9535] memfd_create("syzkaller", 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9535 [pid 9535] <... memfd_create resumed>) = 3 [pid 9535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 154.107338][ T9436] _btrfs_printk: 85 callbacks suppressed [ 154.107354][ T9436] BTRFS info (device loop0): enabling ssd optimizations [ 154.132338][ T9438] BTRFS info (device loop2): enabling ssd optimizations [pid 9435] <... mount resumed>) = 0 [pid 9435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9435] chdir("./file0") = 0 [pid 9435] ioctl(4, LOOP_CLR_FD) = 0 [pid 9435] close(4) = 0 [pid 9435] open("./file0", O_RDONLY) = 4 [ 154.189597][ T9438] BTRFS info (device loop2): auto enabling async discard [ 154.199880][ T9436] BTRFS info (device loop0): auto enabling async discard [ 154.216853][ T9438] BTRFS info (device loop2): rebuilding free space tree [pid 9435] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9435] open("./file0", O_RDONLY) = 5 [pid 9435] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 154.250211][ T9436] BTRFS info (device loop0): rebuilding free space tree [ 154.271093][ T76] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 9435] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9435] exit_group(0) = ? [ 154.322674][ T9436] BTRFS info (device loop0): disabling free space tree [ 154.323061][ T9438] BTRFS info (device loop2): disabling free space tree [ 154.339022][ T9436] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 154.348668][ T9436] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9435] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9435, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- [pid 5067] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 154.390089][ T9438] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./40/binderfs") = 0 [ 154.432794][ T9436] BTRFS info (device loop0): checking UUID tree [ 154.439185][ T9438] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9436] <... mount resumed>) = 0 [pid 9436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9436] chdir("./file0" [pid 9511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9436] <... chdir resumed>) = 0 [pid 9436] ioctl(4, LOOP_CLR_FD) = 0 [pid 9436] close(4) = 0 [pid 9436] open("./file0", O_RDONLY) = 4 [ 154.541045][ T9438] BTRFS info (device loop2): checking UUID tree [pid 9436] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9438] <... mount resumed>) = 0 [pid 9438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9438] chdir("./file0") = 0 [pid 9438] ioctl(4, LOOP_CLR_FD) = 0 [pid 9438] close(4) = 0 [pid 9438] open("./file0", O_RDONLY) = 4 [pid 9438] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9438] <... ioctl resumed>) = 0 [pid 9436] <... ioctl resumed>) = 0 [pid 9438] open("./file0", O_RDONLY [pid 9436] open("./file0", O_RDONLY [pid 9438] <... open resumed>) = 5 [pid 9436] <... open resumed>) = 5 [pid 9438] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9436] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9438] <... ioctl resumed>) = 0 [pid 9436] <... ioctl resumed>) = 0 [pid 9438] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9436] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9438] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9436] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9438] exit_group(0) = ? [pid 9436] exit_group(0 [pid 9438] +++ exited with 0 +++ [pid 9436] <... exit_group resumed>) = ? [pid 9436] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9438, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5066] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./41/binderfs" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9436, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5066] <... unlink resumed>) = 0 [pid 5064] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 5067] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, [pid 5067] newfstatat(AT_FDCWD, "./40/file0", [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./40/file0") = 0 [pid 5067] getdents64(3, [pid 5064] unlink("./40/binderfs") = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./40") = 0 [pid 5067] mkdir("./41", 0777) = 0 [ 154.747652][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 154.781008][ T76] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5064] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 9545 ./strace-static-x86_64: Process 9545 attached [pid 9545] set_robust_list(0x555557145760, 24) = 0 [pid 9545] chdir("./41") = 0 [pid 9545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9545] setpgid(0, 0) = 0 [pid 9545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9545] write(3, "1000", 4) = 4 [pid 9545] close(3) = 0 [pid 9545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9545] memfd_create("syzkaller", 0) = 3 [pid 9545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] getdents64(4, [pid 5064] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./40/file0", [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./41/file0" [pid 5064] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5066] close(3) = 0 [pid 5064] newfstatat(4, "", [pid 5066] rmdir("./41" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] mkdir("./42", 0777 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5064] close(4) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] rmdir("./40/file0") = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5066] close(3 [pid 5064] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] rmdir("./40" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./41", 0777./strace-static-x86_64: Process 9547 attached [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9547 [pid 5064] <... mkdir resumed>) = 0 [pid 9547] set_robust_list(0x555557145760, 24 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9547] <... set_robust_list resumed>) = 0 [pid 9547] chdir("./42" [pid 5064] <... openat resumed>) = 3 [pid 9547] <... chdir resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3 [pid 9547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9547] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 9548 attached [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 9548 [pid 9548] set_robust_list(0x555557145760, 24 [pid 9547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9548] <... set_robust_list resumed>) = 0 [pid 9548] chdir("./41" [pid 9547] <... openat resumed>) = 3 [pid 9548] <... chdir resumed>) = 0 [pid 9547] write(3, "1000", 4) = 4 [pid 9547] close(3) = 0 [pid 9547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9548] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9547] memfd_create("syzkaller", 0 [pid 9548] <... prctl resumed>) = 0 [pid 9548] setpgid(0, 0 [pid 9547] <... memfd_create resumed>) = 3 [pid 9548] <... setpgid resumed>) = 0 [pid 9547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9548] <... openat resumed>) = 3 [pid 9548] write(3, "1000", 4) = 4 [pid 9548] close(3 [pid 9511] <... write resumed>) = 16777216 [pid 9548] <... close resumed>) = 0 [pid 9548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9548] memfd_create("syzkaller", 0 [pid 9535] <... write resumed>) = 16777216 [pid 9548] <... memfd_create resumed>) = 3 [pid 9535] munmap(0x7fda9371b000, 138412032 [pid 9511] munmap(0x7fda9371b000, 138412032 [pid 9548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9511] <... munmap resumed>) = 0 [pid 9548] <... mmap resumed>) = 0x7fda9371b000 [pid 9535] <... munmap resumed>) = 0 [pid 9530] <... write resumed>) = 16777216 [pid 9535] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9535] ioctl(4, LOOP_SET_FD, 3 [pid 9530] munmap(0x7fda9371b000, 138412032) = 0 [pid 9511] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9511] ioctl(4, LOOP_SET_FD, 3 [pid 9535] <... ioctl resumed>) = 0 [pid 9530] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 9535] close(3 [pid 9530] <... openat resumed>) = 4 [pid 9535] <... close resumed>) = 0 [pid 9530] ioctl(4, LOOP_SET_FD, 3 [pid 9535] mkdir("./file0", 0777) = 0 [pid 9535] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9511] <... ioctl resumed>) = 0 [pid 9511] close(3) = 0 [ 155.325153][ T9535] loop1: detected capacity change from 0 to 32768 [ 155.344307][ T9511] loop4: detected capacity change from 0 to 32768 [ 155.354639][ T9530] loop5: detected capacity change from 0 to 32768 [pid 9511] mkdir("./file0", 0777) = 0 [pid 9511] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9530] <... ioctl resumed>) = 0 [pid 9530] close(3) = 0 [pid 9530] mkdir("./file0", 0777) = 0 [ 155.377940][ T9535] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9535) [ 155.450838][ T9511] BTRFS: device /dev/loop4 using temp-fsid df08a4ea-2040-4483-8619-2133b0300656 [ 155.472990][ T9535] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 155.483795][ T9511] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9511) [ 155.510017][ T9535] BTRFS info (device loop1): force clearing of disk cache [ 155.522872][ T9535] BTRFS info (device loop1): setting nodatasum [ 155.542583][ T9535] BTRFS info (device loop1): allowing degraded mounts [pid 9530] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 155.553884][ T9530] BTRFS: device /dev/loop5 using temp-fsid a5d05cac-fb9a-4acc-8472-fda96788cfd8 [ 155.567447][ T9511] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 155.592076][ T9535] BTRFS info (device loop1): enabling disk space caching [ 155.600258][ T9530] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9530) [ 155.614000][ T9511] BTRFS info (device loop4): force clearing of disk cache [ 155.630555][ T9535] BTRFS info (device loop1): disk space caching is enabled [ 155.648250][ T9511] BTRFS info (device loop4): setting nodatasum [pid 9547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9545] <... write resumed>) = 16777216 [pid 9545] munmap(0x7fda9371b000, 138412032) = 0 [ 155.670812][ T9530] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 155.683560][ T9511] BTRFS info (device loop4): allowing degraded mounts [ 155.693666][ T9530] BTRFS info (device loop5): force clearing of disk cache [ 155.707409][ T9511] BTRFS info (device loop4): enabling disk space caching [pid 9545] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9545] close(3) = 0 [pid 9545] mkdir("./file0", 0777) = 0 [ 155.739495][ T9530] BTRFS info (device loop5): setting nodatasum [ 155.745813][ T9511] BTRFS info (device loop4): disk space caching is enabled [ 155.764240][ T9545] loop3: detected capacity change from 0 to 32768 [ 155.772336][ T9530] BTRFS info (device loop5): allowing degraded mounts [ 155.822080][ T9530] BTRFS info (device loop5): enabling disk space caching [ 155.837531][ T9545] BTRFS: device /dev/loop3 using temp-fsid 4944522e-bf11-4b83-93ce-f3a7cb773649 [ 155.865344][ T9535] BTRFS info (device loop1): enabling ssd optimizations [ 155.874192][ T9530] BTRFS info (device loop5): disk space caching is enabled [ 155.882314][ T9545] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9545) [ 155.892454][ T9511] BTRFS info (device loop4): enabling ssd optimizations [ 155.902031][ T9535] BTRFS info (device loop1): auto enabling async discard [ 155.910467][ T9535] BTRFS info (device loop1): rebuilding free space tree [ 155.923306][ T9535] BTRFS info (device loop1): disabling free space tree [ 155.931387][ T9535] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 155.932397][ T9545] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 155.941106][ T9535] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9545] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9535] <... mount resumed>) = 0 [ 155.943152][ T9511] BTRFS info (device loop4): auto enabling async discard [ 155.970332][ T9545] BTRFS info (device loop3): force clearing of disk cache [ 155.978032][ T9535] BTRFS info (device loop1): checking UUID tree [ 155.986320][ T9511] BTRFS info (device loop4): rebuilding free space tree [ 155.987336][ T9545] BTRFS info (device loop3): setting nodatasum [ 156.008790][ T9545] BTRFS info (device loop3): allowing degraded mounts [pid 9535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9548] <... write resumed>) = 16777216 [pid 9535] chdir("./file0") = 0 [pid 9535] ioctl(4, LOOP_CLR_FD) = 0 [pid 9535] close(4) = 0 [pid 9535] open("./file0", O_RDONLY) = 4 [pid 9535] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9548] munmap(0x7fda9371b000, 138412032 [pid 9535] <... ioctl resumed>) = 0 [pid 9535] open("./file0", O_RDONLY) = 5 [pid 9535] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9535] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9548] <... munmap resumed>) = 0 [pid 9535] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9535] exit_group(0) = ? [ 156.017189][ T9545] BTRFS info (device loop3): enabling disk space caching [ 156.026174][ T9545] BTRFS info (device loop3): disk space caching is enabled [ 156.034651][ T9511] BTRFS info (device loop4): disabling free space tree [ 156.041799][ T9511] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9548] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9535] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9535, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 9548] <... openat resumed>) = 4 [pid 9548] ioctl(4, LOOP_SET_FD, 3 [pid 5065] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./41/binderfs") = 0 [pid 5065] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9547] <... write resumed>) = 16777216 [pid 9548] <... ioctl resumed>) = 0 [pid 9547] munmap(0x7fda9371b000, 138412032 [pid 9548] close(3) = 0 [pid 9548] mkdir("./file0", 0777) = 0 [ 156.075693][ T76] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 156.088682][ T9548] loop0: detected capacity change from 0 to 32768 [ 156.104487][ T9511] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9548] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9547] <... munmap resumed>) = 0 [pid 9547] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 156.121854][ T9548] BTRFS: device /dev/loop0 using temp-fsid 02050163-6a10-4c25-996a-3187fec1189d [ 156.127902][ T9511] BTRFS info (device loop4): checking UUID tree [ 156.134249][ T9548] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9548) [ 156.138341][ T9547] loop2: detected capacity change from 0 to 32768 [ 156.158326][ T9530] BTRFS info (device loop5): enabling ssd optimizations [ 156.166701][ T9548] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 9547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9511] <... mount resumed>) = 0 [pid 9511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9511] chdir("./file0") = 0 [pid 9511] ioctl(4, LOOP_CLR_FD) = 0 [pid 9511] close(4) = 0 [pid 9511] open("./file0", O_RDONLY [pid 9547] close(3 [pid 9511] <... open resumed>) = 4 [pid 9547] <... close resumed>) = 0 [pid 9511] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9547] mkdir("./file0", 0777) = 0 [pid 9547] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9511] <... ioctl resumed>) = 0 [pid 9511] open("./file0", O_RDONLY) = 5 [pid 9511] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9511] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 156.169923][ T9530] BTRFS info (device loop5): auto enabling async discard [ 156.190825][ T9547] BTRFS: device /dev/loop2 using temp-fsid d4c1eb19-b124-40de-a094-7254f0d3fbdb [ 156.212334][ T9548] BTRFS info (device loop0): force clearing of disk cache [pid 9511] exit_group(0) = ? [pid 9511] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9511, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./41/binderfs") = 0 [ 156.223521][ T9547] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9547) [ 156.239701][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 156.240374][ T9548] BTRFS info (device loop0): setting nodatasum [ 156.264837][ T9548] BTRFS info (device loop0): allowing degraded mounts [pid 5068] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 156.289808][ T9530] BTRFS info (device loop5): rebuilding free space tree [ 156.316198][ T9548] BTRFS info (device loop0): enabling disk space caching [ 156.328848][ T9547] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 156.338317][ T9547] BTRFS info (device loop2): force clearing of disk cache [ 156.340644][ T9530] BTRFS info (device loop5): disabling free space tree [ 156.357416][ T9547] BTRFS info (device loop2): setting nodatasum [ 156.374104][ T9548] BTRFS info (device loop0): disk space caching is enabled [ 156.383348][ T9545] BTRFS info (device loop3): enabling ssd optimizations [pid 5068] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, [pid 5068] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... close resumed>) = 0 [pid 5068] getdents64(4, [pid 5065] rmdir("./41/file0" [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./41/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./41") = 0 [pid 5065] getdents64(3, [pid 5068] mkdir("./42", 0777 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] close(3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9614 attached , child_tidptr=0x555557145750) = 9614 [pid 9614] set_robust_list(0x555557145760, 24) = 0 [pid 5065] <... close resumed>) = 0 [pid 9614] chdir("./42") = 0 [pid 9614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9614] setpgid(0, 0) = 0 [ 156.392364][ T9547] BTRFS info (device loop2): allowing degraded mounts [ 156.410089][ T9530] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 156.410694][ T9545] BTRFS info (device loop3): auto enabling async discard [pid 9614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9614] write(3, "1000", 4) = 4 [pid 9614] close(3) = 0 [pid 5065] rmdir("./41" [pid 9614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9614] memfd_create("syzkaller", 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./42", 0777 [pid 9614] <... memfd_create resumed>) = 3 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... openat resumed>) = 3 [pid 9614] <... mmap resumed>) = 0x7fda9371b000 [ 156.439302][ T9547] BTRFS info (device loop2): enabling disk space caching [ 156.450276][ T9530] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 156.464595][ T9547] BTRFS info (device loop2): disk space caching is enabled [ 156.479034][ T9545] BTRFS info (device loop3): rebuilding free space tree [ 156.518178][ T9545] BTRFS info (device loop3): disabling free space tree [ 156.519490][ T9530] BTRFS info (device loop5): checking UUID tree [ 156.525405][ T9545] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5065] ioctl(3, LOOP_CLR_FD [pid 9530] <... mount resumed>) = 0 [pid 9530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9530] chdir("./file0") = 0 [pid 9530] ioctl(4, LOOP_CLR_FD) = 0 [pid 9530] close(4) = 0 [pid 9530] open("./file0", O_RDONLY) = 4 [ 156.568910][ T9545] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9530] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9530] open("./file0", O_RDONLY) = 5 [pid 9530] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9530] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9545] <... mount resumed>) = 0 [pid 9530] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9530] exit_group(0 [pid 9545] <... openat resumed>) = 3 [pid 9530] <... exit_group resumed>) = ? [pid 9545] chdir("./file0" [pid 9530] +++ exited with 0 +++ [pid 9545] <... chdir resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9530, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- [pid 9545] ioctl(4, LOOP_CLR_FD) = 0 [ 156.629746][ T9545] BTRFS info (device loop3): checking UUID tree [ 156.652459][ T76] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9545] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9545] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9545] open("./file0", O_RDONLY [pid 5069] <... openat resumed>) = 3 [pid 9545] <... open resumed>) = 4 [pid 5069] newfstatat(3, "", [pid 9545] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./41/binderfs") = 0 [pid 5069] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9545] <... ioctl resumed>) = 0 [pid 9545] open("./file0", O_RDONLY) = 5 [pid 9545] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9545] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9545] exit_group(0) = ? [pid 9545] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9545, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./41/binderfs") = 0 [ 156.719874][ T9547] BTRFS info (device loop2): enabling ssd optimizations [ 156.724909][ T9548] BTRFS info (device loop0): enabling ssd optimizations [ 156.726830][ T9547] BTRFS info (device loop2): auto enabling async discard [ 156.759509][ T9547] BTRFS info (device loop2): rebuilding free space tree [ 156.794041][ T2855] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 156.804294][ T9548] BTRFS info (device loop0): auto enabling async discard [ 156.818209][ T9547] BTRFS info (device loop2): disabling free space tree [ 156.832761][ T9548] BTRFS info (device loop0): rebuilding free space tree [ 156.852424][ T9547] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5067] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./41/file0", [pid 5065] <... ioctl resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 5069] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./41/file0", [pid 5067] <... openat resumed>) = 4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 156.903029][ T9548] BTRFS info (device loop0): disabling free space tree [ 156.912643][ T9548] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 156.925233][ T9547] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 156.942620][ T9548] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) ./strace-static-x86_64: Process 9648 attached [pid 5069] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(4, "", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9648 [pid 9648] set_robust_list(0x555557145760, 24 [pid 5069] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 9648] <... set_robust_list resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5067] getdents64(4, [pid 5069] rmdir("./41/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./41") = 0 [pid 5069] mkdir("./42", 0777) = 0 [pid 9648] chdir("./42" [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 9648] <... chdir resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] getdents64(4, ./strace-static-x86_64: Process 9649 attached [pid 9648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 9649] set_robust_list(0x555557145760, 24 [pid 9648] <... prctl resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 9649 [pid 5067] close(4 [pid 9649] <... set_robust_list resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 9648] setpgid(0, 0 [pid 5067] rmdir("./41/file0" [pid 9648] <... setpgid resumed>) = 0 [pid 9649] chdir("./42") = 0 [pid 9649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9649] setpgid(0, 0) = 0 [pid 9649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9649] write(3, "1000", 4) = 4 [pid 9649] close(3 [pid 9648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... rmdir resumed>) = 0 [pid 9649] <... close resumed>) = 0 [pid 9648] <... openat resumed>) = 3 [pid 5067] getdents64(3, [pid 9649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9649] memfd_create("syzkaller", 0) = 3 [pid 9649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9648] write(3, "1000", 4 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9648] <... write resumed>) = 4 [pid 5067] close(3 [pid 9648] close(3 [pid 5067] <... close resumed>) = 0 [pid 9648] <... close resumed>) = 0 [pid 5067] rmdir("./41") = 0 [pid 9648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] mkdir("./42", 0777 [pid 9648] memfd_create("syzkaller", 0 [pid 9548] <... mount resumed>) = 0 [pid 9548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] <... mkdir resumed>) = 0 [pid 9648] <... memfd_create resumed>) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9548] <... openat resumed>) = 3 [pid 5067] <... openat resumed>) = 3 [pid 9548] chdir("./file0" [pid 5067] ioctl(3, LOOP_CLR_FD [pid 9548] <... chdir resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3 [pid 9548] ioctl(4, LOOP_CLR_FD [pid 5067] <... close resumed>) = 0 [pid 9648] <... mmap resumed>) = 0x7fda9371b000 [pid 9548] <... ioctl resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9548] close(4) = 0 [pid 9548] open("./file0", O_RDONLY [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9652 [pid 9548] <... open resumed>) = 4 [ 157.014244][ T9548] BTRFS info (device loop0): checking UUID tree [ 157.021903][ T9547] BTRFS info (device loop2): checking UUID tree [pid 9548] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}./strace-static-x86_64: Process 9652 attached ) = 0 [pid 9652] set_robust_list(0x555557145760, 24) = 0 [pid 9652] chdir("./42") = 0 [pid 9548] open("./file0", O_RDONLY) = 5 [pid 9548] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9547] <... mount resumed>) = 0 [pid 9652] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9547] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9652] <... prctl resumed>) = 0 [pid 9548] <... ioctl resumed>) = 0 [pid 9547] <... openat resumed>) = 3 [pid 9652] setpgid(0, 0 [pid 9548] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9547] chdir("./file0" [pid 9548] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9547] <... chdir resumed>) = 0 [pid 9652] <... setpgid resumed>) = 0 [pid 9548] exit_group(0 [pid 9547] ioctl(4, LOOP_CLR_FD [pid 9548] <... exit_group resumed>) = ? [pid 9652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9548] +++ exited with 0 +++ [pid 9547] <... ioctl resumed>) = 0 [pid 9547] close(4 [pid 9652] <... openat resumed>) = 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9548, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- [pid 9652] write(3, "1000", 4) = 4 [pid 9652] close(3) = 0 [pid 9652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9547] <... close resumed>) = 0 [pid 9652] memfd_create("syzkaller", 0 [pid 5064] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9652] <... memfd_create resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9614] <... write resumed>) = 16777216 [pid 9652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9652] <... mmap resumed>) = 0x7fda9371b000 [pid 9614] munmap(0x7fda9371b000, 138412032 [pid 9547] open("./file0", O_RDONLY [pid 9614] <... munmap resumed>) = 0 [pid 9547] <... open resumed>) = 4 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 9547] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 9614] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9614] <... openat resumed>) = 4 [pid 5064] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./41/binderfs", [pid 9614] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./41/binderfs") = 0 [pid 5064] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9547] <... ioctl resumed>) = 0 [pid 9547] open("./file0", O_RDONLY) = 5 [ 157.132219][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 9547] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9614] <... ioctl resumed>) = 0 [pid 9547] <... ioctl resumed>) = 0 [pid 9547] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9547] exit_group(0 [pid 9614] close(3) = 0 [pid 9547] <... exit_group resumed>) = ? [pid 9614] mkdir("./file0", 0777 [pid 9547] +++ exited with 0 +++ [ 157.209148][ T9614] loop4: detected capacity change from 0 to 32768 [pid 9614] <... mkdir resumed>) = 0 [pid 9614] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9547, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5066] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./42/binderfs") = 0 [ 157.280318][ T9614] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9614) [pid 5066] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5066] getdents64(4, [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./42/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./42") = 0 [pid 5066] mkdir("./43", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(4 [pid 5066] close(3) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9663 attached [pid 5064] rmdir("./41/file0" [pid 9663] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9663 [pid 9663] <... set_robust_list resumed>) = 0 [pid 9663] chdir("./43" [pid 5064] <... rmdir resumed>) = 0 [pid 9663] <... chdir resumed>) = 0 [pid 9663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9663] setpgid(0, 0) = 0 [pid 9663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] getdents64(3, [pid 9663] write(3, "1000", 4) = 4 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9663] close(3) = 0 [pid 9663] symlink("/dev/binderfs", "./binderfs" [pid 5064] close(3 [pid 9663] <... symlink resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 9663] memfd_create("syzkaller", 0 [pid 5064] rmdir("./41") = 0 [pid 9663] <... memfd_create resumed>) = 3 [pid 5064] mkdir("./42", 0777 [pid 9663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 9648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9667 attached , child_tidptr=0x555557145750) = 9667 [pid 9667] set_robust_list(0x555557145760, 24) = 0 [pid 9667] chdir("./42") = 0 [pid 9667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9667] setpgid(0, 0) = 0 [pid 9667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9667] write(3, "1000", 4) = 4 [pid 9667] close(3) = 0 [pid 9667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9667] memfd_create("syzkaller", 0) = 3 [pid 9667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9649] <... write resumed>) = 16777216 [pid 9614] <... mount resumed>) = 0 [pid 9614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9614] chdir("./file0") = 0 [pid 9614] ioctl(4, LOOP_CLR_FD [pid 9649] munmap(0x7fda9371b000, 138412032 [pid 9614] <... ioctl resumed>) = 0 [pid 9614] close(4 [pid 9649] <... munmap resumed>) = 0 [pid 9614] <... close resumed>) = 0 [pid 9614] open("./file0", O_RDONLY) = 4 [pid 9614] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9614] open("./file0", O_RDONLY) = 5 [pid 9649] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 9614] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9649] <... openat resumed>) = 4 [pid 9649] ioctl(4, LOOP_SET_FD, 3 [pid 9614] <... ioctl resumed>) = 0 [pid 9614] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9614] exit_group(0) = ? [pid 9614] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9614, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5068] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9649] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 9649] close(3 [pid 5068] newfstatat(3, "", [pid 9649] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9649] mkdir("./file0", 0777 [ 158.074224][ T9649] loop5: detected capacity change from 0 to 32768 [pid 5068] getdents64(3, [pid 9649] <... mkdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./42/binderfs", [pid 9649] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./42/binderfs") = 0 [pid 5068] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 158.150907][ T9649] BTRFS: device /dev/loop5 using temp-fsid b2cd8d39-0c8f-4a8e-ad62-182ce92fa887 [ 158.188854][ T9649] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9649) [pid 9663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./42/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./42") = 0 [pid 5068] mkdir("./43", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9691 attached [pid 9649] <... mount resumed>) = 0 [pid 9649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9691 [pid 9649] <... openat resumed>) = 3 [pid 9649] chdir("./file0" [pid 9691] set_robust_list(0x555557145760, 24 [pid 9649] <... chdir resumed>) = 0 [pid 9691] <... set_robust_list resumed>) = 0 [pid 9649] ioctl(4, LOOP_CLR_FD [pid 9648] <... write resumed>) = 16777216 [pid 9691] chdir("./43" [pid 9649] <... ioctl resumed>) = 0 [pid 9649] close(4) = 0 [pid 9649] open("./file0", O_RDONLY [pid 9691] <... chdir resumed>) = 0 [pid 9649] <... open resumed>) = 4 [pid 9652] <... write resumed>) = 16777216 [pid 9691] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9649] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9691] <... prctl resumed>) = 0 [pid 9691] setpgid(0, 0) = 0 [pid 9691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9648] munmap(0x7fda9371b000, 138412032 [pid 9649] <... ioctl resumed>) = 0 [pid 9691] write(3, "1000", 4 [pid 9649] open("./file0", O_RDONLY [pid 9691] <... write resumed>) = 4 [pid 9649] <... open resumed>) = 5 [pid 9691] close(3 [pid 9649] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9691] <... close resumed>) = 0 [pid 9649] <... ioctl resumed>) = 0 [pid 9691] symlink("/dev/binderfs", "./binderfs" [pid 9649] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9691] <... symlink resumed>) = 0 [pid 9649] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9648] <... munmap resumed>) = 0 [pid 9691] memfd_create("syzkaller", 0 [pid 9649] exit_group(0 [pid 9691] <... memfd_create resumed>) = 3 [pid 9649] <... exit_group resumed>) = ? [pid 9691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9649] +++ exited with 0 +++ [pid 9691] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9649, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 9663] <... write resumed>) = 16777216 [pid 9648] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9648] ioctl(4, LOOP_SET_FD, 3 [pid 9652] munmap(0x7fda9371b000, 138412032 [pid 9663] munmap(0x7fda9371b000, 138412032 [pid 9652] <... munmap resumed>) = 0 [pid 5069] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9648] <... ioctl resumed>) = 0 [pid 9648] close(3) = 0 [pid 9648] mkdir("./file0", 0777 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9648] <... mkdir resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 9648] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9663] <... munmap resumed>) = 0 [pid 9652] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 158.520342][ T9648] loop1: detected capacity change from 0 to 32768 [ 158.546257][ T9648] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9648) [pid 5069] unlink("./42/binderfs" [pid 9652] <... openat resumed>) = 4 [pid 9652] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... unlink resumed>) = 0 [pid 9663] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9663] <... openat resumed>) = 4 [pid 9663] ioctl(4, LOOP_SET_FD, 3 [pid 9652] <... ioctl resumed>) = 0 [pid 9663] <... ioctl resumed>) = 0 [pid 9652] close(3) = 0 [pid 9652] mkdir("./file0", 0777) = 0 [ 158.580785][ T9652] loop3: detected capacity change from 0 to 32768 [ 158.599308][ T9663] loop2: detected capacity change from 0 to 32768 [pid 9652] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9663] close(3) = 0 [pid 9663] mkdir("./file0", 0777) = 0 [ 158.622350][ T9652] BTRFS: device /dev/loop3 using temp-fsid 8eec67d2-932f-4140-bf88-823947cabb36 [pid 9663] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 158.677366][ T9652] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9652) [pid 9691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9667] <... write resumed>) = 16777216 [pid 9667] munmap(0x7fda9371b000, 138412032) = 0 [pid 9667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9667] close(3) = 0 [pid 9667] mkdir("./file0", 0777) = 0 [pid 9667] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 158.749346][ T9663] BTRFS: device /dev/loop2 using temp-fsid 19e151e6-3214-4c2d-ad16-51278254ce03 [ 158.758505][ T9663] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9663) [ 158.783538][ T9667] loop0: detected capacity change from 0 to 32768 [pid 5069] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./42/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./42") = 0 [pid 5069] mkdir("./43", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9715 attached , child_tidptr=0x555557145750) = 9715 [pid 9715] set_robust_list(0x555557145760, 24) = 0 [pid 9715] chdir("./43") = 0 [pid 9715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9715] setpgid(0, 0) = 0 [pid 9715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9715] write(3, "1000", 4) = 4 [pid 9715] close(3) = 0 [pid 9715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9715] memfd_create("syzkaller", 0) = 3 [pid 9715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 158.826148][ T9667] BTRFS: device /dev/loop0 using temp-fsid 403e5185-d0d6-48d0-b869-31429d7b602a [ 158.859171][ T9667] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9667) [pid 9715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9691] <... write resumed>) = 16777216 [pid 9691] munmap(0x7fda9371b000, 138412032) = 0 [pid 9691] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 9691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9691] close(3 [pid 9648] <... mount resumed>) = 0 [pid 9691] <... close resumed>) = 0 [pid 9648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9691] mkdir("./file0", 0777 [pid 9648] <... openat resumed>) = 3 [pid 9691] <... mkdir resumed>) = 0 [pid 9691] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9648] chdir("./file0") = 0 [pid 9648] ioctl(4, LOOP_CLR_FD) = 0 [ 159.070283][ T9691] loop4: detected capacity change from 0 to 32768 [ 159.103165][ T9691] BTRFS: device /dev/loop4 using temp-fsid 280c64db-4455-49cb-87f1-65d96c84a1a2 [pid 9648] close(4) = 0 [pid 9648] open("./file0", O_RDONLY) = 4 [pid 9648] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9648] open("./file0", O_RDONLY) = 5 [ 159.124878][ T9691] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9691) [pid 9652] <... mount resumed>) = 0 [pid 9648] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9648] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9663] <... mount resumed>) = 0 [pid 9652] chdir("./file0" [pid 9648] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9652] <... chdir resumed>) = 0 [ 159.169494][ T9691] _btrfs_printk: 74 callbacks suppressed [ 159.169507][ T9691] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 159.190028][ T9667] BTRFS info (device loop0): enabling ssd optimizations [ 159.196979][ T9667] BTRFS info (device loop0): auto enabling async discard [pid 9648] exit_group(0 [pid 9663] <... openat resumed>) = 3 [pid 9652] ioctl(4, LOOP_CLR_FD [pid 9648] <... exit_group resumed>) = ? [pid 9715] <... write resumed>) = 16777216 [pid 9663] chdir("./file0" [pid 9652] <... ioctl resumed>) = 0 [pid 9648] +++ exited with 0 +++ [pid 9663] <... chdir resumed>) = 0 [pid 9652] close(4 [pid 9715] munmap(0x7fda9371b000, 138412032 [pid 9652] <... close resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9648, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 9663] ioctl(4, LOOP_CLR_FD [pid 9652] open("./file0", O_RDONLY [pid 9715] <... munmap resumed>) = 0 [pid 9663] <... ioctl resumed>) = 0 [pid 9652] <... open resumed>) = 4 [pid 9663] close(4) = 0 [pid 5065] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9663] open("./file0", O_RDONLY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9663] <... open resumed>) = 4 [pid 9663] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 159.233058][ T9691] BTRFS info (device loop4): force clearing of disk cache [ 159.233646][ T76] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 159.241380][ T9667] BTRFS info (device loop0): rebuilding free space tree [ 159.257248][ T9691] BTRFS info (device loop4): setting nodatasum [ 159.275999][ T9691] BTRFS info (device loop4): allowing degraded mounts [pid 5065] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9652] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 9663] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9715] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 9663] open("./file0", O_RDONLY [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9663] <... open resumed>) = 5 [pid 5065] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9663] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./42/binderfs", [pid 9715] <... openat resumed>) = 4 [pid 9663] <... ioctl resumed>) = 0 [pid 9652] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9652] open("./file0", O_RDONLY) = 5 [pid 9652] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9652] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 159.288599][ T9667] BTRFS info (device loop0): disabling free space tree [ 159.306447][ T9691] BTRFS info (device loop4): enabling disk space caching [ 159.317445][ T9667] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9652] exit_group(0 [pid 9715] ioctl(4, LOOP_SET_FD, 3 [pid 9663] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9652] <... exit_group resumed>) = ? [pid 5065] unlink("./42/binderfs" [pid 9652] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9652, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [pid 9663] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 9663] exit_group(0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9663] <... exit_group resumed>) = ? [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./42/binderfs") = 0 [pid 5067] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9663] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9663, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [ 159.337502][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 159.350596][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 159.360270][ T9691] BTRFS info (device loop4): disk space caching is enabled [ 159.373947][ T9667] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9715] <... ioctl resumed>) = 0 [pid 5066] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9715] close(3 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 9715] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9715] mkdir("./file0", 0777 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9715] <... mkdir resumed>) = 0 [pid 5066] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 159.388911][ T9715] loop5: detected capacity change from 0 to 32768 [pid 5066] newfstatat(AT_FDCWD, "./43/binderfs", [pid 9715] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./43/binderfs") = 0 [pid 5066] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9667] <... mount resumed>) = 0 [ 159.430684][ T9667] BTRFS info (device loop0): checking UUID tree [ 159.443677][ T9715] BTRFS: device /dev/loop5 using temp-fsid d1e0ddd4-b589-4090-b8d7-2d0db0116ca9 [pid 9667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9667] chdir("./file0") = 0 [pid 9667] ioctl(4, LOOP_CLR_FD) = 0 [pid 9667] close(4) = 0 [pid 9667] open("./file0", O_RDONLY) = 4 [ 159.470695][ T9715] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9715) [pid 9667] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9667] open("./file0", O_RDONLY) = 5 [pid 9667] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9667] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9667] exit_group(0) = ? [pid 9667] +++ exited with 0 +++ [ 159.540217][ T9715] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 159.566992][ T9715] BTRFS info (device loop5): force clearing of disk cache [ 159.581262][ T9691] BTRFS info (device loop4): enabling ssd optimizations [pid 5065] <... umount2 resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9667, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 5065] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(3, "", [pid 5065] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(4, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./42/binderfs") = 0 [ 159.588215][ T9691] BTRFS info (device loop4): auto enabling async discard [ 159.608035][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5067] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5067] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./42/file0" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./42/file0", [pid 5066] newfstatat(AT_FDCWD, "./43/file0", [pid 5065] <... rmdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, [pid 5067] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 5067] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [ 159.645236][ T9715] BTRFS info (device loop5): setting nodatasum [ 159.657905][ T9715] BTRFS info (device loop5): allowing degraded mounts [ 159.675948][ T9691] BTRFS info (device loop4): rebuilding free space tree [pid 5065] rmdir("./42" [pid 5067] newfstatat(4, "", [pid 5066] newfstatat(4, "", [pid 5065] <... rmdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5065] mkdir("./43", 0777) = 0 [pid 5067] getdents64(4, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(4, [pid 5067] close(4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5066] close(4 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5067] rmdir("./42/file0" [pid 5066] <... close resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] rmdir("./43/file0" [pid 5065] close(3) = 0 [pid 5067] getdents64(3, [pid 5066] <... rmdir resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [ 159.709449][ T9715] BTRFS info (device loop5): enabling disk space caching [ 159.716656][ T9715] BTRFS info (device loop5): disk space caching is enabled [pid 5066] getdents64(3, [pid 5067] close(3) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 9778 attached [pid 5067] rmdir("./42" [pid 5066] close(3 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9778 [pid 9778] set_robust_list(0x555557145760, 24 [pid 5067] <... rmdir resumed>) = 0 [pid 9778] <... set_robust_list resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 9778] chdir("./43" [pid 5067] mkdir("./43", 0777 [pid 5066] rmdir("./43" [pid 9778] <... chdir resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 9778] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9778] <... prctl resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5066] mkdir("./44", 0777 [pid 9778] setpgid(0, 0) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5066] <... mkdir resumed>) = 0 [pid 9778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 9778] <... openat resumed>) = 3 [pid 9778] write(3, "1000", 4 [pid 5067] close(3 [pid 5066] <... openat resumed>) = 3 [pid 9778] <... write resumed>) = 4 [pid 5067] <... close resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... ioctl resumed>) = 0 [ 159.771599][ T9691] BTRFS info (device loop4): disabling free space tree [ 159.778698][ T9691] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) ./strace-static-x86_64: Process 9786 attached [pid 9778] close(3 [pid 5066] close(3 [pid 9786] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9786 [pid 5066] <... close resumed>) = 0 [pid 9786] <... set_robust_list resumed>) = 0 [pid 9778] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9787 attached [pid 9786] chdir("./43" [pid 9778] symlink("/dev/binderfs", "./binderfs" [pid 9787] set_robust_list(0x555557145760, 24 [pid 9786] <... chdir resumed>) = 0 [pid 9778] <... symlink resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9787 [pid 9787] <... set_robust_list resumed>) = 0 [pid 9786] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9787] chdir("./44" [pid 9786] <... prctl resumed>) = 0 [pid 9787] <... chdir resumed>) = 0 [pid 9786] setpgid(0, 0 [pid 9778] memfd_create("syzkaller", 0 [pid 5064] <... umount2 resumed>) = 0 [pid 9787] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9786] <... setpgid resumed>) = 0 [pid 9787] <... prctl resumed>) = 0 [pid 9778] <... memfd_create resumed>) = 3 [pid 5064] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9787] setpgid(0, 0 [pid 9778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9787] <... setpgid resumed>) = 0 [pid 9786] <... openat resumed>) = 3 [pid 9778] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] newfstatat(AT_FDCWD, "./42/file0", [pid 9787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9786] write(3, "1000", 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9786] <... write resumed>) = 4 [pid 9786] close(3) = 0 [pid 5064] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9786] symlink("/dev/binderfs", "./binderfs" [pid 9787] <... openat resumed>) = 3 [pid 9786] <... symlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9787] write(3, "1000", 4 [pid 9786] memfd_create("syzkaller", 0 [pid 5064] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9787] <... write resumed>) = 4 [pid 5064] <... openat resumed>) = 4 [pid 9787] close(3 [pid 5064] newfstatat(4, "", [pid 9787] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9787] symlink("/dev/binderfs", "./binderfs" [pid 5064] getdents64(4, [pid 9787] <... symlink resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 9787] memfd_create("syzkaller", 0 [pid 5064] getdents64(4, [pid 9787] <... memfd_create resumed>) = 3 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [ 159.850893][ T9691] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 159.871590][ T9691] BTRFS info (device loop4): checking UUID tree [pid 9787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] close(4 [pid 9787] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] <... close resumed>) = 0 [pid 9786] <... memfd_create resumed>) = 3 [pid 5064] rmdir("./42/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./42") = 0 [pid 5064] mkdir("./43", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 9786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 9798 ./strace-static-x86_64: Process 9798 attached [pid 9786] <... mmap resumed>) = 0x7fda9371b000 [pid 9798] set_robust_list(0x555557145760, 24) = 0 [pid 9691] <... mount resumed>) = 0 [pid 9798] chdir("./43") = 0 [ 159.945377][ T9715] BTRFS info (device loop5): enabling ssd optimizations [ 159.958232][ T9715] BTRFS info (device loop5): auto enabling async discard [ 159.969087][ T9715] BTRFS info (device loop5): rebuilding free space tree [ 159.986651][ T9715] BTRFS info (device loop5): disabling free space tree [pid 9798] prctl(PR_SET_PDEATHSIG, SIGKILL [ 159.994866][ T9715] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9798] <... prctl resumed>) = 0 [pid 9691] <... openat resumed>) = 3 [pid 9691] chdir("./file0" [pid 9798] setpgid(0, 0) = 0 [pid 9798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9691] <... chdir resumed>) = 0 [pid 9798] <... openat resumed>) = 3 [pid 9798] write(3, "1000", 4 [pid 9691] ioctl(4, LOOP_CLR_FD [pid 9798] <... write resumed>) = 4 [pid 9691] <... ioctl resumed>) = 0 [pid 9798] close(3 [pid 9691] close(4) = 0 [pid 9691] open("./file0", O_RDONLY [pid 9798] <... close resumed>) = 0 [pid 9691] <... open resumed>) = 4 [ 160.039724][ T9715] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9798] memfd_create("syzkaller", 0 [pid 9691] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9798] <... memfd_create resumed>) = 3 [pid 9798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9691] <... ioctl resumed>) = 0 [pid 9691] open("./file0", O_RDONLY) = 5 [ 160.162018][ T9715] BTRFS info (device loop5): checking UUID tree [pid 9691] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9691] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9691] exit_group(0) = ? [pid 9691] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9691, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [pid 5068] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 160.203307][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 9715] <... mount resumed>) = 0 [pid 9715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9715] chdir("./file0") = 0 [pid 9715] ioctl(4, LOOP_CLR_FD) = 0 [pid 9715] close(4) = 0 [pid 9715] open("./file0", O_RDONLY [pid 5068] getdents64(3, [pid 9715] <... open resumed>) = 4 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9715] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./43/binderfs") = 0 [pid 5068] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9715] <... ioctl resumed>) = 0 [pid 9715] open("./file0", O_RDONLY) = 5 [pid 9715] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9715] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9715] exit_group(0) = ? [pid 9715] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9715, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- [pid 5069] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./43/binderfs") = 0 [ 160.414208][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./43/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5068] <... umount2 resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./43") = 0 [pid 5068] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] mkdir("./44", 0777 [pid 5068] newfstatat(AT_FDCWD, "./43/file0", [pid 5069] <... mkdir resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5069] close(3 [pid 5068] newfstatat(4, "", [pid 5069] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 9802 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./43/file0") = 0 ./strace-static-x86_64: Process 9802 attached [pid 5068] getdents64(3, [pid 9802] set_robust_list(0x555557145760, 24 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9802] <... set_robust_list resumed>) = 0 [pid 9802] chdir("./44" [pid 5068] close(3 [pid 9802] <... chdir resumed>) = 0 [pid 9802] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... close resumed>) = 0 [pid 9802] <... prctl resumed>) = 0 [pid 9802] setpgid(0, 0 [pid 5068] rmdir("./43" [pid 9802] <... setpgid resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 9802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] mkdir("./44", 0777) = 0 [pid 9802] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9802] write(3, "1000", 4 [pid 5068] <... openat resumed>) = 3 [pid 9802] <... write resumed>) = 4 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 9802] close(3 [pid 5068] <... ioctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 9802] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9803 [pid 9802] memfd_create("syzkaller", 0./strace-static-x86_64: Process 9803 attached ) = 3 [pid 9803] set_robust_list(0x555557145760, 24 [pid 9802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9803] <... set_robust_list resumed>) = 0 [pid 9802] <... mmap resumed>) = 0x7fda9371b000 [pid 9803] chdir("./44") = 0 [pid 9803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9803] setpgid(0, 0) = 0 [pid 9803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9803] write(3, "1000", 4) = 4 [pid 9803] close(3) = 0 [pid 9803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9803] memfd_create("syzkaller", 0) = 3 [pid 9803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9787] <... write resumed>) = 16777216 [pid 9787] munmap(0x7fda9371b000, 138412032) = 0 [pid 9786] <... write resumed>) = 16777216 [pid 9787] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 9787] ioctl(4, LOOP_SET_FD, 3 [pid 9786] munmap(0x7fda9371b000, 138412032 [pid 9787] <... ioctl resumed>) = 0 [pid 9778] <... write resumed>) = 16777216 [pid 9787] close(3 [pid 9786] <... munmap resumed>) = 0 [pid 9778] munmap(0x7fda9371b000, 138412032 [pid 9787] <... close resumed>) = 0 [pid 9787] mkdir("./file0", 0777) = 0 [pid 9786] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9778] <... munmap resumed>) = 0 [pid 9786] <... openat resumed>) = 4 [ 161.135391][ T9787] loop2: detected capacity change from 0 to 32768 [ 161.170498][ T9786] loop3: detected capacity change from 0 to 32768 [pid 9786] ioctl(4, LOOP_SET_FD, 3 [pid 9787] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9786] <... ioctl resumed>) = 0 [pid 9778] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9786] close(3 [pid 9778] <... openat resumed>) = 4 [pid 9786] <... close resumed>) = 0 [pid 9778] ioctl(4, LOOP_SET_FD, 3 [pid 9786] mkdir("./file0", 0777) = 0 [pid 9803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 161.201836][ T9787] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9787) [ 161.220292][ T9778] loop1: detected capacity change from 0 to 32768 [pid 9786] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9778] <... ioctl resumed>) = 0 [pid 9778] close(3 [pid 9798] <... write resumed>) = 16777216 [pid 9778] <... close resumed>) = 0 [pid 9798] munmap(0x7fda9371b000, 138412032 [pid 9778] mkdir("./file0", 0777 [pid 9802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9778] <... mkdir resumed>) = 0 [ 161.250101][ T9787] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.259549][ T9786] BTRFS: device /dev/loop3 using temp-fsid 2f2e4c92-b816-45f0-8110-80bae9cc1f98 [ 161.279188][ T9787] BTRFS info (device loop2): force clearing of disk cache [pid 9778] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9798] <... munmap resumed>) = 0 [pid 9798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9798] close(3) = 0 [pid 9798] mkdir("./file0", 0777) = 0 [ 161.288358][ T9786] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9786) [ 161.301688][ T9798] loop0: detected capacity change from 0 to 32768 [ 161.318833][ T9787] BTRFS info (device loop2): setting nodatasum [ 161.325377][ T9787] BTRFS info (device loop2): allowing degraded mounts [ 161.340460][ T9778] BTRFS: device /dev/loop1 using temp-fsid b54d202e-3a02-437f-b91c-6fbb6cd0e01c [ 161.350882][ T9787] BTRFS info (device loop2): enabling disk space caching [ 161.358082][ T9787] BTRFS info (device loop2): disk space caching is enabled [ 161.372926][ T9786] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.383508][ T9778] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9778) [ 161.396505][ T9786] BTRFS info (device loop3): force clearing of disk cache [ 161.407047][ T9786] BTRFS info (device loop3): setting nodatasum [ 161.413387][ T9786] BTRFS info (device loop3): allowing degraded mounts [ 161.422264][ T9786] BTRFS info (device loop3): enabling disk space caching [ 161.432735][ T9786] BTRFS info (device loop3): disk space caching is enabled [ 161.451143][ T9798] BTRFS: device /dev/loop0 using temp-fsid 86321f9a-d76b-4373-9a0c-1aed36188f1f [ 161.451267][ T9778] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.489563][ T9778] BTRFS info (device loop1): force clearing of disk cache [ 161.496697][ T9778] BTRFS info (device loop1): setting nodatasum [ 161.499272][ T9798] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9798) [ 161.502905][ T9778] BTRFS info (device loop1): allowing degraded mounts [ 161.538840][ T9778] BTRFS info (device loop1): enabling disk space caching [ 161.544069][ T9787] BTRFS info (device loop2): enabling ssd optimizations [ 161.545961][ T9798] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.562169][ T9778] BTRFS info (device loop1): disk space caching is enabled [ 161.580136][ T9787] BTRFS info (device loop2): auto enabling async discard [ 161.593563][ T9786] BTRFS info (device loop3): enabling ssd optimizations [ 161.600785][ T9798] BTRFS info (device loop0): force clearing of disk cache [ 161.600948][ T9786] BTRFS info (device loop3): auto enabling async discard [ 161.609903][ T9798] BTRFS info (device loop0): setting nodatasum [ 161.622062][ T9787] BTRFS info (device loop2): rebuilding free space tree [ 161.626479][ T9798] BTRFS info (device loop0): allowing degraded mounts [ 161.644768][ T9798] BTRFS info (device loop0): enabling disk space caching [ 161.652456][ T9786] BTRFS info (device loop3): rebuilding free space tree [ 161.669261][ T9798] BTRFS info (device loop0): disk space caching is enabled [ 161.683239][ T9787] BTRFS info (device loop2): disabling free space tree [ 161.694545][ T9786] BTRFS info (device loop3): disabling free space tree [ 161.702252][ T9787] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 161.712154][ T9787] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 161.720891][ T9786] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 161.725309][ T9787] BTRFS info (device loop2): checking UUID tree [pid 9798] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9803] <... write resumed>) = 16777216 [pid 9803] munmap(0x7fda9371b000, 138412032 [pid 9787] <... mount resumed>) = 0 [pid 9803] <... munmap resumed>) = 0 [pid 9787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9787] chdir("./file0") = 0 [pid 9803] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 9802] <... write resumed>) = 16777216 [pid 9787] ioctl(4, LOOP_CLR_FD [pid 9803] <... openat resumed>) = 4 [pid 9802] munmap(0x7fda9371b000, 138412032 [pid 9787] <... ioctl resumed>) = 0 [ 161.752195][ T9786] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 161.763855][ T9778] BTRFS info (device loop1): enabling ssd optimizations [ 161.777073][ T9778] BTRFS info (device loop1): auto enabling async discard [ 161.781540][ T9786] BTRFS info (device loop3): checking UUID tree [ 161.793021][ T9778] BTRFS info (device loop1): rebuilding free space tree [pid 9803] ioctl(4, LOOP_SET_FD, 3 [pid 9787] close(4 [pid 9786] <... mount resumed>) = 0 [pid 9787] <... close resumed>) = 0 [pid 9786] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9787] open("./file0", O_RDONLY [pid 9786] <... openat resumed>) = 3 [pid 9787] <... open resumed>) = 4 [pid 9786] chdir("./file0" [pid 9787] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9786] <... chdir resumed>) = 0 [pid 9786] ioctl(4, LOOP_CLR_FD) = 0 [pid 9786] close(4) = 0 [pid 9786] open("./file0", O_RDONLY) = 4 [pid 9786] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9802] <... munmap resumed>) = 0 [pid 9787] <... ioctl resumed>) = 0 [pid 9786] open("./file0", O_RDONLY) = 5 [pid 9786] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9787] open("./file0", O_RDONLY) = 5 [pid 9787] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9787] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9787] exit_group(0 [pid 9803] <... ioctl resumed>) = 0 [pid 9787] <... exit_group resumed>) = ? [pid 9786] <... ioctl resumed>) = 0 [pid 9786] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9786] exit_group(0 [pid 9803] close(3 [pid 9787] +++ exited with 0 +++ [pid 9786] <... exit_group resumed>) = ? [ 161.802472][ T9803] loop4: detected capacity change from 0 to 32768 [ 161.811355][ T9798] BTRFS info (device loop0): enabling ssd optimizations [ 161.831316][ T9778] BTRFS info (device loop1): disabling free space tree [ 161.838516][ T9798] BTRFS info (device loop0): auto enabling async discard [pid 9803] <... close resumed>) = 0 [pid 9786] +++ exited with 0 +++ [pid 9803] mkdir("./file0", 0777) = 0 [pid 9803] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9787, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9786, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5066] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9802] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9802] <... openat resumed>) = 4 [pid 5066] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 161.848880][ T9778] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 161.864506][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 161.868970][ T9778] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 161.873796][ T9803] BTRFS: device /dev/loop4 using temp-fsid b1a440aa-b7c6-4732-ac26-3ba848457a2e [pid 9802] ioctl(4, LOOP_SET_FD, 3 [pid 5067] getdents64(3, [pid 5066] getdents64(3, [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5067] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./43/binderfs" [pid 5066] unlink("./44/binderfs" [pid 5067] <... unlink resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5067] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 161.899463][ T9798] BTRFS info (device loop0): rebuilding free space tree [ 161.907160][ T9802] loop5: detected capacity change from 0 to 32768 [ 161.921744][ T9803] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9803) [ 161.921867][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 161.944682][ T9778] BTRFS info (device loop1): checking UUID tree [pid 5066] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9802] <... ioctl resumed>) = 0 [pid 9778] <... mount resumed>) = 0 [pid 9778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9802] close(3 [pid 9778] chdir("./file0") = 0 [pid 9778] ioctl(4, LOOP_CLR_FD) = 0 [pid 9802] <... close resumed>) = 0 [pid 9778] close(4 [pid 9802] mkdir("./file0", 0777 [pid 9778] <... close resumed>) = 0 [pid 9778] open("./file0", O_RDONLY [pid 9802] <... mkdir resumed>) = 0 [pid 9778] <... open resumed>) = 4 [ 161.951893][ T9798] BTRFS info (device loop0): disabling free space tree [ 161.953072][ T9803] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.963415][ T9798] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 161.981709][ T9803] BTRFS info (device loop4): force clearing of disk cache [ 161.989997][ T9803] BTRFS info (device loop4): setting nodatasum [ 161.996742][ T9803] BTRFS info (device loop4): allowing degraded mounts [pid 9802] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9778] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9778] open("./file0", O_RDONLY) = 5 [pid 9778] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9778] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9778] exit_group(0) = ? [pid 9778] +++ exited with 0 +++ [ 162.009333][ T9803] BTRFS info (device loop4): enabling disk space caching [ 162.018615][ T9802] BTRFS: device /dev/loop5 using temp-fsid e54cb9b3-58d9-462a-aef5-9060a6d84d28 [ 162.032273][ T9802] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9802) [ 162.044106][ T9798] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9778, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.053033][ T9803] BTRFS info (device loop4): disk space caching is enabled [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [ 162.097539][ T9802] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 162.117341][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./43/file0", [pid 5065] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] unlink("./43/binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... unlink resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] newfstatat(4, "", [pid 5066] getdents64(4, [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5067] getdents64(4, [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./44/file0" [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... rmdir resumed>) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(3, [pid 5067] close(4 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... close resumed>) = 0 [pid 9798] <... mount resumed>) = 0 [pid 5067] rmdir("./43/file0" [pid 5066] close(3 [pid 9798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 9798] <... openat resumed>) = 3 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] rmdir("./44" [pid 9798] chdir("./file0" [pid 5066] <... rmdir resumed>) = 0 [pid 9798] <... chdir resumed>) = 0 [pid 5066] mkdir("./45", 0777 [pid 9798] ioctl(4, LOOP_CLR_FD [pid 5067] getdents64(3, [pid 5066] <... mkdir resumed>) = 0 [pid 9798] <... ioctl resumed>) = 0 [pid 9798] close(4 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] close(3 [pid 9798] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 9798] open("./file0", O_RDONLY [pid 5067] rmdir("./43" [pid 5066] ioctl(3, LOOP_CLR_FD [pid 9798] <... open resumed>) = 4 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5067] mkdir("./44", 0777 [pid 5066] close(3) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9798] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 9885 attached ) = 3 [pid 9885] set_robust_list(0x555557145760, 24 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 9885] <... set_robust_list resumed>) = 0 [pid 9798] <... ioctl resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9885 [pid 9885] chdir("./45" [pid 9798] open("./file0", O_RDONLY [pid 5067] close(3 [pid 9885] <... chdir resumed>) = 0 [pid 9885] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9798] <... open resumed>) = 5 [pid 5067] <... close resumed>) = 0 [pid 9885] <... prctl resumed>) = 0 [pid 9798] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9885] setpgid(0, 0 [pid 9798] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 9888 attached [pid 9885] <... setpgid resumed>) = 0 [pid 9798] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9888 [pid 9885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9798] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9888] set_robust_list(0x555557145760, 24 [pid 9798] exit_group(0 [pid 9885] <... openat resumed>) = 3 [pid 9888] <... set_robust_list resumed>) = 0 [pid 9885] write(3, "1000", 4 [pid 9798] <... exit_group resumed>) = ? [pid 9888] chdir("./44" [pid 9885] <... write resumed>) = 4 [pid 9798] +++ exited with 0 +++ [pid 9888] <... chdir resumed>) = 0 [pid 9885] close(3 [pid 9888] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9885] <... close resumed>) = 0 [pid 9888] <... prctl resumed>) = 0 [pid 9885] symlink("/dev/binderfs", "./binderfs" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9798, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 9888] setpgid(0, 0 [pid 9885] <... symlink resumed>) = 0 [pid 9888] <... setpgid resumed>) = 0 [pid 9885] memfd_create("syzkaller", 0 [pid 5064] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9885] <... memfd_create resumed>) = 3 [pid 9888] <... openat resumed>) = 3 [pid 9885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9888] write(3, "1000", 4 [pid 9885] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9888] <... write resumed>) = 4 [pid 9888] close(3 [pid 5064] <... openat resumed>) = 3 [pid 9888] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 9888] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9888] <... symlink resumed>) = 0 [pid 5064] getdents64(3, [pid 9888] memfd_create("syzkaller", 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9888] <... memfd_create resumed>) = 3 [pid 5064] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] unlink("./43/binderfs" [pid 9888] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./43/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./43") = 0 [pid 5065] mkdir("./44", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9903 attached [pid 9903] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9903 [pid 9903] <... set_robust_list resumed>) = 0 [pid 9903] chdir("./44") = 0 [pid 9903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9903] setpgid(0, 0) = 0 [pid 9903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9903] write(3, "1000", 4) = 4 [pid 9903] close(3) = 0 [pid 9803] <... mount resumed>) = 0 [pid 9802] <... mount resumed>) = 0 [pid 9903] symlink("/dev/binderfs", "./binderfs" [pid 9803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9803] <... openat resumed>) = 3 [pid 9802] <... openat resumed>) = 3 [pid 9903] <... symlink resumed>) = 0 [pid 9803] chdir("./file0" [pid 9802] chdir("./file0" [pid 9803] <... chdir resumed>) = 0 [pid 9802] <... chdir resumed>) = 0 [pid 9803] ioctl(4, LOOP_CLR_FD [pid 9802] ioctl(4, LOOP_CLR_FD [pid 9803] <... ioctl resumed>) = 0 [pid 9802] <... ioctl resumed>) = 0 [pid 9803] close(4 [pid 9802] close(4 [pid 9803] <... close resumed>) = 0 [pid 9802] <... close resumed>) = 0 [pid 9803] open("./file0", O_RDONLY [pid 9802] open("./file0", O_RDONLY [pid 9903] memfd_create("syzkaller", 0 [pid 9803] <... open resumed>) = 4 [pid 9802] <... open resumed>) = 4 [pid 9803] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9802] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9803] <... ioctl resumed>) = 0 [pid 9803] open("./file0", O_RDONLY [pid 9903] <... memfd_create resumed>) = 3 [pid 9803] <... open resumed>) = 5 [pid 9903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9803] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9903] <... mmap resumed>) = 0x7fda9371b000 [pid 9803] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9802] <... ioctl resumed>) = 0 [pid 9803] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9803] exit_group(0) = ? [pid 9803] +++ exited with 0 +++ [pid 9802] open("./file0", O_RDONLY) = 5 [pid 9802] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9803, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- [pid 9802] <... ioctl resumed>) = 0 [pid 9802] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9802] exit_group(0) = ? [pid 9802] +++ exited with 0 +++ [pid 5068] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9802, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(3, "", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 5069] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... openat resumed>) = 3 [pid 5068] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(3, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5069] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./44/binderfs") = 0 [pid 5068] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./44/binderfs") = 0 [pid 5069] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./43/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./43") = 0 [pid 5064] mkdir("./44", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 9908 ./strace-static-x86_64: Process 9908 attached [pid 9908] set_robust_list(0x555557145760, 24) = 0 [pid 9908] chdir("./44") = 0 [pid 9888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9908] setpgid(0, 0) = 0 [pid 9908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9908] write(3, "1000", 4) = 4 [pid 9908] close(3) = 0 [pid 9908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9908] memfd_create("syzkaller", 0) = 3 [pid 9908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... umount2 resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5069] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./44/file0", [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] close(4 [pid 5069] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./44/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(3 [pid 5069] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./44" [pid 5069] <... openat resumed>) = 4 [pid 5068] <... rmdir resumed>) = 0 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] mkdir("./45", 0777 [pid 5069] getdents64(4, [pid 5068] <... mkdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] close(4) = 0 ./strace-static-x86_64: Process 9910 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 9910 [pid 5069] rmdir("./44/file0" [pid 9910] set_robust_list(0x555557145760, 24 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, [pid 9910] <... set_robust_list resumed>) = 0 [pid 9910] chdir("./45" [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 9910] <... chdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 9910] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] rmdir("./44" [pid 9910] <... prctl resumed>) = 0 [pid 9910] setpgid(0, 0) = 0 [pid 9910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9910] write(3, "1000", 4) = 4 [pid 9910] close(3) = 0 [pid 9910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9910] memfd_create("syzkaller", 0) = 3 [pid 9910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./45", 0777 [pid 9903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9911 attached [pid 9911] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 9911 [pid 9911] <... set_robust_list resumed>) = 0 [pid 9911] chdir("./45") = 0 [pid 9911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9911] setpgid(0, 0) = 0 [pid 9911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9911] write(3, "1000", 4) = 4 [pid 9911] close(3) = 0 [pid 9911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9911] memfd_create("syzkaller", 0) = 3 [pid 9911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9885] <... write resumed>) = 16777216 [pid 9885] munmap(0x7fda9371b000, 138412032) = 0 [pid 9885] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 163.296557][ T9885] loop2: detected capacity change from 0 to 32768 [pid 9885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9885] close(3) = 0 [pid 9885] mkdir("./file0", 0777 [pid 9910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9885] <... mkdir resumed>) = 0 [pid 9885] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 163.391769][ T9885] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9885) [pid 9908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9888] <... write resumed>) = 16777216 [pid 9885] <... mount resumed>) = 0 [pid 9888] munmap(0x7fda9371b000, 138412032 [pid 9885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9885] chdir("./file0") = 0 [pid 9911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9888] <... munmap resumed>) = 0 [pid 9885] ioctl(4, LOOP_CLR_FD) = 0 [pid 9888] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 9885] close(4 [pid 9888] <... openat resumed>) = 4 [pid 9885] <... close resumed>) = 0 [pid 9888] ioctl(4, LOOP_SET_FD, 3 [pid 9885] open("./file0", O_RDONLY) = 4 [pid 9885] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9888] <... ioctl resumed>) = 0 [pid 9888] close(3) = 0 [ 163.739951][ T9888] loop3: detected capacity change from 0 to 32768 [pid 9888] mkdir("./file0", 0777) = 0 [pid 9885] <... ioctl resumed>) = 0 [pid 9888] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9885] open("./file0", O_RDONLY) = 5 [pid 9885] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9885] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9885] exit_group(0) = ? [pid 9885] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9885, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5066] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9903] <... write resumed>) = 16777216 [pid 5066] unlink("./45/binderfs") = 0 [ 163.789951][ T9888] BTRFS: device /dev/loop3 using temp-fsid 764b0f5f-6d2b-414f-ba05-5843b4ca1ef6 [ 163.809497][ T9888] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9888) [pid 9903] munmap(0x7fda9371b000, 138412032) = 0 [pid 5066] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9903] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 9903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9903] close(3) = 0 [pid 9903] mkdir("./file0", 0777 [pid 9910] <... write resumed>) = 16777216 [pid 9903] <... mkdir resumed>) = 0 [pid 9910] munmap(0x7fda9371b000, 138412032 [pid 9903] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9910] <... munmap resumed>) = 0 [pid 9910] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 163.901522][ T9903] loop1: detected capacity change from 0 to 32768 [ 163.919236][ T9903] BTRFS: device /dev/loop1 using temp-fsid fc0605cd-7548-48f1-b100-49ab51766f05 [ 163.928308][ T9903] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9903) [pid 9910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9910] close(3) = 0 [pid 9910] mkdir("./file0", 0777) = 0 [pid 9908] <... write resumed>) = 16777216 [ 163.982826][ T9910] loop4: detected capacity change from 0 to 32768 [pid 9910] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./45/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 9908] munmap(0x7fda9371b000, 138412032 [pid 5066] <... close resumed>) = 0 [pid 9908] <... munmap resumed>) = 0 [pid 5066] rmdir("./45") = 0 [pid 9911] <... write resumed>) = 16777216 [pid 5066] mkdir("./46", 0777 [pid 9911] munmap(0x7fda9371b000, 138412032 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [ 164.046263][ T9910] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (9910) [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9908] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 9960 attached ) = 4 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 9960 [pid 9908] ioctl(4, LOOP_SET_FD, 3 [pid 9911] <... munmap resumed>) = 0 [pid 9911] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 9960] set_robust_list(0x555557145760, 24 [pid 9908] <... ioctl resumed>) = 0 [pid 9903] <... mount resumed>) = 0 [pid 9888] <... mount resumed>) = 0 [pid 9960] <... set_robust_list resumed>) = 0 [pid 9908] close(3 [pid 9903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 9960] chdir("./46" [pid 9911] <... openat resumed>) = 4 [pid 9908] <... close resumed>) = 0 [pid 9903] <... openat resumed>) = 3 [pid 9888] <... openat resumed>) = 3 [pid 9960] <... chdir resumed>) = 0 [pid 9911] ioctl(4, LOOP_SET_FD, 3 [pid 9908] mkdir("./file0", 0777 [pid 9903] chdir("./file0" [pid 9888] chdir("./file0" [pid 9960] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9908] <... mkdir resumed>) = 0 [pid 9903] <... chdir resumed>) = 0 [pid 9888] <... chdir resumed>) = 0 [pid 9960] <... prctl resumed>) = 0 [pid 9888] ioctl(4, LOOP_CLR_FD [pid 9960] setpgid(0, 0 [pid 9888] <... ioctl resumed>) = 0 [pid 9960] <... setpgid resumed>) = 0 [pid 9903] ioctl(4, LOOP_CLR_FD [pid 9888] close(4 [pid 9960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9908] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9903] <... ioctl resumed>) = 0 [pid 9888] <... close resumed>) = 0 [pid 9960] <... openat resumed>) = 3 [pid 9888] open("./file0", O_RDONLY [pid 9960] write(3, "1000", 4 [pid 9903] close(4 [pid 9888] <... open resumed>) = 4 [pid 9960] <... write resumed>) = 4 [pid 9903] <... close resumed>) = 0 [pid 9960] close(3) = 0 [pid 9903] open("./file0", O_RDONLY [ 164.109914][ T9908] loop0: detected capacity change from 0 to 32768 [ 164.130001][ T9911] loop5: detected capacity change from 0 to 32768 [ 164.135921][ T9908] BTRFS: device /dev/loop0 using temp-fsid 4a7c3da0-c964-4989-82cc-8c0890a05f82 [pid 9888] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9960] symlink("/dev/binderfs", "./binderfs" [pid 9903] <... open resumed>) = 4 [pid 9903] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 9960] <... symlink resumed>) = 0 [pid 9888] <... ioctl resumed>) = 0 [pid 9960] memfd_create("syzkaller", 0 [pid 9888] open("./file0", O_RDONLY) = 5 [pid 9888] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9960] <... memfd_create resumed>) = 3 [pid 9960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9888] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 9960] <... mmap resumed>) = 0x7fda9371b000 [pid 9911] <... ioctl resumed>) = 0 [pid 9903] <... ioctl resumed>) = 0 [pid 9888] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9911] close(3 [ 164.149231][ T9908] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (9908) [pid 9903] open("./file0", O_RDONLY [pid 9911] <... close resumed>) = 0 [pid 9903] <... open resumed>) = 5 [pid 9903] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 9888] exit_group(0 [pid 9911] mkdir("./file0", 0777 [pid 9888] <... exit_group resumed>) = ? [pid 9911] <... mkdir resumed>) = 0 [pid 9888] +++ exited with 0 +++ [pid 9911] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9888, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 9903] <... ioctl resumed>) = 0 [pid 5067] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9903] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 9903] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... openat resumed>) = 3 [pid 9903] exit_group(0 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 164.182277][ T9908] _btrfs_printk: 69 callbacks suppressed [ 164.182288][ T9908] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 164.216264][ T9911] BTRFS: device /dev/loop5 using temp-fsid 3494e588-99f3-4d70-ae15-240bdf6a73ec [pid 9903] <... exit_group resumed>) = ? [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 9903] +++ exited with 0 +++ [pid 5067] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9903, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5065] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./44/binderfs" [pid 5067] unlink("./44/binderfs" [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... unlink resumed>) = 0 [ 164.247095][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 164.266392][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 164.273322][ T9911] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (9911) [ 164.278838][ T9908] BTRFS info (device loop0): force clearing of disk cache [ 164.321876][ T9911] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 164.324697][ T9908] BTRFS info (device loop0): setting nodatasum [ 164.338822][ T9911] BTRFS info (device loop5): force clearing of disk cache [ 164.347908][ T9908] BTRFS info (device loop0): allowing degraded mounts [ 164.359953][ T9908] BTRFS info (device loop0): enabling disk space caching [ 164.375709][ T9910] BTRFS info (device loop4): enabling ssd optimizations [ 164.384187][ T9908] BTRFS info (device loop0): disk space caching is enabled [ 164.398799][ T9911] BTRFS info (device loop5): setting nodatasum [ 164.401800][ T9910] BTRFS info (device loop4): auto enabling async discard [ 164.405159][ T9911] BTRFS info (device loop5): allowing degraded mounts [pid 5067] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5067] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./44/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./44") = 0 [pid 5067] mkdir("./45", 0777) = 0 [ 164.425990][ T9910] BTRFS info (device loop4): rebuilding free space tree [ 164.439198][ T9911] BTRFS info (device loop5): enabling disk space caching [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5065] <... umount2 resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5065] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] close(3 [pid 5065] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 9987 [pid 5065] rmdir("./44/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./44"./strace-static-x86_64: Process 9987 attached ) = 0 [pid 9987] set_robust_list(0x555557145760, 24) = 0 [ 164.473751][ T9911] BTRFS info (device loop5): disk space caching is enabled [pid 9987] chdir("./45" [pid 5065] mkdir("./45", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 9987] <... chdir resumed>) = 0 [pid 9987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9987] setpgid(0, 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 9996 [pid 9987] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 9996 attached [pid 9996] set_robust_list(0x555557145760, 24) = 0 [pid 9996] chdir("./45") = 0 [pid 9996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9996] setpgid(0, 0) = 0 [pid 9996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9996] write(3, "1000", 4) = 4 [pid 9996] close(3) = 0 [pid 9996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9996] memfd_create("syzkaller", 0) = 3 [pid 9996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9996] <... mmap resumed>) = 0x7fda9371b000 [pid 9987] write(3, "1000", 4) = 4 [ 164.518235][ T9910] BTRFS info (device loop4): disabling free space tree [ 164.532193][ T9910] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9987] close(3) = 0 [pid 9987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9987] memfd_create("syzkaller", 0) = 3 [pid 9987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 164.558872][ T9910] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 164.594814][ T9910] BTRFS info (device loop4): checking UUID tree [ 164.628493][ T9908] BTRFS info (device loop0): enabling ssd optimizations [ 164.670364][ T9908] BTRFS info (device loop0): auto enabling async discard [ 164.689150][ T9911] BTRFS info (device loop5): enabling ssd optimizations [ 164.696097][ T9911] BTRFS info (device loop5): auto enabling async discard [pid 9960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 9910] <... mount resumed>) = 0 [pid 9910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9910] chdir("./file0") = 0 [pid 9910] ioctl(4, LOOP_CLR_FD) = 0 [pid 9910] close(4) = 0 [pid 9910] open("./file0", O_RDONLY) = 4 [pid 9910] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 164.732005][ T9908] BTRFS info (device loop0): rebuilding free space tree [pid 9910] open("./file0", O_RDONLY) = 5 [pid 9910] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9910] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9910] exit_group(0) = ? [pid 9910] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9910, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5068] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 164.774212][ T9911] BTRFS info (device loop5): rebuilding free space tree [ 164.782547][ T9908] BTRFS info (device loop0): disabling free space tree [ 164.801688][ T42] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./45/binderfs") = 0 [ 164.825303][ T9911] BTRFS info (device loop5): disabling free space tree [ 164.826934][ T9908] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 164.878893][ T9908] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 164.878897][ T9911] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 164.910791][ T9908] BTRFS info (device loop0): checking UUID tree [pid 5068] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9908] <... mount resumed>) = 0 [pid 9908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9908] chdir("./file0") = 0 [pid 9908] ioctl(4, LOOP_CLR_FD) = 0 [pid 9908] close(4) = 0 [pid 9908] open("./file0", O_RDONLY) = 4 [pid 9908] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... umount2 resumed>) = 0 [pid 9908] <... ioctl resumed>) = 0 [ 164.947967][ T9911] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9908] open("./file0", O_RDONLY [pid 5068] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9908] <... open resumed>) = 5 [pid 9908] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9908] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9908] exit_group(0) = ? [pid 9908] +++ exited with 0 +++ [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./45/file0", [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9908, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5068] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... restart_syscall resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(4, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5064] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] newfstatat(3, "", [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] close(4 [pid 5064] getdents64(3, [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./45/file0" [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5064] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(3 [pid 5064] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5068] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./44/binderfs" [pid 5068] rmdir("./45") = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5068] mkdir("./46", 0777 [pid 5064] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 9987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... ioctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10015 attached [pid 10015] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10015 [pid 10015] <... set_robust_list resumed>) = 0 [ 165.035936][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 165.052384][ T9911] BTRFS info (device loop5): checking UUID tree [pid 10015] chdir("./46") = 0 [pid 10015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10015] setpgid(0, 0) = 0 [pid 10015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9911] <... mount resumed>) = 0 [pid 10015] write(3, "1000", 4) = 4 [pid 10015] close(3) = 0 [pid 10015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10015] memfd_create("syzkaller", 0 [pid 9911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9911] chdir("./file0") = 0 [pid 9911] ioctl(4, LOOP_CLR_FD [pid 10015] <... memfd_create resumed>) = 3 [pid 9911] <... ioctl resumed>) = 0 [pid 9911] close(4 [pid 10015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 9911] <... close resumed>) = 0 [pid 9911] open("./file0", O_RDONLY) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 9911] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 9911] <... ioctl resumed>) = 0 [pid 5064] getdents64(4, [pid 9911] open("./file0", O_RDONLY [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 9911] <... open resumed>) = 5 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 9911] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] close(4) = 0 [pid 5064] rmdir("./44/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 9911] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./44" [pid 9911] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] <... rmdir resumed>) = 0 [pid 9911] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9911] exit_group(0 [pid 5064] mkdir("./45", 0777 [pid 9960] <... write resumed>) = 16777216 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9996] <... write resumed>) = 16777216 [pid 9960] munmap(0x7fda9371b000, 138412032 [pid 9911] <... exit_group resumed>) = ? [pid 5064] <... openat resumed>) = 3 [ 165.333881][ T12] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 9996] munmap(0x7fda9371b000, 138412032 [pid 9960] <... munmap resumed>) = 0 [pid 9911] +++ exited with 0 +++ [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9911, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] <... ioctl resumed>) = 0 [pid 9996] <... munmap resumed>) = 0 [pid 5064] close(3 [pid 5069] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9996] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 9960] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 9996] <... openat resumed>) = 4 [pid 9960] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10018 attached [pid 9996] ioctl(4, LOOP_SET_FD, 3 [pid 9960] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... openat resumed>) = 3 [pid 10018] set_robust_list(0x555557145760, 24 [pid 9960] <... ioctl resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 10018 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10018] <... set_robust_list resumed>) = 0 [pid 10018] chdir("./45" [pid 5069] getdents64(3, [pid 10018] <... chdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 9960] close(3 [pid 9996] <... ioctl resumed>) = 0 [pid 10018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9960] <... close resumed>) = 0 [pid 5069] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9996] close(3 [pid 10018] <... prctl resumed>) = 0 [pid 9960] mkdir("./file0", 0777 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 9996] <... close resumed>) = 0 [pid 10018] setpgid(0, 0) = 0 [pid 9996] mkdir("./file0", 0777 [pid 5069] newfstatat(AT_FDCWD, "./45/binderfs", [pid 10018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 9996] <... mkdir resumed>) = 0 [pid 9960] <... mkdir resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9996] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10018] <... openat resumed>) = 3 [pid 5069] unlink("./45/binderfs" [pid 10018] write(3, "1000", 4) = 4 [pid 5069] <... unlink resumed>) = 0 [pid 10018] close(3 [pid 5069] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10018] <... close resumed>) = 0 [pid 10018] symlink("/dev/binderfs", "./binderfs" [pid 9960] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10018] <... symlink resumed>) = 0 [pid 10018] memfd_create("syzkaller", 0) = 3 [pid 10018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 165.450984][ T9960] loop2: detected capacity change from 0 to 32768 [ 165.457730][ T9996] loop1: detected capacity change from 0 to 32768 [ 165.485811][ T9996] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (9996) [ 165.531743][ T9960] BTRFS: device /dev/loop2 using temp-fsid 0e193a37-448b-41b3-a050-0432672d21c1 [ 165.541493][ T9996] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 165.579225][ T9960] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (9960) [ 165.592243][ T9996] BTRFS info (device loop1): force clearing of disk cache [ 165.610404][ T9996] BTRFS info (device loop1): setting nodatasum [pid 10015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = 0 [ 165.648849][ T9996] BTRFS info (device loop1): allowing degraded mounts [ 165.655621][ T9996] BTRFS info (device loop1): enabling disk space caching [ 165.669769][ T9960] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5069] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 9987] <... write resumed>) = 16777216 [pid 5069] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 165.721141][ T9960] BTRFS info (device loop2): force clearing of disk cache [ 165.730470][ T9996] BTRFS info (device loop1): disk space caching is enabled [ 165.748799][ T9960] BTRFS info (device loop2): setting nodatasum [ 165.755084][ T9960] BTRFS info (device loop2): allowing degraded mounts [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 9987] munmap(0x7fda9371b000, 138412032 [pid 5069] close(4) = 0 [pid 5069] rmdir("./45/file0") = 0 [pid 9987] <... munmap resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./45") = 0 [pid 9987] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 9987] ioctl(4, LOOP_SET_FD, 3 [pid 5069] mkdir("./46", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [ 165.783829][ T9960] BTRFS info (device loop2): enabling disk space caching [ 165.799897][ T9960] BTRFS info (device loop2): disk space caching is enabled [ 165.821027][ T9987] loop3: detected capacity change from 0 to 32768 [pid 5069] close(3 [pid 9987] <... ioctl resumed>) = 0 [pid 9987] close(3) = 0 [pid 9987] mkdir("./file0", 0777) = 0 [pid 9987] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 165.909661][ T9987] BTRFS: device /dev/loop3 using temp-fsid f602bfd7-3ae4-4392-982a-ff0d8924a8cd [ 165.919892][ T9987] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (9987) [ 165.961028][ T9987] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 10018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... close resumed>) = 0 [ 166.012048][ T9960] BTRFS info (device loop2): enabling ssd optimizations [ 166.024591][ T9987] BTRFS info (device loop3): force clearing of disk cache [ 166.041986][ T9996] BTRFS info (device loop1): enabling ssd optimizations [ 166.049967][ T9960] BTRFS info (device loop2): auto enabling async discard [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10049 attached , child_tidptr=0x555557145750) = 10049 [pid 10049] set_robust_list(0x555557145760, 24) = 0 [pid 10049] chdir("./46") = 0 [pid 10049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10049] setpgid(0, 0) = 0 [ 166.064793][ T9987] BTRFS info (device loop3): setting nodatasum [ 166.078804][ T9996] BTRFS info (device loop1): auto enabling async discard [ 166.088006][ T9960] BTRFS info (device loop2): rebuilding free space tree [ 166.096990][ T9987] BTRFS info (device loop3): allowing degraded mounts [ 166.104252][ T9996] BTRFS info (device loop1): rebuilding free space tree [pid 10049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10015] <... write resumed>) = 16777216 [pid 10049] write(3, "1000", 4) = 4 [pid 10015] munmap(0x7fda9371b000, 138412032 [pid 10049] close(3 [pid 10015] <... munmap resumed>) = 0 [pid 10049] <... close resumed>) = 0 [pid 10049] symlink("/dev/binderfs", "./binderfs" [pid 10015] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10049] <... symlink resumed>) = 0 [ 166.136119][ T9987] BTRFS info (device loop3): enabling disk space caching [ 166.146016][ T9960] BTRFS info (device loop2): disabling free space tree [ 166.153354][ T9996] BTRFS info (device loop1): disabling free space tree [ 166.157659][ T9987] BTRFS info (device loop3): disk space caching is enabled [ 166.173140][T10015] loop4: detected capacity change from 0 to 32768 [pid 10015] ioctl(4, LOOP_SET_FD, 3 [pid 10049] memfd_create("syzkaller", 0) = 3 [pid 10015] <... ioctl resumed>) = 0 [pid 10049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10015] close(3) = 0 [pid 10015] mkdir("./file0", 0777) = 0 [ 166.175000][ T9960] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.188812][ T9996] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.202001][ T9960] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.219804][T10015] BTRFS: device /dev/loop4 using temp-fsid d56c14d5-d8c1-4329-813f-64524a102ef4 [ 166.221366][ T9960] BTRFS info (device loop2): checking UUID tree [pid 10015] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 9960] <... mount resumed>) = 0 [pid 9960] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9960] chdir("./file0") = 0 [pid 9960] ioctl(4, LOOP_CLR_FD) = 0 [pid 9960] close(4) = 0 [pid 9960] open("./file0", O_RDONLY) = 4 [pid 9960] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9960] open("./file0", O_RDONLY) = 5 [pid 9960] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 166.240051][ T9996] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.242661][T10015] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10015) [pid 9960] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9960] exit_group(0) = ? [pid 9960] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9960, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5066] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./46/binderfs") = 0 [ 166.294351][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 166.326687][ T9996] BTRFS info (device loop1): checking UUID tree [ 166.329876][T10015] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 9996] <... mount resumed>) = 0 [pid 9996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9996] chdir("./file0") = 0 [pid 9996] ioctl(4, LOOP_CLR_FD) = 0 [pid 9996] close(4) = 0 [pid 9996] open("./file0", O_RDONLY) = 4 [pid 9996] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 9996] open("./file0", O_RDONLY) = 5 [ 166.344218][ T9987] BTRFS info (device loop3): enabling ssd optimizations [ 166.370572][ T9987] BTRFS info (device loop3): auto enabling async discard [ 166.380212][ T9987] BTRFS info (device loop3): rebuilding free space tree [pid 9996] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 9996] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 9996] exit_group(0) = ? [ 166.398925][T10015] BTRFS info (device loop4): force clearing of disk cache [ 166.406144][T10015] BTRFS info (device loop4): setting nodatasum [ 166.414228][T10015] BTRFS info (device loop4): allowing degraded mounts [ 166.422401][T10015] BTRFS info (device loop4): enabling disk space caching [ 166.429693][T10015] BTRFS info (device loop4): disk space caching is enabled [pid 9996] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9996, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- [pid 5065] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./45/binderfs") = 0 [pid 5065] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.443456][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5066] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 166.482218][ T9987] BTRFS info (device loop3): disabling free space tree [ 166.495369][ T9987] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.508804][ T9987] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5066] close(4) = 0 [pid 5066] rmdir("./46/file0") = 0 [pid 5066] getdents64(3, [pid 5065] <... umount2 resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10018] <... write resumed>) = 16777216 [pid 5066] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./45/file0", [pid 5066] rmdir("./46" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] mkdir("./47", 0777 [pid 5065] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 10018] munmap(0x7fda9371b000, 138412032 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10018] <... munmap resumed>) = 0 [pid 5065] getdents64(4, [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3 [pid 5065] getdents64(4, [pid 5066] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] close(4) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 10083 [pid 5065] rmdir("./45/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [ 166.551961][ T9987] BTRFS info (device loop3): checking UUID tree [pid 5065] close(3) = 0 ./strace-static-x86_64: Process 10083 attached [pid 10083] set_robust_list(0x555557145760, 24) = 0 [pid 9987] <... mount resumed>) = 0 [pid 5065] rmdir("./45" [pid 9987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] <... rmdir resumed>) = 0 [pid 9987] chdir("./file0" [pid 10018] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 9987] <... chdir resumed>) = 0 [pid 5065] mkdir("./46", 0777 [pid 9987] ioctl(4, LOOP_CLR_FD [pid 10018] <... openat resumed>) = 4 [pid 9987] <... ioctl resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 9987] close(4 [pid 10083] chdir("./47" [pid 10018] ioctl(4, LOOP_SET_FD, 3 [pid 9987] <... close resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10083] <... chdir resumed>) = 0 [pid 9987] open("./file0", O_RDONLY [pid 5065] <... openat resumed>) = 3 [pid 10083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 9987] <... open resumed>) = 4 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 10083] <... prctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 10083] setpgid(0, 0 [pid 5065] close(3 [pid 10083] <... setpgid resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 9987] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10083] <... openat resumed>) = 3 [pid 10083] write(3, "1000", 4 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10086 [pid 9987] <... ioctl resumed>) = 0 [pid 10083] <... write resumed>) = 4 [pid 10083] close(3) = 0 [pid 10083] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 10086 attached ) = 0 [pid 9987] open("./file0", O_RDONLY) = 5 [pid 9987] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10083] memfd_create("syzkaller", 0 [pid 10086] set_robust_list(0x555557145760, 24 [pid 9987] <... ioctl resumed>) = 0 [ 166.642329][T10018] loop0: detected capacity change from 0 to 32768 [ 166.653571][T10015] BTRFS info (device loop4): enabling ssd optimizations [ 166.677424][T10015] BTRFS info (device loop4): auto enabling async discard [pid 10083] <... memfd_create resumed>) = 3 [pid 10086] <... set_robust_list resumed>) = 0 [pid 10018] <... ioctl resumed>) = 0 [pid 9987] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10086] chdir("./46" [pid 9987] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 9987] exit_group(0) = ? [pid 9987] +++ exited with 0 +++ [pid 10086] <... chdir resumed>) = 0 [pid 10083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10018] close(3 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9987, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [pid 10083] <... mmap resumed>) = 0x7fda9371b000 [pid 10018] <... close resumed>) = 0 [pid 10086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10018] mkdir("./file0", 0777 [pid 10086] <... prctl resumed>) = 0 [pid 10018] <... mkdir resumed>) = 0 [pid 10086] setpgid(0, 0 [pid 10018] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10086] <... setpgid resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 10086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] newfstatat(3, "", [pid 10086] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.690618][T10015] BTRFS info (device loop4): rebuilding free space tree [ 166.695936][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 166.720175][T10018] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10018) [pid 10086] write(3, "1000", 4 [pid 5067] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./45/binderfs" [pid 10086] <... write resumed>) = 4 [pid 5067] <... unlink resumed>) = 0 [pid 10086] close(3 [pid 5067] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10086] <... close resumed>) = 0 [pid 10086] symlink("/dev/binderfs", "./binderfs") = 0 [ 166.753418][T10015] BTRFS info (device loop4): disabling free space tree [ 166.769399][T10015] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10086] memfd_create("syzkaller", 0) = 3 [ 166.805666][T10018] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 166.828794][T10015] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 166.859143][T10018] BTRFS info (device loop0): force clearing of disk cache [ 166.893837][T10018] BTRFS info (device loop0): setting nodatasum [ 166.937839][T10018] BTRFS info (device loop0): allowing degraded mounts [ 166.938837][T10015] BTRFS info (device loop4): checking UUID tree [pid 10083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10015] <... mount resumed>) = 0 [pid 10015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10015] chdir("./file0") = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10015] ioctl(4, LOOP_CLR_FD [pid 5067] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./45/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./45") = 0 [ 166.979675][T10018] BTRFS info (device loop0): enabling disk space caching [ 166.987483][T10018] BTRFS info (device loop0): disk space caching is enabled [pid 5067] mkdir("./46", 0777 [pid 10015] <... ioctl resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 10015] close(4) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10090 ./strace-static-x86_64: Process 10090 attached [pid 10015] open("./file0", O_RDONLY) = 4 [pid 10015] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10090] set_robust_list(0x555557145760, 24) = 0 [pid 10090] chdir("./46") = 0 [pid 10090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10015] <... ioctl resumed>) = 0 [pid 10090] <... prctl resumed>) = 0 [pid 10015] open("./file0", O_RDONLY [pid 10090] setpgid(0, 0 [pid 10015] <... open resumed>) = 5 [pid 10090] <... setpgid resumed>) = 0 [pid 10090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10015] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10090] <... openat resumed>) = 3 [pid 10015] <... ioctl resumed>) = 0 [pid 10090] write(3, "1000", 4) = 4 [pid 10090] close(3) = 0 [pid 10090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10090] memfd_create("syzkaller", 0) = 3 [pid 10090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10015] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10090] <... mmap resumed>) = 0x7fda9371b000 [pid 10015] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10015] exit_group(0) = ? [pid 10015] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10015, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- [pid 5068] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 167.183924][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./46/binderfs") = 0 [pid 5068] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10049] <... write resumed>) = 16777216 [pid 10049] munmap(0x7fda9371b000, 138412032) = 0 [pid 10049] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 10049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10049] close(3) = 0 [pid 10049] mkdir("./file0", 0777) = 0 [ 167.318804][T10049] loop5: detected capacity change from 0 to 32768 [pid 10049] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 167.364054][T10049] BTRFS: device /dev/loop5 using temp-fsid dcd0edde-50e5-4f03-a833-1980aa09c982 [ 167.388010][T10049] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10049) [pid 10086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10018] <... mount resumed>) = 0 [pid 10018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10018] chdir("./file0") = 0 [pid 10018] ioctl(4, LOOP_CLR_FD) = 0 [pid 10018] close(4) = 0 [pid 10018] open("./file0", O_RDONLY) = 4 [pid 10018] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10018] open("./file0", O_RDONLY) = 5 [pid 10018] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10018] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10018] exit_group(0) = ? [pid 10018] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10018, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./45/binderfs") = 0 [pid 5064] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./46/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./46") = 0 [pid 5068] mkdir("./47", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10114 ./strace-static-x86_64: Process 10114 attached [pid 10114] set_robust_list(0x555557145760, 24) = 0 [pid 10114] chdir("./47") = 0 [pid 10114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10114] setpgid(0, 0) = 0 [pid 10114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10114] write(3, "1000", 4) = 4 [pid 10114] close(3) = 0 [pid 10114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10114] memfd_create("syzkaller", 0) = 3 [pid 10114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10086] <... write resumed>) = 16777216 [pid 10086] munmap(0x7fda9371b000, 138412032) = 0 [pid 10086] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10086] <... openat resumed>) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10086] ioctl(4, LOOP_SET_FD, 3 [pid 5064] newfstatat(AT_FDCWD, "./45/file0", [pid 10086] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10086] close(3 [pid 10083] <... write resumed>) = 16777216 [pid 10086] <... close resumed>) = 0 [pid 10083] munmap(0x7fda9371b000, 138412032 [pid 5064] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10086] mkdir("./file0", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10086] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10086] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... openat resumed>) = 4 [ 167.820720][T10086] loop1: detected capacity change from 0 to 32768 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 10083] <... munmap resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 10083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 10083] <... openat resumed>) = 4 [pid 5064] rmdir("./45/file0" [ 167.870620][T10086] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10086) [pid 10083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./45") = 0 [pid 5064] mkdir("./46", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10124 attached , child_tidptr=0x555557145750) = 10124 [pid 10124] set_robust_list(0x555557145760, 24) = 0 [pid 10124] chdir("./46") = 0 [pid 10124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10124] setpgid(0, 0 [pid 10083] close(3) = 0 [pid 10124] <... setpgid resumed>) = 0 [pid 10114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10083] mkdir("./file0", 0777 [pid 10124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10083] <... mkdir resumed>) = 0 [pid 10124] <... openat resumed>) = 3 [ 167.921921][T10083] loop2: detected capacity change from 0 to 32768 [pid 10083] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10124] write(3, "1000", 4) = 4 [pid 10124] close(3) = 0 [pid 10124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10049] <... mount resumed>) = 0 [pid 10049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10124] memfd_create("syzkaller", 0 [pid 10049] <... openat resumed>) = 3 [pid 10049] chdir("./file0" [pid 10124] <... memfd_create resumed>) = 3 [pid 10049] <... chdir resumed>) = 0 [pid 10049] ioctl(4, LOOP_CLR_FD [pid 10124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10049] <... ioctl resumed>) = 0 [pid 10049] close(4 [pid 10124] <... mmap resumed>) = 0x7fda9371b000 [pid 10049] <... close resumed>) = 0 [pid 10049] open("./file0", O_RDONLY) = 4 [ 167.972420][T10083] BTRFS: device /dev/loop2 using temp-fsid 01e84405-4645-445e-8f8b-0de46987441f [pid 10049] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10049] open("./file0", O_RDONLY) = 5 [pid 10049] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10049] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10049] exit_group(0) = ? [pid 10049] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10049, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [ 168.059430][T10083] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10083) [pid 5069] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./46/binderfs") = 0 [pid 5069] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10086] <... mount resumed>) = 0 [pid 10086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10086] chdir("./file0") = 0 [pid 10086] ioctl(4, LOOP_CLR_FD) = 0 [pid 10086] close(4) = 0 [pid 10086] open("./file0", O_RDONLY) = 4 [pid 10086] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10086] open("./file0", O_RDONLY) = 5 [pid 10086] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10114] <... write resumed>) = 16777216 [pid 10086] <... ioctl resumed>) = 0 [pid 10114] munmap(0x7fda9371b000, 138412032 [pid 10086] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10086] exit_group(0) = ? [pid 10086] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10086, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- [pid 5065] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10114] <... munmap resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10114] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5069] <... umount2 resumed>) = 0 [pid 5065] unlink("./46/binderfs" [pid 10114] <... openat resumed>) = 4 [pid 5065] <... unlink resumed>) = 0 [pid 10114] ioctl(4, LOOP_SET_FD, 3 [pid 5065] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10083] <... mount resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", [pid 10083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10083] chdir("./file0") = 0 [pid 10083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 10083] close(4 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 10083] <... close resumed>) = 0 [pid 10114] <... ioctl resumed>) = 0 [pid 10083] open("./file0", O_RDONLY [pid 10114] close(3 [pid 10083] <... open resumed>) = 4 [pid 10114] <... close resumed>) = 0 [pid 10083] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./46/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./46" [pid 10114] mkdir("./file0", 0777 [pid 5069] <... rmdir resumed>) = 0 [pid 10114] <... mkdir resumed>) = 0 [pid 10090] <... write resumed>) = 16777216 [pid 5069] mkdir("./47", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [ 168.447828][T10114] loop4: detected capacity change from 0 to 32768 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10114] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10090] munmap(0x7fda9371b000, 138412032 [pid 10083] <... ioctl resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10159 ./strace-static-x86_64: Process 10159 attached [pid 10090] <... munmap resumed>) = 0 [pid 10083] open("./file0", O_RDONLY [pid 10159] set_robust_list(0x555557145760, 24) = 0 [pid 10159] chdir("./47") = 0 [pid 10159] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10083] <... open resumed>) = 5 [pid 10083] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10159] <... prctl resumed>) = 0 [pid 10159] setpgid(0, 0) = 0 [pid 10159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10083] <... ioctl resumed>) = 0 [pid 10159] <... openat resumed>) = 3 [pid 10083] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10159] write(3, "1000", 4) = 4 [pid 10159] close(3) = 0 [pid 10159] symlink("/dev/binderfs", "./binderfs" [pid 10083] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10159] <... symlink resumed>) = 0 [pid 10083] exit_group(0 [pid 10159] memfd_create("syzkaller", 0) = 3 [pid 10083] <... exit_group resumed>) = ? [pid 10159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10090] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10083] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10083, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [ 168.524879][T10114] BTRFS: device /dev/loop4 using temp-fsid b568dc14-51b5-496d-80f9-e699ab2446e8 [pid 10124] <... write resumed>) = 16777216 [pid 10090] <... openat resumed>) = 4 [pid 5066] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10090] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10090] <... ioctl resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 10090] close(3) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./47/binderfs") = 0 [pid 5066] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10090] mkdir("./file0", 0777 [pid 10124] munmap(0x7fda9371b000, 138412032 [pid 10090] <... mkdir resumed>) = 0 [pid 10090] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10124] <... munmap resumed>) = 0 [ 168.569603][T10090] loop3: detected capacity change from 0 to 32768 [ 168.580248][T10114] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10114) [pid 10124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10124] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10124] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./46/file0", [pid 10124] mkdir("./file0", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10124] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10124] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [ 168.649311][T10090] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10090) [ 168.669590][T10124] loop0: detected capacity change from 0 to 32768 [pid 5065] rmdir("./46/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./46") = 0 [pid 5065] mkdir("./47", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] close(3 [pid 5066] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] newfstatat(AT_FDCWD, "./47/file0", ./strace-static-x86_64: Process 10182 attached [pid 10182] set_robust_list(0x555557145760, 24 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10182] <... set_robust_list resumed>) = 0 [pid 5066] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 168.744048][T10124] BTRFS: device /dev/loop0 using temp-fsid f4c48ae5-a19d-47cd-bf58-fbca8c30a5dd [pid 5066] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10182 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 10182] chdir("./47" [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10182] <... chdir resumed>) = 0 [pid 10182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] getdents64(4, [pid 10182] setpgid(0, 0) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 10182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] rmdir("./47/file0") = 0 [pid 10182] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 10182] write(3, "1000", 4 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 10182] <... write resumed>) = 4 [pid 5066] close(3) = 0 [pid 5066] rmdir("./47" [pid 10182] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 10182] <... close resumed>) = 0 [pid 5066] mkdir("./48", 0777 [ 168.809123][T10124] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10124) [pid 10182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 10182] memfd_create("syzkaller", 0) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10189 attached [pid 10189] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 10189 [pid 10189] chdir("./48") = 0 [pid 10189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10189] setpgid(0, 0) = 0 [pid 10189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10189] write(3, "1000", 4) = 4 [pid 10189] close(3) = 0 [pid 10189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10189] memfd_create("syzkaller", 0) = 3 [pid 10189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10114] <... mount resumed>) = 0 [pid 10114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10114] chdir("./file0") = 0 [pid 10114] ioctl(4, LOOP_CLR_FD) = 0 [pid 10114] close(4) = 0 [pid 10114] open("./file0", O_RDONLY) = 4 [pid 10114] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10114] open("./file0", O_RDONLY) = 5 [pid 10114] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10090] <... mount resumed>) = 0 [pid 10090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10090] chdir("./file0") = 0 [pid 10090] ioctl(4, LOOP_CLR_FD) = 0 [pid 10090] close(4) = 0 [pid 10090] open("./file0", O_RDONLY) = 4 [pid 10090] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10114] <... ioctl resumed>) = 0 [pid 10114] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10114] exit_group(0) = ? [pid 10114] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10114, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- [pid 10090] <... ioctl resumed>) = 0 [pid 5068] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10090] open("./file0", O_RDONLY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 10090] <... open resumed>) = 5 [pid 10090] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./47/binderfs") = 0 [pid 5068] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10159] <... write resumed>) = 16777216 [pid 10159] munmap(0x7fda9371b000, 138412032 [pid 10090] <... ioctl resumed>) = 0 [pid 10090] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 169.298552][ T48] _btrfs_printk: 82 callbacks suppressed [ 169.298565][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 10159] <... munmap resumed>) = 0 [pid 10090] exit_group(0) = ? [pid 10090] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10090, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 10159] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5067] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10159] ioctl(4, LOOP_SET_FD, 3 [ 169.349618][T10124] BTRFS info (device loop0): enabling ssd optimizations [ 169.356576][T10124] BTRFS info (device loop0): auto enabling async discard [ 169.369417][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10159] <... ioctl resumed>) = 0 [pid 10182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10159] close(3 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 10159] <... close resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 10159] mkdir("./file0", 0777 [pid 5067] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10159] <... mkdir resumed>) = 0 [pid 10159] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 169.413729][T10159] loop5: detected capacity change from 0 to 32768 [pid 5067] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./46/binderfs") = 0 [ 169.461364][T10159] BTRFS: device /dev/loop5 using temp-fsid a95d7191-6f1c-49a5-a7a2-69e9bcd7d44b [ 169.481542][T10124] BTRFS info (device loop0): rebuilding free space tree [ 169.498846][T10159] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10159) [ 169.528970][T10124] BTRFS info (device loop0): disabling free space tree [ 169.538665][T10124] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 169.578925][T10124] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 169.610754][T10159] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5067] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10189] <... write resumed>) = 16777216 [ 169.625170][T10124] BTRFS info (device loop0): checking UUID tree [pid 10189] munmap(0x7fda9371b000, 138412032) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10189] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] <... umount2 resumed>) = 0 [pid 10189] <... openat resumed>) = 4 [ 169.668345][T10159] BTRFS info (device loop5): force clearing of disk cache [pid 5068] <... openat resumed>) = 4 [pid 10189] ioctl(4, LOOP_SET_FD, 3 [pid 5068] newfstatat(4, "", [pid 5067] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10124] <... mount resumed>) = 0 [pid 10124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10124] chdir("./file0") = 0 [pid 10124] ioctl(4, LOOP_CLR_FD [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10124] <... ioctl resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./46/file0", [pid 10124] close(4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10124] <... close resumed>) = 0 [pid 5067] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10124] open("./file0", O_RDONLY [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10124] <... open resumed>) = 4 [pid 5067] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10124] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5068] getdents64(4, [pid 5067] newfstatat(4, "", [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5067] getdents64(4, [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] close(4 [pid 5067] getdents64(4, [pid 5068] <... close resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] rmdir("./47/file0" [pid 5067] close(4 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./46/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] getdents64(3, [pid 5067] close(3 [pid 10124] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... close resumed>) = 0 [pid 10124] open("./file0", O_RDONLY [pid 5068] close(3 [pid 5067] rmdir("./46" [pid 10124] <... open resumed>) = 5 [pid 5068] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 10124] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] rmdir("./47" [pid 5067] mkdir("./47", 0777 [pid 10124] <... ioctl resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 10124] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] mkdir("./48", 0777 [pid 10124] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10189] <... ioctl resumed>) = 0 [pid 10124] exit_group(0 [pid 5067] <... openat resumed>) = 3 [ 169.711325][T10159] BTRFS info (device loop5): setting nodatasum [ 169.718158][T10189] loop2: detected capacity change from 0 to 32768 [ 169.746611][T10159] BTRFS info (device loop5): allowing degraded mounts [pid 10189] close(3 [pid 10124] <... exit_group resumed>) = ? [pid 5067] ioctl(3, LOOP_CLR_FD [pid 10189] <... close resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] close(3 [pid 5068] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10189] mkdir("./file0", 0777 [pid 5068] <... ioctl resumed>) = 0 [pid 10189] <... mkdir resumed>) = 0 [pid 5068] close(3 [pid 10124] +++ exited with 0 +++ [pid 5068] <... close resumed>) = 0 ./strace-static-x86_64: Process 10216 attached [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 10216 [pid 10216] set_robust_list(0x555557145760, 24) = 0 [pid 10216] chdir("./47") = 0 [pid 10189] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10216] setpgid(0, 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10217 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10124, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- ./strace-static-x86_64: Process 10217 attached [pid 10217] set_robust_list(0x555557145760, 24) = 0 [pid 10217] chdir("./48") = 0 [pid 10216] <... setpgid resumed>) = 0 [pid 10216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10216] write(3, "1000", 4) = 4 [pid 10217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10217] setpgid(0, 0) = 0 [pid 10216] close(3 [pid 10217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10216] <... close resumed>) = 0 [pid 10217] <... openat resumed>) = 3 [pid 10216] symlink("/dev/binderfs", "./binderfs" [pid 10217] write(3, "1000", 4 [pid 10216] <... symlink resumed>) = 0 [pid 10217] <... write resumed>) = 4 [pid 10216] memfd_create("syzkaller", 0 [pid 10217] close(3 [pid 10216] <... memfd_create resumed>) = 3 [pid 10217] <... close resumed>) = 0 [pid 10216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10216] <... mmap resumed>) = 0x7fda9371b000 [pid 10217] memfd_create("syzkaller", 0) = 3 [pid 10217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 169.801225][T10159] BTRFS info (device loop5): enabling disk space caching [ 169.807784][T10189] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10189) [ 169.808378][T10159] BTRFS info (device loop5): disk space caching is enabled [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./46/binderfs") = 0 [ 169.873316][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10182] <... write resumed>) = 16777216 [ 169.929451][T10189] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 170.005496][T10189] BTRFS info (device loop2): force clearing of disk cache [pid 10182] munmap(0x7fda9371b000, 138412032) = 0 [pid 10182] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 170.083576][T10189] BTRFS info (device loop2): setting nodatasum [ 170.148881][T10189] BTRFS info (device loop2): allowing degraded mounts [ 170.152521][T10182] loop1: detected capacity change from 0 to 32768 [ 170.155652][T10189] BTRFS info (device loop2): enabling disk space caching [ 170.155675][T10189] BTRFS info (device loop2): disk space caching is enabled [ 170.180317][T10159] BTRFS info (device loop5): enabling ssd optimizations [ 170.187357][T10159] BTRFS info (device loop5): auto enabling async discard [pid 10182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10182] close(3) = 0 [pid 10182] mkdir("./file0", 0777) = 0 [ 170.244024][T10159] BTRFS info (device loop5): rebuilding free space tree [pid 10182] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 170.299967][T10182] BTRFS: device /dev/loop1 using temp-fsid a1eb5800-a997-4873-a663-7dd6017b69d2 [ 170.354419][T10159] BTRFS info (device loop5): disabling free space tree [ 170.378924][T10182] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10182) [ 170.423785][T10159] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 170.498792][T10159] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 170.529104][T10182] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 170.538326][T10182] BTRFS info (device loop1): force clearing of disk cache [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 170.578496][T10189] BTRFS info (device loop2): enabling ssd optimizations [ 170.591531][T10159] BTRFS info (device loop5): checking UUID tree [ 170.599248][T10189] BTRFS info (device loop2): auto enabling async discard [pid 5064] close(4) = 0 [pid 5064] rmdir("./46/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./46") = 0 [ 170.632070][T10189] BTRFS info (device loop2): rebuilding free space tree [ 170.640530][T10182] BTRFS info (device loop1): setting nodatasum [ 170.651311][T10182] BTRFS info (device loop1): allowing degraded mounts [ 170.670233][T10189] BTRFS info (device loop2): disabling free space tree [pid 5064] mkdir("./47", 0777 [pid 10159] <... mount resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 10159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10159] chdir("./file0") = 0 [pid 10159] ioctl(4, LOOP_CLR_FD) = 0 [pid 10159] close(4) = 0 [pid 10159] open("./file0", O_RDONLY) = 4 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10159] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10159] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [ 170.682173][T10182] BTRFS info (device loop1): enabling disk space caching [ 170.712004][T10189] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 170.714722][T10182] BTRFS info (device loop1): disk space caching is enabled [pid 10217] <... write resumed>) = 16777216 [pid 10159] open("./file0", O_RDONLY [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10159] <... open resumed>) = 5 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 10253 ./strace-static-x86_64: Process 10253 attached [pid 10253] set_robust_list(0x555557145760, 24 [pid 10159] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10217] munmap(0x7fda9371b000, 138412032 [pid 10253] <... set_robust_list resumed>) = 0 [pid 10159] <... ioctl resumed>) = 0 [pid 10159] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10253] chdir("./47" [pid 10217] <... munmap resumed>) = 0 [pid 10159] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10159] exit_group(0 [pid 10253] <... chdir resumed>) = 0 [pid 10159] <... exit_group resumed>) = ? [pid 10159] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10159, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 10253] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 10253] <... prctl resumed>) = 0 [pid 5069] <... restart_syscall resumed>) = 0 [pid 5069] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10253] setpgid(0, 0 [pid 5069] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10253] <... setpgid resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./47/binderfs") = 0 [pid 5069] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10253] write(3, "1000", 4) = 4 [pid 10217] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10253] close(3) = 0 [pid 10217] <... openat resumed>) = 4 [pid 10253] symlink("/dev/binderfs", "./binderfs") = 0 [ 170.777727][T10189] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 170.802657][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 10253] memfd_create("syzkaller", 0) = 3 [pid 10253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10217] ioctl(4, LOOP_SET_FD, 3 [pid 10253] <... mmap resumed>) = 0x7fda9371b000 [pid 10189] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10189] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10189] chdir("./file0") = 0 [pid 10189] ioctl(4, LOOP_CLR_FD [pid 5069] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10189] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 10189] close(4 [pid 5069] newfstatat(4, "", [pid 10217] <... ioctl resumed>) = 0 [pid 10217] close(3 [pid 10189] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 170.851508][T10217] loop4: detected capacity change from 0 to 32768 [ 170.880386][T10189] BTRFS info (device loop2): checking UUID tree [pid 10217] <... close resumed>) = 0 [pid 10189] open("./file0", O_RDONLY [pid 10217] mkdir("./file0", 0777 [pid 10189] <... open resumed>) = 4 [pid 10217] <... mkdir resumed>) = 0 [pid 10189] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10217] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] getdents64(4, [pid 10189] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10189] open("./file0", O_RDONLY) = 5 [pid 10189] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 10189] <... ioctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 10189] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5069] rmdir("./47/file0" [pid 10189] exit_group(0 [pid 5069] <... rmdir resumed>) = 0 [pid 10189] <... exit_group resumed>) = ? [pid 5069] getdents64(3, [pid 10189] +++ exited with 0 +++ [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10189, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- [pid 5066] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] <... close resumed>) = 0 [ 170.918320][T10182] BTRFS info (device loop1): enabling ssd optimizations [ 170.937022][T10217] BTRFS: device /dev/loop4 using temp-fsid 9e211741-7e2b-408e-909b-b2a5cdb09fbd [ 170.959107][T10182] BTRFS info (device loop1): auto enabling async discard [pid 5069] rmdir("./47" [pid 5066] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] unlink("./48/binderfs" [pid 5069] mkdir("./48", 0777 [pid 5066] <... unlink resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5066] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [ 170.989712][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 170.994617][T10217] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10217) [pid 5069] close(3 [pid 10216] <... write resumed>) = 16777216 [pid 5069] <... close resumed>) = 0 [pid 10216] munmap(0x7fda9371b000, 138412032 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10270 ./strace-static-x86_64: Process 10270 attached [pid 10216] <... munmap resumed>) = 0 [pid 10216] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10216] ioctl(4, LOOP_SET_FD, 3 [pid 10270] set_robust_list(0x555557145760, 24 [pid 10216] <... ioctl resumed>) = 0 [pid 10270] <... set_robust_list resumed>) = 0 [pid 10270] chdir("./48") = 0 [ 171.031696][T10182] BTRFS info (device loop1): rebuilding free space tree [ 171.052360][T10217] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 171.054945][T10182] BTRFS info (device loop1): disabling free space tree [ 171.069402][T10216] loop3: detected capacity change from 0 to 32768 [pid 10270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10270] setpgid(0, 0) = 0 [pid 10270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10216] close(3) = 0 [pid 10216] mkdir("./file0", 0777) = 0 [pid 10216] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10270] <... openat resumed>) = 3 [pid 10270] write(3, "1000", 4) = 4 [pid 10270] close(3) = 0 [ 171.081113][T10217] BTRFS info (device loop4): force clearing of disk cache [ 171.088707][T10217] BTRFS info (device loop4): setting nodatasum [ 171.092799][T10182] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 171.100868][T10216] BTRFS: device /dev/loop3 using temp-fsid a85dff96-657b-4899-9b2b-56f49e988f7f [ 171.119455][T10217] BTRFS info (device loop4): allowing degraded mounts [pid 10270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10270] memfd_create("syzkaller", 0) = 3 [pid 10270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 171.126235][T10217] BTRFS info (device loop4): enabling disk space caching [ 171.142647][T10216] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10216) [ 171.162475][T10182] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 171.167959][T10217] BTRFS info (device loop4): disk space caching is enabled [ 171.197940][T10216] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 171.221727][T10182] BTRFS info (device loop1): checking UUID tree [ 171.238853][T10216] BTRFS info (device loop3): force clearing of disk cache [pid 10253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10182] <... mount resumed>) = 0 [pid 10182] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10182] chdir("./file0") = 0 [pid 10182] ioctl(4, LOOP_CLR_FD) = 0 [pid 10182] close(4) = 0 [pid 10182] open("./file0", O_RDONLY) = 4 [ 171.246179][T10216] BTRFS info (device loop3): setting nodatasum [pid 10182] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10182] open("./file0", O_RDONLY) = 5 [pid 10182] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10182] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10182] exit_group(0) = ? [pid 10182] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10182, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 171.318578][T10216] BTRFS info (device loop3): allowing degraded mounts [ 171.333717][T10216] BTRFS info (device loop3): enabling disk space caching [ 171.344885][T10216] BTRFS info (device loop3): disk space caching is enabled [pid 5065] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./47/binderfs") = 0 [pid 5065] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 171.366903][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 171.446688][T10217] BTRFS info (device loop4): enabling ssd optimizations [pid 10270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 171.503780][T10217] BTRFS info (device loop4): auto enabling async discard [ 171.535874][T10216] BTRFS info (device loop3): enabling ssd optimizations [pid 5065] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 171.548189][T10217] BTRFS info (device loop4): rebuilding free space tree [ 171.548506][T10216] BTRFS info (device loop3): auto enabling async discard [ 171.580794][T10217] BTRFS info (device loop4): disabling free space tree [ 171.587686][T10217] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5065] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./47/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./47") = 0 [pid 10217] <... mount resumed>) = 0 [pid 10217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] mkdir("./48", 0777 [pid 10217] <... openat resumed>) = 3 [pid 5065] <... mkdir resumed>) = 0 [pid 10217] chdir("./file0" [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 10253] <... write resumed>) = 16777216 [pid 10217] <... chdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 10217] ioctl(4, LOOP_CLR_FD [pid 5065] close(3) = 0 [pid 10270] <... write resumed>) = 16777216 [pid 10217] <... ioctl resumed>) = 0 [pid 10253] munmap(0x7fda9371b000, 138412032 [pid 10217] close(4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10217] <... close resumed>) = 0 [ 171.598468][T10217] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 171.612406][T10217] BTRFS info (device loop4): checking UUID tree [ 171.638983][T10216] BTRFS info (device loop3): rebuilding free space tree [pid 10270] munmap(0x7fda9371b000, 138412032./strace-static-x86_64: Process 10304 attached [pid 10253] <... munmap resumed>) = 0 [pid 10217] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10304 [pid 10217] <... open resumed>) = 4 [pid 10304] set_robust_list(0x555557145760, 24 [pid 10253] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10304] <... set_robust_list resumed>) = 0 [pid 10217] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10253] <... openat resumed>) = 4 [pid 10304] chdir("./48") = 0 [pid 10304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10253] ioctl(4, LOOP_SET_FD, 3 [ 171.681465][T10216] BTRFS info (device loop3): disabling free space tree [ 171.688366][T10216] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10304] setpgid(0, 0 [pid 10270] <... munmap resumed>) = 0 [pid 10304] <... setpgid resumed>) = 0 [pid 10217] <... ioctl resumed>) = 0 [pid 5066] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10217] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] newfstatat(AT_FDCWD, "./48/file0", [pid 10217] <... open resumed>) = 5 [pid 10304] <... openat resumed>) = 3 [pid 10217] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10304] write(3, "1000", 4 [pid 10253] <... ioctl resumed>) = 0 [pid 10217] <... ioctl resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10217] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10304] <... write resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 10253] close(3 [pid 10217] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] newfstatat(4, "", [pid 10253] <... close resumed>) = 0 [pid 10253] mkdir("./file0", 0777 [pid 10217] exit_group(0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10270] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] getdents64(4, [pid 10270] <... openat resumed>) = 4 [pid 10253] <... mkdir resumed>) = 0 [pid 10217] <... exit_group resumed>) = ? [pid 10270] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10304] close(3 [pid 10253] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10217] +++ exited with 0 +++ [pid 10270] <... ioctl resumed>) = 0 [pid 10270] close(3) = 0 [pid 10270] mkdir("./file0", 0777 [pid 10304] <... close resumed>) = 0 [pid 10270] <... mkdir resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10217, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- [ 171.724862][T10253] loop0: detected capacity change from 0 to 32768 [ 171.730079][T10216] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 171.753313][T10270] loop5: detected capacity change from 0 to 32768 [ 171.761993][ T76] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 10304] symlink("/dev/binderfs", "./binderfs" [pid 10270] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10304] <... symlink resumed>) = 0 [pid 5066] close(4 [pid 10304] memfd_create("syzkaller", 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./48/file0" [pid 5068] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... rmdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(3, [pid 10304] <... memfd_create resumed>) = 3 [pid 5068] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 10304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... openat resumed>) = 3 [pid 5066] close(3 [pid 10304] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] newfstatat(3, "", [pid 5066] <... close resumed>) = 0 [pid 10216] <... mount resumed>) = 0 [pid 5066] rmdir("./48" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 5066] <... rmdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] mkdir("./49", 0777 [ 171.772577][T10253] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10253) [ 171.793567][T10216] BTRFS info (device loop3): checking UUID tree [ 171.800447][T10253] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 171.816440][T10270] BTRFS: device /dev/loop5 using temp-fsid 09e38fc3-3473-4e6e-8e85-08dc523b4017 [pid 10216] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 10216] chdir("./file0") = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10216] ioctl(4, LOOP_CLR_FD [pid 5068] newfstatat(AT_FDCWD, "./48/binderfs", [pid 10216] <... ioctl resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5068] unlink("./48/binderfs") = 0 [pid 10216] close(4 [pid 5068] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10216] <... close resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10216] open("./file0", O_RDONLY) = 4 [pid 5066] close(3 [pid 10216] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10307 attached [ 171.825876][T10253] BTRFS info (device loop0): force clearing of disk cache [ 171.849855][T10270] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10270) [ 171.863021][T10253] BTRFS info (device loop0): setting nodatasum [pid 10307] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 10307 [pid 10307] <... set_robust_list resumed>) = 0 [pid 10307] chdir("./49") = 0 [pid 10307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10216] <... ioctl resumed>) = 0 [pid 10216] open("./file0", O_RDONLY [pid 10307] <... prctl resumed>) = 0 [pid 10216] <... open resumed>) = 5 [pid 10307] setpgid(0, 0 [pid 10216] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10307] <... setpgid resumed>) = 0 [pid 10307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10307] write(3, "1000", 4 [pid 10216] <... ioctl resumed>) = 0 [pid 10307] <... write resumed>) = 4 [pid 10216] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [ 171.877411][T10253] BTRFS info (device loop0): allowing degraded mounts [ 171.905464][T10253] BTRFS info (device loop0): enabling disk space caching [pid 10307] close(3 [pid 10216] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10307] <... close resumed>) = 0 [pid 10216] exit_group(0 [pid 10307] symlink("/dev/binderfs", "./binderfs" [pid 10216] <... exit_group resumed>) = ? [pid 10307] <... symlink resumed>) = 0 [pid 10216] +++ exited with 0 +++ [pid 10307] memfd_create("syzkaller", 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10216, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10307] <... memfd_create resumed>) = 3 [pid 5067] getdents64(3, [pid 10307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./47/binderfs") = 0 [pid 5067] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10307] <... mmap resumed>) = 0x7fda9371b000 [ 171.934297][T10253] BTRFS info (device loop0): disk space caching is enabled [ 171.946489][T10270] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 171.948040][ T76] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 172.003048][T10270] BTRFS info (device loop5): force clearing of disk cache [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 172.055628][T10270] BTRFS info (device loop5): setting nodatasum [pid 5068] getdents64(4, [pid 10307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./48/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./48") = 0 [pid 5068] mkdir("./49", 0777) = 0 [ 172.102925][T10270] BTRFS info (device loop5): allowing degraded mounts [ 172.109768][T10270] BTRFS info (device loop5): enabling disk space caching [ 172.116788][T10270] BTRFS info (device loop5): disk space caching is enabled [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10328 ./strace-static-x86_64: Process 10328 attached [pid 10328] set_robust_list(0x555557145760, 24) = 0 [pid 10328] chdir("./49") = 0 [pid 10328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10328] setpgid(0, 0) = 0 [pid 10328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10328] write(3, "1000", 4) = 4 [pid 10328] close(3) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 10328] symlink("/dev/binderfs", "./binderfs" [pid 5067] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10328] <... symlink resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10328] memfd_create("syzkaller", 0 [pid 5067] newfstatat(AT_FDCWD, "./47/file0", [pid 10304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10328] <... memfd_create resumed>) = 3 [pid 5067] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10328] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 172.211358][T10253] BTRFS info (device loop0): enabling ssd optimizations [ 172.218315][T10253] BTRFS info (device loop0): auto enabling async discard [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./47/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./47") = 0 [pid 5067] mkdir("./48", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10340 ./strace-static-x86_64: Process 10340 attached [pid 10340] set_robust_list(0x555557145760, 24) = 0 [pid 10340] chdir("./48") = 0 [pid 10340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10340] setpgid(0, 0) = 0 [pid 10340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10340] write(3, "1000", 4) = 4 [pid 10340] close(3) = 0 [pid 10340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10340] memfd_create("syzkaller", 0) = 3 [ 172.327707][T10270] BTRFS info (device loop5): enabling ssd optimizations [ 172.342741][T10253] BTRFS info (device loop0): rebuilding free space tree [ 172.358834][T10270] BTRFS info (device loop5): auto enabling async discard [pid 10340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 172.409291][T10253] BTRFS info (device loop0): disabling free space tree [ 172.416358][T10253] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 172.430491][T10270] BTRFS info (device loop5): rebuilding free space tree [pid 10253] <... mount resumed>) = 0 [pid 10270] <... mount resumed>) = 0 [pid 10253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10253] <... openat resumed>) = 3 [pid 10270] <... openat resumed>) = 3 [pid 10270] chdir("./file0") = 0 [pid 10270] ioctl(4, LOOP_CLR_FD) = 0 [pid 10270] close(4) = 0 [pid 10270] open("./file0", O_RDONLY) = 4 [pid 10270] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10253] chdir("./file0") = 0 [pid 10253] ioctl(4, LOOP_CLR_FD) = 0 [pid 10253] close(4) = 0 [pid 10253] open("./file0", O_RDONLY) = 4 [pid 10253] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10270] <... ioctl resumed>) = 0 [pid 10270] open("./file0", O_RDONLY) = 5 [pid 10270] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10270] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10270] exit_group(0) = ? [pid 10270] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10270, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- [pid 10253] <... ioctl resumed>) = 0 [pid 10253] open("./file0", O_RDONLY) = 5 [pid 10253] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10253] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./48/binderfs" [pid 10253] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... unlink resumed>) = 0 [pid 10253] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10307] <... write resumed>) = 16777216 [pid 10253] exit_group(0) = ? [pid 10253] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10253, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- [pid 5064] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10307] munmap(0x7fda9371b000, 138412032 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10307] <... munmap resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./47/binderfs" [pid 10328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10307] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10307] <... openat resumed>) = 4 [pid 10307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10307] close(3) = 0 [ 172.773553][T10307] loop2: detected capacity change from 0 to 32768 [pid 10307] mkdir("./file0", 0777) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 10307] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10304] <... write resumed>) = 16777216 [pid 5069] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10304] munmap(0x7fda9371b000, 138412032 [pid 5069] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 10304] <... munmap resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [ 172.831417][T10307] BTRFS: device /dev/loop2 using temp-fsid 91749341-9631-450e-9f49-573233a0c631 [pid 5069] close(4 [pid 10304] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./48/file0" [pid 10304] <... openat resumed>) = 4 [pid 5069] <... rmdir resumed>) = 0 [pid 10304] ioctl(4, LOOP_SET_FD, 3 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 10304] <... ioctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 10304] close(3 [pid 5069] rmdir("./48" [pid 10304] <... close resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 10304] mkdir("./file0", 0777 [pid 5069] mkdir("./49", 0777 [pid 10304] <... mkdir resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 10304] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [ 172.884559][T10307] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10307) [ 172.922661][T10304] loop1: detected capacity change from 0 to 32768 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10345 attached [pid 10345] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10345 [pid 10345] <... set_robust_list resumed>) = 0 [pid 10345] chdir("./49") = 0 [pid 10345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10345] setpgid(0, 0) = 0 [pid 10345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10345] write(3, "1000", 4) = 4 [pid 10345] close(3) = 0 [pid 10345] symlink("/dev/binderfs", "./binderfs") = 0 [ 173.001860][T10304] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10304) [pid 10345] memfd_create("syzkaller", 0) = 3 [pid 5064] <... umount2 resumed>) = 0 [pid 10345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./47/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./47") = 0 [pid 5064] mkdir("./48", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10364 attached [pid 10364] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 10364 [pid 10364] chdir("./48") = 0 [pid 10364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10364] setpgid(0, 0) = 0 [pid 10364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10364] write(3, "1000", 4) = 4 [pid 10364] close(3) = 0 [pid 10364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10364] memfd_create("syzkaller", 0) = 3 [pid 10364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10328] <... write resumed>) = 16777216 [pid 10328] munmap(0x7fda9371b000, 138412032) = 0 [pid 10328] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10328] close(3) = 0 [pid 10328] mkdir("./file0", 0777) = 0 [ 173.284157][T10328] loop4: detected capacity change from 0 to 32768 [ 173.311286][T10328] BTRFS: device /dev/loop4 using temp-fsid 9f8a0a9c-49f5-4d13-927b-b86dd7a9f412 [pid 10328] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10304] <... mount resumed>) = 0 [pid 10307] <... mount resumed>) = 0 [pid 10304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10304] <... openat resumed>) = 3 [pid 10307] <... openat resumed>) = 3 [pid 10304] chdir("./file0" [pid 10307] chdir("./file0") = 0 [pid 10304] <... chdir resumed>) = 0 [pid 10304] ioctl(4, LOOP_CLR_FD [pid 10307] ioctl(4, LOOP_CLR_FD) = 0 [pid 10304] <... ioctl resumed>) = 0 [pid 10307] close(4 [pid 10304] close(4) = 0 [pid 10307] <... close resumed>) = 0 [pid 10307] open("./file0", O_RDONLY [pid 10304] open("./file0", O_RDONLY [pid 10307] <... open resumed>) = 4 [pid 10304] <... open resumed>) = 4 [ 173.338857][T10328] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10328) [pid 10307] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10304] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10304] open("./file0", O_RDONLY) = 5 [pid 10304] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10304] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10340] <... write resumed>) = 16777216 [pid 10307] <... ioctl resumed>) = 0 [pid 10304] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10340] munmap(0x7fda9371b000, 138412032 [pid 10307] open("./file0", O_RDONLY [pid 10304] exit_group(0 [pid 10307] <... open resumed>) = 5 [pid 10304] <... exit_group resumed>) = ? [pid 10307] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10304] +++ exited with 0 +++ [pid 10307] <... ioctl resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10304, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 10340] <... munmap resumed>) = 0 [pid 10307] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10307] exit_group(0) = ? [pid 10307] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10307, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5065] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10340] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... restart_syscall resumed>) = 0 [pid 10340] <... openat resumed>) = 4 [pid 5065] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10340] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 5066] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(3, [pid 5066] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... openat resumed>) = 3 [pid 5065] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(AT_FDCWD, "./48/binderfs", [pid 10340] <... ioctl resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] unlink("./48/binderfs" [pid 5066] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 10340] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10340] <... close resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./49/binderfs", [pid 10340] mkdir("./file0", 0777) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10340] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] unlink("./49/binderfs") = 0 [ 173.473525][T10340] loop3: detected capacity change from 0 to 32768 [ 173.538332][T10340] BTRFS: device /dev/loop3 using temp-fsid 25c75aa8-e1df-480e-88ee-77670b55e310 [pid 5066] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10328] <... mount resumed>) = 0 [pid 10328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10328] chdir("./file0") = 0 [pid 10328] ioctl(4, LOOP_CLR_FD) = 0 [pid 10345] <... write resumed>) = 16777216 [pid 10328] close(4 [pid 10345] munmap(0x7fda9371b000, 138412032 [pid 10328] <... close resumed>) = 0 [pid 10345] <... munmap resumed>) = 0 [ 173.613540][T10340] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10340) [pid 10328] open("./file0", O_RDONLY) = 4 [pid 10345] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 10328] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10345] close(3) = 0 [pid 10345] mkdir("./file0", 0777) = 0 [pid 10364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10345] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10328] <... ioctl resumed>) = 0 [pid 10328] open("./file0", O_RDONLY) = 5 [pid 10328] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5065] <... umount2 resumed>) = 0 [ 173.671256][T10345] loop5: detected capacity change from 0 to 32768 [pid 10328] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5066] <... umount2 resumed>) = 0 [pid 5065] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./48/file0", [pid 10328] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10328] <... exit_group resumed>) = ? [pid 5066] newfstatat(AT_FDCWD, "./49/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10328] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10328, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 173.718300][T10345] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10345) [pid 5066] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 5065] newfstatat(4, "", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5065] getdents64(4, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... openat resumed>) = 3 [pid 5066] getdents64(4, [pid 5065] getdents64(4, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5065] close(4 [pid 5068] newfstatat(3, "", [pid 5066] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] rmdir("./49/file0" [pid 5065] rmdir("./48/file0" [pid 5068] getdents64(3, [pid 5066] <... rmdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] getdents64(3, [pid 5065] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5066] close(3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] newfstatat(AT_FDCWD, "./49/binderfs", [pid 5066] rmdir("./49" [pid 5065] close(3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] unlink("./49/binderfs" [pid 5066] mkdir("./50", 0777 [pid 5065] rmdir("./48") = 0 [pid 5065] mkdir("./49", 0777 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5068] <... unlink resumed>) = 0 [pid 5068] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] <... openat resumed>) = 3 [pid 5065] <... ioctl resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] close(3 [pid 5066] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5066] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10407 ./strace-static-x86_64: Process 10407 attached [pid 10407] set_robust_list(0x555557145760, 24./strace-static-x86_64: Process 10409 attached ) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 10409 [pid 10409] set_robust_list(0x555557145760, 24 [pid 10407] chdir("./49" [pid 10409] <... set_robust_list resumed>) = 0 [pid 10407] <... chdir resumed>) = 0 [pid 10409] chdir("./50" [pid 10407] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10409] <... chdir resumed>) = 0 [pid 10407] <... prctl resumed>) = 0 [pid 10409] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10407] setpgid(0, 0 [pid 10409] <... prctl resumed>) = 0 [pid 10407] <... setpgid resumed>) = 0 [pid 10409] setpgid(0, 0 [pid 10407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10409] <... setpgid resumed>) = 0 [pid 10407] <... openat resumed>) = 3 [pid 10409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10407] write(3, "1000", 4 [pid 10409] <... openat resumed>) = 3 [pid 10407] <... write resumed>) = 4 [pid 10407] close(3) = 0 [pid 10407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10409] write(3, "1000", 4 [pid 10407] memfd_create("syzkaller", 0 [pid 10409] <... write resumed>) = 4 [pid 10407] <... memfd_create resumed>) = 3 [pid 10407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10409] close(3 [pid 10407] <... mmap resumed>) = 0x7fda9371b000 [pid 10409] <... close resumed>) = 0 [pid 10409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10409] memfd_create("syzkaller", 0) = 3 [pid 10409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10364] <... write resumed>) = 16777216 [pid 10364] munmap(0x7fda9371b000, 138412032 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10364] <... munmap resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./49/file0", [pid 10364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10364] ioctl(4, LOOP_SET_FD, 3 [pid 5068] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 10340] <... mount resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] close(4 [pid 10340] <... openat resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 10340] chdir("./file0" [pid 5068] rmdir("./49/file0" [pid 10340] <... chdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 10340] ioctl(4, LOOP_CLR_FD [pid 5068] getdents64(3, [pid 10340] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 10340] close(4 [pid 5068] close(3 [pid 10340] <... close resumed>) = 0 [pid 10340] open("./file0", O_RDONLY [pid 5068] <... close resumed>) = 0 [pid 10364] <... ioctl resumed>) = 0 [pid 10364] close(3 [pid 10345] <... mount resumed>) = 0 [pid 10340] <... open resumed>) = 4 [pid 5068] rmdir("./49" [pid 10364] <... close resumed>) = 0 [pid 10345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10340] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... rmdir resumed>) = 0 [pid 10364] mkdir("./file0", 0777 [pid 10345] <... openat resumed>) = 3 [pid 5068] mkdir("./50", 0777 [pid 10364] <... mkdir resumed>) = 0 [pid 10345] chdir("./file0" [pid 5068] <... mkdir resumed>) = 0 [pid 10345] <... chdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10345] ioctl(4, LOOP_CLR_FD [pid 5068] <... openat resumed>) = 3 [pid 10345] <... ioctl resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 10345] close(4) = 0 [pid 5068] <... ioctl resumed>) = 0 [ 174.063947][T10364] loop0: detected capacity change from 0 to 32768 [pid 10345] open("./file0", O_RDONLY [pid 5068] close(3 [pid 10364] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10345] <... open resumed>) = 4 [pid 10340] <... ioctl resumed>) = 0 [pid 10345] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10340] open("./file0", O_RDONLY [pid 5068] <... close resumed>) = 0 [pid 10340] <... open resumed>) = 5 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10340] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10432 [pid 10340] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 10432 attached [pid 10340] exit_group(0) = ? [pid 10340] +++ exited with 0 +++ [pid 10432] set_robust_list(0x555557145760, 24 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10340, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 10432] <... set_robust_list resumed>) = 0 [pid 10432] chdir("./50" [pid 10345] <... ioctl resumed>) = 0 [pid 10432] <... chdir resumed>) = 0 [pid 10345] open("./file0", O_RDONLY [pid 10432] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10345] <... open resumed>) = 5 [pid 10432] <... prctl resumed>) = 0 [pid 10345] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10432] setpgid(0, 0 [pid 10345] <... ioctl resumed>) = 0 [pid 10432] <... setpgid resumed>) = 0 [pid 10345] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10345] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10432] <... openat resumed>) = 3 [pid 10345] exit_group(0 [pid 10432] write(3, "1000", 4 [pid 10345] <... exit_group resumed>) = ? [pid 10432] <... write resumed>) = 4 [pid 10345] +++ exited with 0 +++ [pid 10432] close(3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10345, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- [pid 10432] <... close resumed>) = 0 [pid 10432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10432] memfd_create("syzkaller", 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10432] <... memfd_create resumed>) = 3 [pid 5069] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... openat resumed>) = 3 [pid 10432] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 174.131699][T10364] BTRFS: device /dev/loop0 using temp-fsid bb9e5949-bda5-4ea4-8a89-58a868e927db [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./49/binderfs" [pid 5067] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... unlink resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 174.189689][T10364] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10364) [pid 5067] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./48/binderfs") = 0 [pid 5067] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./49/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./49") = 0 [ 174.449299][T10364] _btrfs_printk: 84 callbacks suppressed [ 174.449315][T10364] BTRFS info (device loop0): enabling ssd optimizations [ 174.483635][T10364] BTRFS info (device loop0): auto enabling async discard [pid 10407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] mkdir("./50", 0777 [pid 5067] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] newfstatat(AT_FDCWD, "./48/file0", [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10450 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 174.511419][T10364] BTRFS info (device loop0): rebuilding free space tree [ 174.550158][T10364] BTRFS info (device loop0): disabling free space tree [pid 5067] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10450 attached [pid 10450] set_robust_list(0x555557145760, 24) = 0 [pid 10450] chdir("./50") = 0 [pid 10450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10450] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 10450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10450] <... openat resumed>) = 3 [pid 10450] write(3, "1000", 4 [pid 5067] getdents64(4, [pid 10450] <... write resumed>) = 4 [pid 10450] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10450] <... close resumed>) = 0 [ 174.557049][T10364] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] close(4 [pid 10450] memfd_create("syzkaller", 0 [pid 5067] <... close resumed>) = 0 [pid 10450] <... memfd_create resumed>) = 3 [pid 5067] rmdir("./48/file0" [pid 10450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./48") = 0 [pid 5067] mkdir("./49", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 174.620460][T10364] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3 [pid 10364] <... mount resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 10364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10364] <... openat resumed>) = 3 ./strace-static-x86_64: Process 10452 attached [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 10452 [pid 10452] set_robust_list(0x555557145760, 24 [pid 10432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10364] chdir("./file0" [pid 10452] <... set_robust_list resumed>) = 0 [pid 10364] <... chdir resumed>) = 0 [ 174.680769][T10364] BTRFS info (device loop0): checking UUID tree [pid 10452] chdir("./49" [pid 10364] ioctl(4, LOOP_CLR_FD [pid 10452] <... chdir resumed>) = 0 [pid 10452] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10364] <... ioctl resumed>) = 0 [pid 10452] <... prctl resumed>) = 0 [pid 10364] close(4 [pid 10452] setpgid(0, 0 [pid 10364] <... close resumed>) = 0 [pid 10364] open("./file0", O_RDONLY) = 4 [pid 10364] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10452] <... setpgid resumed>) = 0 [pid 10452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10364] <... ioctl resumed>) = 0 [pid 10452] write(3, "1000", 4 [pid 10364] open("./file0", O_RDONLY) = 5 [pid 10452] <... write resumed>) = 4 [pid 10364] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10452] close(3 [pid 10364] <... ioctl resumed>) = 0 [pid 10452] <... close resumed>) = 0 [pid 10452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10452] memfd_create("syzkaller", 0 [pid 10364] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10452] <... memfd_create resumed>) = 3 [pid 10364] exit_group(0) = ? [pid 10452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10364] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10364, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=29 /* 0.29 s */} --- [ 174.804129][ T76] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 10452] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./48/binderfs") = 0 [pid 5064] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10409] <... write resumed>) = 16777216 [pid 10409] munmap(0x7fda9371b000, 138412032) = 0 [pid 10450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10409] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10409] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10409] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10409] mkdir("./file0", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10409] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [ 175.129701][T10409] loop2: detected capacity change from 0 to 32768 [pid 10409] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10407] <... write resumed>) = 16777216 [pid 10407] munmap(0x7fda9371b000, 138412032 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [ 175.169585][T10409] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10409) [pid 5064] rmdir("./48/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 10407] <... munmap resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./48") = 0 [pid 5064] mkdir("./49", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 10407] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10454 attached [pid 10452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10407] <... openat resumed>) = 4 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 10454 [pid 10454] set_robust_list(0x555557145760, 24) = 0 [pid 10407] ioctl(4, LOOP_SET_FD, 3 [pid 10454] chdir("./49") = 0 [pid 10454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10454] setpgid(0, 0) = 0 [pid 10454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10454] write(3, "1000", 4) = 4 [ 175.278541][T10409] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 175.294816][T10407] loop1: detected capacity change from 0 to 32768 [pid 10454] close(3) = 0 [pid 10407] <... ioctl resumed>) = 0 [pid 10454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10407] close(3) = 0 [pid 10407] mkdir("./file0", 0777) = 0 [pid 10407] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 175.328797][T10409] BTRFS info (device loop2): force clearing of disk cache [ 175.335923][T10409] BTRFS info (device loop2): setting nodatasum [pid 10454] memfd_create("syzkaller", 0) = 3 [pid 10454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 175.373405][T10407] BTRFS: device /dev/loop1 using temp-fsid 7c762828-b6a0-4ee5-a48d-359b0fcc4ce6 [ 175.407799][T10409] BTRFS info (device loop2): allowing degraded mounts [ 175.415207][T10407] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10407) [ 175.429233][T10409] BTRFS info (device loop2): enabling disk space caching [ 175.460736][T10407] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 10432] <... write resumed>) = 16777216 [pid 10432] munmap(0x7fda9371b000, 138412032) = 0 [pid 10432] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 175.470887][T10409] BTRFS info (device loop2): disk space caching is enabled [ 175.491921][T10407] BTRFS info (device loop1): force clearing of disk cache [ 175.510640][T10407] BTRFS info (device loop1): setting nodatasum [pid 10432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10432] close(3) = 0 [pid 10432] mkdir("./file0", 0777) = 0 [ 175.522231][T10432] loop4: detected capacity change from 0 to 32768 [ 175.539265][T10407] BTRFS info (device loop1): allowing degraded mounts [pid 10450] <... write resumed>) = 16777216 [pid 10432] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10450] munmap(0x7fda9371b000, 138412032) = 0 [ 175.574168][T10407] BTRFS info (device loop1): enabling disk space caching [ 175.583632][T10432] BTRFS: device /dev/loop4 using temp-fsid c6aa7b59-4fdd-4ec8-9b3f-e3ecd9e4aec0 [ 175.598856][T10432] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10432) [ 175.603740][T10407] BTRFS info (device loop1): disk space caching is enabled [pid 10450] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 10450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10450] close(3) = 0 [pid 10450] mkdir("./file0", 0777) = 0 [ 175.645082][T10432] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 175.660182][T10450] loop5: detected capacity change from 0 to 32768 [ 175.683441][T10432] BTRFS info (device loop4): force clearing of disk cache [pid 10450] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10452] <... write resumed>) = 16777216 [pid 10452] munmap(0x7fda9371b000, 138412032) = 0 [pid 10452] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 175.692667][T10450] BTRFS: device /dev/loop5 using temp-fsid 0be2e174-0348-435b-8404-769544ac78bd [ 175.703410][T10450] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10450) [ 175.717006][T10432] BTRFS info (device loop4): setting nodatasum [ 175.723431][T10432] BTRFS info (device loop4): allowing degraded mounts [ 175.730929][T10432] BTRFS info (device loop4): enabling disk space caching [ 175.737999][T10432] BTRFS info (device loop4): disk space caching is enabled [pid 10452] ioctl(4, LOOP_SET_FD, 3 [pid 10454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10452] <... ioctl resumed>) = 0 [pid 10452] close(3) = 0 [pid 10452] mkdir("./file0", 0777) = 0 [ 175.749549][T10452] loop3: detected capacity change from 0 to 32768 [ 175.757857][T10450] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 175.784449][T10452] BTRFS: device /dev/loop3 using temp-fsid 7bb8fd06-aa48-4302-a3af-64cdb3c969fb [ 175.799130][T10409] BTRFS info (device loop2): enabling ssd optimizations [ 175.806122][T10450] BTRFS info (device loop5): force clearing of disk cache [ 175.813857][T10452] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10452) [ 175.814862][T10409] BTRFS info (device loop2): auto enabling async discard [ 175.833711][T10407] BTRFS info (device loop1): enabling ssd optimizations [ 175.833767][T10450] BTRFS info (device loop5): setting nodatasum [ 175.847773][T10450] BTRFS info (device loop5): allowing degraded mounts [ 175.849694][T10407] BTRFS info (device loop1): auto enabling async discard [ 175.867783][T10452] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 175.877053][T10450] BTRFS info (device loop5): enabling disk space caching [ 175.884923][T10452] BTRFS info (device loop3): force clearing of disk cache [ 175.885519][T10407] BTRFS info (device loop1): rebuilding free space tree [ 175.892348][T10450] BTRFS info (device loop5): disk space caching is enabled [ 175.906369][T10452] BTRFS info (device loop3): setting nodatasum [ 175.908085][T10409] BTRFS info (device loop2): rebuilding free space tree [ 175.913052][T10452] BTRFS info (device loop3): allowing degraded mounts [ 175.933632][T10452] BTRFS info (device loop3): enabling disk space caching [ 175.941983][T10452] BTRFS info (device loop3): disk space caching is enabled [ 175.949723][T10432] BTRFS info (device loop4): enabling ssd optimizations [ 175.957507][T10432] BTRFS info (device loop4): auto enabling async discard [ 175.965000][T10407] BTRFS info (device loop1): disabling free space tree [ 175.966179][T10432] BTRFS info (device loop4): rebuilding free space tree [ 175.972661][T10409] BTRFS info (device loop2): disabling free space tree [ 175.992829][T10432] BTRFS info (device loop4): disabling free space tree [ 175.999838][T10407] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 176.000346][T10432] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 176.011928][T10409] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 176.019726][T10432] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 176.040408][T10407] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10452] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10432] <... mount resumed>) = 0 [pid 10432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10432] chdir("./file0") = 0 [pid 10432] ioctl(4, LOOP_CLR_FD) = 0 [pid 10409] <... mount resumed>) = 0 [pid 10432] close(4 [pid 10409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10432] <... close resumed>) = 0 [pid 10432] open("./file0", O_RDONLY) = 4 [ 176.043248][T10432] BTRFS info (device loop4): checking UUID tree [ 176.057325][T10409] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 176.073898][T10409] BTRFS info (device loop2): checking UUID tree [pid 10432] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10409] <... openat resumed>) = 3 [pid 10432] <... ioctl resumed>) = 0 [pid 10432] open("./file0", O_RDONLY) = 5 [pid 10432] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10432] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10432] exit_group(0 [pid 10409] chdir("./file0" [pid 10432] <... exit_group resumed>) = ? [pid 10409] <... chdir resumed>) = 0 [pid 10432] +++ exited with 0 +++ [pid 10409] ioctl(4, LOOP_CLR_FD) = 0 [pid 10409] close(4) = 0 [pid 10409] open("./file0", O_RDONLY) = 4 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10432, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 10409] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5068] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 176.100114][T10407] BTRFS info (device loop1): checking UUID tree [pid 5068] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10409] open("./file0", O_RDONLY [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 10409] <... open resumed>) = 5 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10409] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 10409] <... ioctl resumed>) = 0 [pid 5068] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./50/binderfs" [pid 10409] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... unlink resumed>) = 0 [pid 10409] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 176.139118][T10450] BTRFS info (device loop5): enabling ssd optimizations [ 176.139222][T10452] BTRFS info (device loop3): enabling ssd optimizations [ 176.146059][T10450] BTRFS info (device loop5): auto enabling async discard [ 176.168632][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 176.175373][T10452] BTRFS info (device loop3): auto enabling async discard [pid 10409] exit_group(0 [pid 10454] <... write resumed>) = 16777216 [pid 10409] <... exit_group resumed>) = ? [pid 10407] <... mount resumed>) = 0 [pid 10454] munmap(0x7fda9371b000, 138412032 [pid 10407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10407] chdir("./file0") = 0 [pid 10407] ioctl(4, LOOP_CLR_FD) = 0 [pid 10407] close(4 [pid 10454] <... munmap resumed>) = 0 [pid 10407] <... close resumed>) = 0 [pid 10407] open("./file0", O_RDONLY [pid 10409] +++ exited with 0 +++ [pid 10407] <... open resumed>) = 4 [pid 10454] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10407] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10454] <... openat resumed>) = 4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10409, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 10454] ioctl(4, LOOP_SET_FD, 3 [pid 10407] <... ioctl resumed>) = 0 [pid 5066] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10407] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10407] <... open resumed>) = 5 [pid 5066] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10407] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... openat resumed>) = 3 [pid 10407] <... ioctl resumed>) = 0 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 10407] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 10407] exit_group(0 [pid 5066] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10407] <... exit_group resumed>) = ? [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10407] +++ exited with 0 +++ [pid 5066] unlink("./50/binderfs") = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10407, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- [pid 5066] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 176.178544][T10450] BTRFS info (device loop5): rebuilding free space tree [ 176.195506][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 176.213610][T10454] loop0: detected capacity change from 0 to 32768 [ 176.220008][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./49/binderfs") = 0 [pid 5065] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10454] <... ioctl resumed>) = 0 [pid 10454] close(3) = 0 [ 176.257213][T10450] BTRFS info (device loop5): disabling free space tree [ 176.273956][T10452] BTRFS info (device loop3): rebuilding free space tree [ 176.278595][T10450] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 176.291825][T10450] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10454] mkdir("./file0", 0777) = 0 [ 176.322732][T10450] BTRFS info (device loop5): checking UUID tree [ 176.339215][T10452] BTRFS info (device loop3): disabling free space tree [ 176.346106][T10452] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 176.348890][T10454] BTRFS: device /dev/loop0 using temp-fsid 834c0056-205d-46ef-b09e-3c58052ce31f [pid 10454] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10450] <... mount resumed>) = 0 [pid 10450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10450] chdir("./file0") = 0 [pid 10450] ioctl(4, LOOP_CLR_FD) = 0 [pid 10450] close(4) = 0 [pid 10450] open("./file0", O_RDONLY) = 4 [ 176.369280][T10452] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10450] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10450] open("./file0", O_RDONLY) = 5 [pid 10450] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10450] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10450] exit_group(0) = ? [pid 10450] +++ exited with 0 +++ [ 176.420244][T10454] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10454) [ 176.421985][T10452] BTRFS info (device loop3): checking UUID tree [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10450, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- [pid 5069] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10452] <... mount resumed>) = 0 [pid 5069] unlink("./50/binderfs" [pid 5068] <... umount2 resumed>) = 0 [pid 10452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... unlink resumed>) = 0 [pid 5068] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5066] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./50/file0", [pid 5066] newfstatat(AT_FDCWD, "./50/file0", [pid 5065] newfstatat(AT_FDCWD, "./49/file0", [pid 10452] <... openat resumed>) = 3 [pid 5069] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10452] chdir("./file0" [pid 5068] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 176.477645][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 176.482984][T10454] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10452] <... chdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10452] ioctl(4, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10452] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 5065] <... openat resumed>) = 4 [pid 10452] close(4 [pid 5068] newfstatat(4, "", [pid 5066] newfstatat(4, "", [pid 5065] newfstatat(4, "", [pid 10452] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5065] getdents64(4, [pid 10452] open("./file0", O_RDONLY [pid 5068] getdents64(4, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10452] <... open resumed>) = 4 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5065] getdents64(4, [pid 10452] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] getdents64(4, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5066] close(4 [pid 5065] close(4 [pid 5066] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5066] rmdir("./50/file0" [pid 5065] rmdir("./49/file0" [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5065] getdents64(3, [pid 5068] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] rmdir("./50/file0" [pid 5066] close(3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./50" [pid 5065] close(3 [pid 5068] <... rmdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5065] <... close resumed>) = 0 [pid 5066] mkdir("./51", 0777 [pid 5065] rmdir("./49" [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] mkdir("./50", 0777 [pid 5068] close(3) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5065] <... mkdir resumed>) = 0 [pid 10452] <... ioctl resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5066] close(3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] <... close resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] close(3 [pid 10452] open("./file0", O_RDONLY [pid 5068] rmdir("./50" [pid 5065] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 10538 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10452] <... open resumed>) = 5 [pid 5068] <... rmdir resumed>) = 0 [pid 10452] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [ 176.557821][T10454] BTRFS info (device loop0): force clearing of disk cache [pid 5068] mkdir("./51", 0777./strace-static-x86_64: Process 10538 attached [pid 10452] <... ioctl resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10540 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10538] set_robust_list(0x555557145760, 24 [pid 10452] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... openat resumed>) = 3 [pid 10452] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 10540 attached [pid 10538] <... set_robust_list resumed>) = 0 [pid 10452] exit_group(0 [pid 5068] <... ioctl resumed>) = 0 [pid 10540] set_robust_list(0x555557145760, 24 [pid 10538] chdir("./51" [pid 10452] <... exit_group resumed>) = ? [pid 5068] close(3 [pid 10540] <... set_robust_list resumed>) = 0 [pid 10538] <... chdir resumed>) = 0 [pid 10540] chdir("./50" [pid 10538] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10452] +++ exited with 0 +++ [pid 10540] <... chdir resumed>) = 0 [pid 10538] <... prctl resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 10540] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10538] setpgid(0, 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10452, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- [pid 10540] <... prctl resumed>) = 0 [pid 10538] <... setpgid resumed>) = 0 [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 10540] setpgid(0, 0 [pid 10538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... restart_syscall resumed>) = 0 [pid 10540] <... setpgid resumed>) = 0 [pid 10538] <... openat resumed>) = 3 [pid 10540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10538] write(3, "1000", 4 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10541 [pid 10540] <... openat resumed>) = 3 [pid 10538] <... write resumed>) = 4 [pid 5067] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10540] write(3, "1000", 4 [pid 10538] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10540] <... write resumed>) = 4 [pid 10538] <... close resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10541 attached [pid 10540] close(3 [pid 10538] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... openat resumed>) = 3 [pid 10541] set_robust_list(0x555557145760, 24 [pid 10540] <... close resumed>) = 0 [pid 10538] <... symlink resumed>) = 0 [pid 5067] newfstatat(3, "", [pid 10540] symlink("/dev/binderfs", "./binderfs" [pid 10538] memfd_create("syzkaller", 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10541] <... set_robust_list resumed>) = 0 [pid 10540] <... symlink resumed>) = 0 [pid 10538] <... memfd_create resumed>) = 3 [pid 5067] getdents64(3, [pid 10541] chdir("./51" [pid 10540] memfd_create("syzkaller", 0 [pid 10538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./49/binderfs", [pid 10540] <... memfd_create resumed>) = 3 [pid 10538] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 176.602510][T10454] BTRFS info (device loop0): setting nodatasum [ 176.638127][T10454] BTRFS info (device loop0): allowing degraded mounts [pid 10540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] unlink("./49/binderfs" [pid 10541] <... chdir resumed>) = 0 [pid 10540] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... unlink resumed>) = 0 [pid 10541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10541] setpgid(0, 0 [pid 5067] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10541] <... setpgid resumed>) = 0 [ 176.638241][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 10541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10541] write(3, "1000", 4) = 4 [pid 10541] close(3) = 0 [pid 10541] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... umount2 resumed>) = 0 [pid 10541] <... symlink resumed>) = 0 [pid 10541] memfd_create("syzkaller", 0) = 3 [pid 5069] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./50/file0", [pid 10541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10541] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 176.679492][T10454] BTRFS info (device loop0): enabling disk space caching [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./50/file0") = 0 [ 176.733475][T10454] BTRFS info (device loop0): disk space caching is enabled [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./50") = 0 [pid 5069] mkdir("./51", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] <... umount2 resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10556 attached ) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./49/file0", [pid 10556] set_robust_list(0x555557145760, 24 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10556] <... set_robust_list resumed>) = 0 [pid 10556] chdir("./51" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10556 [pid 5067] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10556] <... chdir resumed>) = 0 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 10556] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10556] <... prctl resumed>) = 0 [pid 5067] close(4 [pid 10556] setpgid(0, 0 [pid 5067] <... close resumed>) = 0 [pid 10556] <... setpgid resumed>) = 0 [ 176.959817][T10454] BTRFS info (device loop0): enabling ssd optimizations [ 176.967001][T10454] BTRFS info (device loop0): auto enabling async discard [ 176.976100][T10454] BTRFS info (device loop0): rebuilding free space tree [ 176.989952][T10454] BTRFS info (device loop0): disabling free space tree [ 176.996875][T10454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] rmdir("./49/file0" [pid 10556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 10556] <... openat resumed>) = 3 [pid 5067] close(3 [pid 10556] write(3, "1000", 4 [pid 5067] <... close resumed>) = 0 [pid 10556] <... write resumed>) = 4 [pid 5067] rmdir("./49" [pid 10556] close(3 [pid 5067] <... rmdir resumed>) = 0 [pid 10556] <... close resumed>) = 0 [pid 5067] mkdir("./50", 0777 [pid 10556] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... mkdir resumed>) = 0 [pid 10556] <... symlink resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10556] memfd_create("syzkaller", 0 [pid 5067] <... openat resumed>) = 3 [pid 10556] <... memfd_create resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 10556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... ioctl resumed>) = 0 [pid 10556] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10559 attached , child_tidptr=0x555557145750) = 10559 [pid 10559] set_robust_list(0x555557145760, 24) = 0 [ 177.007678][T10454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10559] chdir("./50") = 0 [pid 10540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10559] setpgid(0, 0) = 0 [pid 10559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10559] write(3, "1000", 4) = 4 [pid 10559] close(3) = 0 [ 177.066600][T10454] BTRFS info (device loop0): checking UUID tree [pid 10559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10454] <... mount resumed>) = 0 [pid 10559] memfd_create("syzkaller", 0 [pid 10454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10559] <... memfd_create resumed>) = 3 [pid 10454] <... openat resumed>) = 3 [pid 10559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10454] chdir("./file0") = 0 [pid 10454] ioctl(4, LOOP_CLR_FD) = 0 [pid 10454] close(4) = 0 [pid 10454] open("./file0", O_RDONLY) = 4 [pid 10454] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10454] open("./file0", O_RDONLY) = 5 [pid 10454] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10454] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10454] exit_group(0) = ? [pid 10454] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10454, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- [ 177.271163][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 10541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./49/binderfs") = 0 [pid 5064] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./49/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./49") = 0 [pid 5064] mkdir("./50", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10562 ./strace-static-x86_64: Process 10562 attached [pid 10562] set_robust_list(0x555557145760, 24) = 0 [pid 10562] chdir("./50") = 0 [pid 10562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10562] setpgid(0, 0) = 0 [pid 10562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10562] write(3, "1000", 4) = 4 [pid 10562] close(3) = 0 [pid 10562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10562] memfd_create("syzkaller", 0) = 3 [pid 10562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10540] <... write resumed>) = 16777216 [pid 10540] munmap(0x7fda9371b000, 138412032) = 0 [pid 10540] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10538] <... write resumed>) = 16777216 [pid 10538] munmap(0x7fda9371b000, 138412032 [pid 10540] <... openat resumed>) = 4 [pid 10540] ioctl(4, LOOP_SET_FD, 3 [pid 10538] <... munmap resumed>) = 0 [pid 10540] <... ioctl resumed>) = 0 [pid 10540] close(3) = 0 [pid 10538] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10540] mkdir("./file0", 0777 [pid 10538] <... openat resumed>) = 4 [pid 10538] ioctl(4, LOOP_SET_FD, 3 [pid 10540] <... mkdir resumed>) = 0 [pid 10538] <... ioctl resumed>) = 0 [ 177.895400][T10540] loop1: detected capacity change from 0 to 32768 [ 177.931076][T10538] loop2: detected capacity change from 0 to 32768 [pid 10540] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10541] <... write resumed>) = 16777216 [pid 10538] close(3) = 0 [pid 10538] mkdir("./file0", 0777) = 0 [ 177.948538][T10540] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10540) [pid 10538] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10541] munmap(0x7fda9371b000, 138412032) = 0 [ 177.994268][T10538] BTRFS: device /dev/loop2 using temp-fsid f7448504-c882-408b-bd9d-d900eff5e381 [ 178.003924][T10540] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 178.031703][T10540] BTRFS info (device loop1): force clearing of disk cache [pid 10541] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10541] close(3) = 0 [pid 10541] mkdir("./file0", 0777) = 0 [ 178.039862][T10538] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10538) [ 178.048777][T10540] BTRFS info (device loop1): setting nodatasum [ 178.058678][T10540] BTRFS info (device loop1): allowing degraded mounts [ 178.075577][T10541] loop4: detected capacity change from 0 to 32768 [pid 10541] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10556] <... write resumed>) = 16777216 [ 178.118968][T10540] BTRFS info (device loop1): enabling disk space caching [ 178.130626][T10538] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 178.140020][T10541] BTRFS: device /dev/loop4 using temp-fsid 67e3736f-2dac-4bc5-8ed6-749e4e9ef046 [ 178.149111][T10540] BTRFS info (device loop1): disk space caching is enabled [ 178.159944][T10538] BTRFS info (device loop2): force clearing of disk cache [pid 10556] munmap(0x7fda9371b000, 138412032) = 0 [pid 10562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10556] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 10559] <... write resumed>) = 16777216 [ 178.175450][T10541] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10541) [pid 10556] ioctl(4, LOOP_SET_FD, 3 [pid 10559] munmap(0x7fda9371b000, 138412032) = 0 [pid 10556] <... ioctl resumed>) = 0 [pid 10556] close(3) = 0 [pid 10559] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10556] mkdir("./file0", 0777) = 0 [pid 10556] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10559] <... openat resumed>) = 4 [pid 10559] ioctl(4, LOOP_SET_FD, 3) = 0 [ 178.223525][T10556] loop5: detected capacity change from 0 to 32768 [ 178.256250][T10556] BTRFS: device /dev/loop5 using temp-fsid 8411f023-e6bb-427d-a8bf-8d6f4eccbbed [ 178.267300][T10559] loop3: detected capacity change from 0 to 32768 [pid 10559] close(3) = 0 [pid 10559] mkdir("./file0", 0777) = 0 [pid 10540] <... mount resumed>) = 0 [ 178.288390][T10556] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10556) [pid 10559] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10540] chdir("./file0") = 0 [pid 10540] ioctl(4, LOOP_CLR_FD) = 0 [pid 10540] close(4) = 0 [pid 10540] open("./file0", O_RDONLY) = 4 [ 178.332386][T10559] BTRFS: device /dev/loop3 using temp-fsid e1dd7ea8-0623-4bc0-bad9-57c37d685d06 [pid 10540] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10562] <... write resumed>) = 16777216 [pid 10562] munmap(0x7fda9371b000, 138412032 [pid 10538] <... mount resumed>) = 0 [pid 10540] <... ioctl resumed>) = 0 [pid 10540] open("./file0", O_RDONLY [pid 10538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10540] <... open resumed>) = 5 [pid 10538] <... openat resumed>) = 3 [pid 10540] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10538] chdir("./file0") = 0 [pid 10538] ioctl(4, LOOP_CLR_FD) = 0 [pid 10538] close(4) = 0 [pid 10538] open("./file0", O_RDONLY) = 4 [ 178.379381][T10559] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10559) [pid 10538] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10562] <... munmap resumed>) = 0 [pid 10562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10562] ioctl(4, LOOP_SET_FD, 3 [pid 10541] <... mount resumed>) = 0 [pid 10541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10541] chdir("./file0" [pid 10540] <... ioctl resumed>) = 0 [pid 10562] <... ioctl resumed>) = 0 [pid 10541] <... chdir resumed>) = 0 [pid 10540] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10540] exit_group(0) = ? [pid 10540] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10540, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- [pid 10541] ioctl(4, LOOP_CLR_FD) = 0 [pid 10541] close(4 [pid 5065] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10541] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10541] open("./file0", O_RDONLY [pid 5065] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10541] <... open resumed>) = 4 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 10541] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10538] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10538] open("./file0", O_RDONLY) = 5 [pid 5065] getdents64(3, [pid 10538] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 10562] close(3 [pid 10541] <... ioctl resumed>) = 0 [pid 10538] <... ioctl resumed>) = 0 [pid 5065] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10562] <... close resumed>) = 0 [pid 10541] open("./file0", O_RDONLY [pid 10538] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10562] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10562] <... mkdir resumed>) = 0 [pid 10541] <... open resumed>) = 5 [pid 10538] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10556] <... mount resumed>) = 0 [ 178.449124][T10562] loop0: detected capacity change from 0 to 32768 [pid 5065] newfstatat(AT_FDCWD, "./50/binderfs", [pid 10562] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10541] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10538] exit_group(0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10556] <... openat resumed>) = 3 [pid 10541] <... ioctl resumed>) = 0 [pid 10538] <... exit_group resumed>) = ? [pid 5065] unlink("./50/binderfs" [pid 10556] chdir("./file0" [pid 5065] <... unlink resumed>) = 0 [pid 10556] <... chdir resumed>) = 0 [pid 10541] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10556] ioctl(4, LOOP_CLR_FD [pid 10541] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10538] +++ exited with 0 +++ [pid 5065] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10541] exit_group(0) = ? [pid 10556] <... ioctl resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10538, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 10556] close(4 [pid 5066] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10556] <... close resumed>) = 0 [pid 10541] +++ exited with 0 +++ [pid 5066] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10556] open("./file0", O_RDONLY) = 4 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10541, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5066] <... openat resumed>) = 3 [pid 10556] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(3, "", [pid 5066] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./51/binderfs", [pid 10556] <... ioctl resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./51/binderfs" [pid 5068] unlink("./51/binderfs" [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10556] open("./file0", O_RDONLY [pid 5068] <... unlink resumed>) = 0 [pid 10556] <... open resumed>) = 5 [pid 5068] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10556] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10556] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10556] exit_group(0) = ? [pid 10556] +++ exited with 0 +++ [ 178.521430][T10562] BTRFS: device /dev/loop0 using temp-fsid a4f6e45b-23c7-4c20-9e08-ee0c7a0f9490 [ 178.552802][T10562] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10562) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10556, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5069] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./51/binderfs") = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5069] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./50/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./50") = 0 [pid 5065] mkdir("./51", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10559] <... mount resumed>) = 0 [pid 10559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10660 [pid 10559] <... openat resumed>) = 3 [pid 10559] chdir("./file0") = 0 [pid 10559] ioctl(4, LOOP_CLR_FD) = 0 [pid 10559] close(4./strace-static-x86_64: Process 10660 attached ) = 0 [pid 10559] open("./file0", O_RDONLY) = 4 [pid 10660] set_robust_list(0x555557145760, 24 [pid 5068] <... umount2 resumed>) = 0 [pid 10660] <... set_robust_list resumed>) = 0 [pid 10660] chdir("./51") = 0 [pid 10660] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10559] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10660] <... prctl resumed>) = 0 [pid 10660] setpgid(0, 0) = 0 [pid 10660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./51/file0", [pid 5069] <... umount2 resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10660] write(3, "1000", 4 [pid 5068] getdents64(4, [pid 10660] <... write resumed>) = 4 [pid 5069] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10660] close(3 [pid 10559] <... ioctl resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./51/file0", [pid 5068] getdents64(4, [pid 10660] <... close resumed>) = 0 [pid 10559] open("./file0", O_RDONLY [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10660] symlink("/dev/binderfs", "./binderfs" [pid 10559] <... open resumed>) = 5 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10660] <... symlink resumed>) = 0 [pid 5069] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10559] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10660] memfd_create("syzkaller", 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(4 [pid 5069] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10660] <... memfd_create resumed>) = 3 [pid 10660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... openat resumed>) = 4 [pid 5068] <... close resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 5068] rmdir("./51/file0" [pid 10660] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./51/file0" [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5069] getdents64(3, [pid 5068] rmdir("./51") = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5068] mkdir("./52", 0777) = 0 [pid 5069] <... close resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10559] <... ioctl resumed>) = 0 [pid 10559] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] rmdir("./51" [pid 5068] <... openat resumed>) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 10559] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10559] exit_group(0 [pid 5069] mkdir("./52", 0777 [pid 5068] <... ioctl resumed>) = 0 [pid 10559] <... exit_group resumed>) = ? [pid 10559] +++ exited with 0 +++ [pid 5068] close(3 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10559, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./50/binderfs") = 0 [pid 5067] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10665 attached [pid 5069] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 10665] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10665 [pid 5066] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10665] <... set_robust_list resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10665] chdir("./52") = 0 [pid 5069] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./51/file0", [pid 10665] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10665] <... prctl resumed>) = 0 [pid 5069] <... ioctl resumed>) = 0 [pid 5066] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10665] setpgid(0, 0 [pid 5069] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10665] <... setpgid resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... openat resumed>) = 4 ./strace-static-x86_64: Process 10666 attached [pid 10665] <... openat resumed>) = 3 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10562] <... mount resumed>) = 0 [pid 5066] close(4 [pid 10665] write(3, "1000", 4 [pid 10562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 10665] <... write resumed>) = 4 [pid 10666] set_robust_list(0x555557145760, 24 [pid 10665] close(3 [pid 10562] <... openat resumed>) = 3 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10666 [pid 5066] rmdir("./51/file0" [pid 10665] <... close resumed>) = 0 [pid 10666] <... set_robust_list resumed>) = 0 [pid 10665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10562] chdir("./file0" [pid 5066] <... rmdir resumed>) = 0 [pid 10665] memfd_create("syzkaller", 0 [pid 10562] <... chdir resumed>) = 0 [pid 5066] getdents64(3, [pid 10666] chdir("./52" [pid 10665] <... memfd_create resumed>) = 3 [pid 10666] <... chdir resumed>) = 0 [pid 10562] ioctl(4, LOOP_CLR_FD [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 10666] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10562] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 10666] <... prctl resumed>) = 0 [pid 10562] close(4 [pid 5066] <... close resumed>) = 0 [pid 10666] setpgid(0, 0 [pid 10562] <... close resumed>) = 0 [pid 5066] rmdir("./51" [pid 10666] <... setpgid resumed>) = 0 [pid 10665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10562] open("./file0", O_RDONLY [pid 5066] <... rmdir resumed>) = 0 [pid 10562] <... open resumed>) = 4 [pid 5066] mkdir("./52", 0777 [pid 10562] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... mkdir resumed>) = 0 [pid 10665] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10667 attached [pid 10666] <... openat resumed>) = 3 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 10667 [pid 10667] set_robust_list(0x555557145760, 24 [pid 10666] write(3, "1000", 4 [pid 10667] <... set_robust_list resumed>) = 0 [pid 10666] <... write resumed>) = 4 [pid 10667] chdir("./52" [pid 10666] close(3 [pid 10667] <... chdir resumed>) = 0 [pid 10667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10666] <... close resumed>) = 0 [pid 10667] setpgid(0, 0 [pid 10666] symlink("/dev/binderfs", "./binderfs" [pid 10667] <... setpgid resumed>) = 0 [pid 10666] <... symlink resumed>) = 0 [pid 10667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10666] memfd_create("syzkaller", 0 [pid 10667] write(3, "1000", 4 [pid 10666] <... memfd_create resumed>) = 3 [pid 10667] <... write resumed>) = 4 [pid 10667] close(3) = 0 [pid 10667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10667] memfd_create("syzkaller", 0 [pid 10666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10667] <... memfd_create resumed>) = 3 [pid 10666] <... mmap resumed>) = 0x7fda9371b000 [pid 10667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10562] <... ioctl resumed>) = 0 [pid 10562] open("./file0", O_RDONLY) = 5 [pid 10562] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10562] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10562] exit_group(0) = ? [pid 10562] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10562, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [pid 5064] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./50/binderfs") = 0 [pid 5064] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./50/file0") = 0 [pid 5067] getdents64(3, [pid 10660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./50") = 0 [pid 5067] mkdir("./51", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10669 attached [pid 10669] set_robust_list(0x555557145760, 24) = 0 [pid 10669] chdir("./51") = 0 [pid 10669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10669] setpgid(0, 0) = 0 [pid 10669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 10669 [pid 10669] write(3, "1000", 4) = 4 [pid 10669] close(3) = 0 [pid 10669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10669] memfd_create("syzkaller", 0) = 3 [pid 10669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./50/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./50") = 0 [pid 5064] mkdir("./51", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10670 ./strace-static-x86_64: Process 10670 attached [pid 10670] set_robust_list(0x555557145760, 24) = 0 [pid 10670] chdir("./51") = 0 [pid 10670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10670] setpgid(0, 0) = 0 [pid 10670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10670] write(3, "1000", 4) = 4 [pid 10670] close(3) = 0 [pid 10670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10670] memfd_create("syzkaller", 0) = 3 [pid 10670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10660] <... write resumed>) = 16777216 [pid 10660] munmap(0x7fda9371b000, 138412032 [pid 10670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10660] <... munmap resumed>) = 0 [pid 10660] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10660] close(3) = 0 [pid 10660] mkdir("./file0", 0777) = 0 [ 180.142074][T10660] loop1: detected capacity change from 0 to 32768 [ 180.166163][T10660] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10660) [pid 10660] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10665] <... write resumed>) = 16777216 [pid 10665] munmap(0x7fda9371b000, 138412032) = 0 [ 180.219277][T10660] _btrfs_printk: 76 callbacks suppressed [ 180.219310][T10660] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 10665] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10667] <... write resumed>) = 16777216 [pid 10666] <... write resumed>) = 16777216 [pid 10665] <... openat resumed>) = 4 [pid 10665] ioctl(4, LOOP_SET_FD, 3 [pid 10667] munmap(0x7fda9371b000, 138412032) = 0 [pid 10665] <... ioctl resumed>) = 0 [pid 10666] munmap(0x7fda9371b000, 138412032 [pid 10665] close(3 [pid 10666] <... munmap resumed>) = 0 [pid 10665] <... close resumed>) = 0 [pid 10667] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10665] mkdir("./file0", 0777) = 0 [pid 10667] <... openat resumed>) = 4 [ 180.299073][T10660] BTRFS info (device loop1): force clearing of disk cache [ 180.300414][T10665] loop4: detected capacity change from 0 to 32768 [pid 10665] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10667] ioctl(4, LOOP_SET_FD, 3 [pid 10666] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 180.352854][T10660] BTRFS info (device loop1): setting nodatasum [ 180.372541][T10660] BTRFS info (device loop1): allowing degraded mounts [ 180.373108][T10667] loop2: detected capacity change from 0 to 32768 [ 180.386151][T10665] BTRFS: device /dev/loop4 using temp-fsid ab34bf42-f93c-4f17-b739-564d3d722e35 [ 180.391926][T10666] loop5: detected capacity change from 0 to 32768 [pid 10666] ioctl(4, LOOP_SET_FD, 3 [pid 10667] <... ioctl resumed>) = 0 [pid 10667] close(3) = 0 [pid 10667] mkdir("./file0", 0777) = 0 [pid 10667] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10666] <... ioctl resumed>) = 0 [pid 10666] close(3) = 0 [pid 10666] mkdir("./file0", 0777) = 0 [ 180.398204][T10665] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10665) [ 180.416435][T10660] BTRFS info (device loop1): enabling disk space caching [ 180.448068][T10660] BTRFS info (device loop1): disk space caching is enabled [ 180.470140][T10667] BTRFS: device /dev/loop2 using temp-fsid a3dd69a1-f4a2-4ff1-8ed6-b4e3b2dc62ca [ 180.480122][T10665] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 180.498837][T10667] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10667) [ 180.512107][T10665] BTRFS info (device loop4): force clearing of disk cache [ 180.528795][T10665] BTRFS info (device loop4): setting nodatasum [ 180.535362][T10665] BTRFS info (device loop4): allowing degraded mounts [pid 10666] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10669] <... write resumed>) = 16777216 [pid 10669] munmap(0x7fda9371b000, 138412032) = 0 [pid 10669] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 180.551162][T10667] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 180.569326][T10666] BTRFS: device /dev/loop5 using temp-fsid ce977417-19bd-47f9-a38d-495afb85d9f8 [ 180.574161][T10665] BTRFS info (device loop4): enabling disk space caching [ 180.579001][T10666] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10666) [pid 10669] ioctl(4, LOOP_SET_FD, 3 [pid 10670] <... write resumed>) = 16777216 [pid 10670] munmap(0x7fda9371b000, 138412032 [pid 10669] <... ioctl resumed>) = 0 [pid 10669] close(3) = 0 [pid 10669] mkdir("./file0", 0777) = 0 [ 180.598502][T10667] BTRFS info (device loop2): force clearing of disk cache [ 180.606557][T10665] BTRFS info (device loop4): disk space caching is enabled [ 180.607270][T10667] BTRFS info (device loop2): setting nodatasum [ 180.614059][T10669] loop3: detected capacity change from 0 to 32768 [ 180.620021][T10667] BTRFS info (device loop2): allowing degraded mounts [ 180.633591][T10667] BTRFS info (device loop2): enabling disk space caching [ 180.640764][T10667] BTRFS info (device loop2): disk space caching is enabled [pid 10669] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10670] <... munmap resumed>) = 0 [ 180.650532][T10669] BTRFS: device /dev/loop3 using temp-fsid cc84020c-181d-4b16-9067-889d4fd0f1be [ 180.659901][T10669] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10669) [ 180.672948][T10660] BTRFS info (device loop1): enabling ssd optimizations [ 180.680811][T10666] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 180.681201][T10660] BTRFS info (device loop1): auto enabling async discard [pid 10670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 180.692588][T10669] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 180.698452][T10666] BTRFS info (device loop5): force clearing of disk cache [ 180.709148][T10669] BTRFS info (device loop3): force clearing of disk cache [ 180.716505][T10666] BTRFS info (device loop5): setting nodatasum [ 180.721851][T10669] BTRFS info (device loop3): setting nodatasum [ 180.727025][T10660] BTRFS info (device loop1): rebuilding free space tree [ 180.733313][T10670] loop0: detected capacity change from 0 to 32768 [pid 10670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10670] close(3) = 0 [ 180.741501][T10666] BTRFS info (device loop5): allowing degraded mounts [ 180.747723][T10669] BTRFS info (device loop3): allowing degraded mounts [ 180.756145][T10666] BTRFS info (device loop5): enabling disk space caching [ 180.762102][T10669] BTRFS info (device loop3): enabling disk space caching [ 180.771137][T10666] BTRFS info (device loop5): disk space caching is enabled [ 180.775529][T10669] BTRFS info (device loop3): disk space caching is enabled [ 180.790955][T10660] BTRFS info (device loop1): disabling free space tree [pid 10670] mkdir("./file0", 0777) = 0 [pid 10670] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10660] <... mount resumed>) = 0 [pid 10660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10660] chdir("./file0") = 0 [pid 10660] ioctl(4, LOOP_CLR_FD) = 0 [pid 10660] close(4) = 0 [pid 10660] open("./file0", O_RDONLY) = 4 [pid 10660] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 180.793174][T10665] BTRFS info (device loop4): enabling ssd optimizations [ 180.799868][T10660] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 180.806102][T10665] BTRFS info (device loop4): auto enabling async discard [ 180.814403][T10660] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 180.817342][T10660] BTRFS info (device loop1): checking UUID tree [ 180.834211][T10665] BTRFS info (device loop4): rebuilding free space tree [pid 10660] open("./file0", O_RDONLY) = 5 [pid 10660] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10660] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10660] exit_group(0) = ? [pid 10660] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10660, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [pid 5065] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 180.869000][T10670] BTRFS: device /dev/loop0 using temp-fsid c17953f1-2e5c-4654-85ef-75a9d058c7a0 [ 180.879322][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 180.880459][T10670] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10670) [ 180.902971][T10667] BTRFS info (device loop2): enabling ssd optimizations [pid 5065] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./51/binderfs") = 0 [ 180.915743][T10667] BTRFS info (device loop2): auto enabling async discard [ 180.916154][T10665] BTRFS info (device loop4): disabling free space tree [ 180.933348][T10665] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 180.939661][T10667] BTRFS info (device loop2): rebuilding free space tree [ 180.943300][T10665] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 180.955524][T10670] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10665] <... mount resumed>) = 0 [ 180.977826][T10665] BTRFS info (device loop4): checking UUID tree [ 180.992767][T10666] BTRFS info (device loop5): enabling ssd optimizations [ 181.001525][T10666] BTRFS info (device loop5): auto enabling async discard [ 181.008992][T10670] BTRFS info (device loop0): force clearing of disk cache [ 181.018308][T10666] BTRFS info (device loop5): rebuilding free space tree [ 181.019975][T10669] BTRFS info (device loop3): enabling ssd optimizations [ 181.032281][T10666] BTRFS info (device loop5): disabling free space tree [ 181.032331][T10666] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 181.032351][T10666] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 181.035233][T10666] BTRFS info (device loop5): checking UUID tree [ 181.040929][T10667] BTRFS info (device loop2): disabling free space tree [pid 10665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10665] chdir("./file0") = 0 [pid 10665] ioctl(4, LOOP_CLR_FD) = 0 [pid 10665] close(4) = 0 [pid 10665] open("./file0", O_RDONLY) = 4 [pid 10665] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 181.050867][T10670] BTRFS info (device loop0): setting nodatasum [ 181.078927][T10670] BTRFS info (device loop0): allowing degraded mounts [ 181.085921][T10667] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 181.096518][T10670] BTRFS info (device loop0): enabling disk space caching [ 181.103651][T10669] BTRFS info (device loop3): auto enabling async discard [ 181.110832][T10667] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10665] open("./file0", O_RDONLY) = 5 [pid 10665] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10665] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10665] exit_group(0) = ? [pid 10667] <... mount resumed>) = 0 [pid 10666] <... mount resumed>) = 0 [pid 10665] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = 0 [pid 10667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10665, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=40 /* 0.40 s */} --- [pid 5065] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10667] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10667] chdir("./file0" [pid 10666] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./51/file0", [pid 10667] <... chdir resumed>) = 0 [pid 10666] chdir("./file0" [pid 5068] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10667] ioctl(4, LOOP_CLR_FD [pid 10666] <... chdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(3, "", [pid 5065] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10667] <... ioctl resumed>) = 0 [pid 10666] ioctl(4, LOOP_CLR_FD [pid 10667] close(4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 4 [pid 10667] <... close resumed>) = 0 [pid 10666] <... ioctl resumed>) = 0 [pid 5068] getdents64(3, [pid 10666] close(4 [pid 10667] open("./file0", O_RDONLY [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] newfstatat(4, "", [pid 10667] <... open resumed>) = 4 [pid 5068] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10666] <... close resumed>) = 0 [pid 10667] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10666] open("./file0", O_RDONLY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5068] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10666] <... open resumed>) = 4 [ 181.124122][T10670] BTRFS info (device loop0): disk space caching is enabled [ 181.125750][T10667] BTRFS info (device loop2): checking UUID tree [ 181.132687][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 181.154359][T10669] BTRFS info (device loop3): rebuilding free space tree [pid 10666] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, [pid 5068] unlink("./52/binderfs" [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5065] close(4 [pid 5068] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./51/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./51" [pid 10666] <... ioctl resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 10667] <... ioctl resumed>) = 0 [pid 10666] open("./file0", O_RDONLY [pid 5065] mkdir("./52", 0777 [pid 10666] <... open resumed>) = 5 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10666] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 10667] open("./file0", O_RDONLY [pid 5065] <... ioctl resumed>) = 0 [pid 10667] <... open resumed>) = 5 [pid 5065] close(3 [pid 10667] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... close resumed>) = 0 [pid 10667] <... ioctl resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10666] <... ioctl resumed>) = 0 [pid 10666] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10756 [pid 10667] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10666] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 10756 attached [pid 10756] set_robust_list(0x555557145760, 24) = 0 [ 181.230328][T10669] BTRFS info (device loop3): disabling free space tree [ 181.237234][T10669] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10756] chdir("./52" [pid 10667] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10666] exit_group(0 [pid 10756] <... chdir resumed>) = 0 [pid 10667] exit_group(0 [pid 10666] <... exit_group resumed>) = ? [pid 10756] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10667] <... exit_group resumed>) = ? [pid 10666] +++ exited with 0 +++ [pid 10756] <... prctl resumed>) = 0 [pid 10756] setpgid(0, 0 [pid 10667] +++ exited with 0 +++ [pid 10756] <... setpgid resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10666, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10667, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- [pid 10756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 181.273669][ T2855] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 181.299431][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 181.299449][T10669] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5069] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10756] write(3, "1000", 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", [pid 5066] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] getdents64(3, [pid 10756] <... write resumed>) = 4 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 10756] close(3 [pid 5066] newfstatat(3, "", [pid 10756] <... close resumed>) = 0 [pid 10756] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10756] <... symlink resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5066] getdents64(3, [pid 10756] memfd_create("syzkaller", 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 10756] <... memfd_create resumed>) = 3 [pid 5066] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] unlink("./52/binderfs") = 0 [pid 5069] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 181.310092][T10669] BTRFS info (device loop3): checking UUID tree [pid 5066] newfstatat(AT_FDCWD, "./52/binderfs", [pid 10756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10669] <... mount resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./52/binderfs") = 0 [pid 5066] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10756] <... mmap resumed>) = 0x7fda9371b000 [pid 10669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10669] chdir("./file0") = 0 [pid 10669] ioctl(4, LOOP_CLR_FD) = 0 [pid 10669] close(4 [pid 5068] <... umount2 resumed>) = 0 [pid 10669] <... close resumed>) = 0 [pid 5068] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10669] open("./file0", O_RDONLY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10669] <... open resumed>) = 4 [pid 5068] newfstatat(AT_FDCWD, "./52/file0", [pid 10669] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10669] <... ioctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10669] open("./file0", O_RDONLY) = 5 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 10669] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 181.394673][T10670] BTRFS info (device loop0): enabling ssd optimizations [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 10669] <... ioctl resumed>) = 0 [pid 5068] <... close resumed>) = 0 [ 181.452055][T10670] BTRFS info (device loop0): auto enabling async discard [pid 5068] rmdir("./52/file0" [pid 10669] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... rmdir resumed>) = 0 [pid 10669] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 10669] exit_group(0 [pid 5068] rmdir("./52" [pid 10669] <... exit_group resumed>) = ? [pid 5068] <... rmdir resumed>) = 0 [pid 10669] +++ exited with 0 +++ [pid 5068] mkdir("./53", 0777) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10669, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(3 [pid 5067] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10771 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10771 attached [pid 5067] newfstatat(AT_FDCWD, "./51/binderfs", [pid 10771] set_robust_list(0x555557145760, 24 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10771] <... set_robust_list resumed>) = 0 [pid 5067] unlink("./51/binderfs" [pid 10771] chdir("./53" [pid 5067] <... unlink resumed>) = 0 [pid 5067] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10771] <... chdir resumed>) = 0 [pid 10771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10771] setpgid(0, 0) = 0 [pid 10771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10771] write(3, "1000", 4) = 4 [pid 10771] close(3) = 0 [pid 10771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10771] memfd_create("syzkaller", 0) = 3 [pid 10771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 181.494708][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 181.529962][T10670] BTRFS info (device loop0): rebuilding free space tree [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", [pid 5066] <... umount2 resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] getdents64(4, [pid 5066] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] close(4 [ 181.586647][T10670] BTRFS info (device loop0): disabling free space tree [pid 5066] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5069] rmdir("./52/file0" [pid 5066] newfstatat(4, "", [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5069] getdents64(3, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5069] close(3 [pid 5066] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5066] rmdir("./52/file0" [pid 5069] rmdir("./52" [pid 5066] <... rmdir resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5069] mkdir("./53", 0777 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./52" [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] <... rmdir resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5066] mkdir("./53", 0777) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 181.629417][T10670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10774 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10773 ./strace-static-x86_64: Process 10773 attached ./strace-static-x86_64: Process 10774 attached [pid 10774] set_robust_list(0x555557145760, 24) = 0 [pid 10774] chdir("./53") = 0 [pid 10774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10774] setpgid(0, 0) = 0 [pid 10774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10773] set_robust_list(0x555557145760, 24 [pid 10774] <... openat resumed>) = 3 [pid 10773] <... set_robust_list resumed>) = 0 [pid 10774] write(3, "1000", 4 [pid 10773] chdir("./53" [pid 10774] <... write resumed>) = 4 [pid 10773] <... chdir resumed>) = 0 [pid 10774] close(3 [pid 10773] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10774] <... close resumed>) = 0 [pid 10773] <... prctl resumed>) = 0 [pid 10774] symlink("/dev/binderfs", "./binderfs" [pid 10773] setpgid(0, 0 [pid 10774] <... symlink resumed>) = 0 [pid 10774] memfd_create("syzkaller", 0 [pid 10773] <... setpgid resumed>) = 0 [pid 10774] <... memfd_create resumed>) = 3 [pid 10773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10773] <... openat resumed>) = 3 [pid 10773] write(3, "1000", 4) = 4 [pid 10773] close(3) = 0 [pid 10773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10773] memfd_create("syzkaller", 0) = 3 [ 181.683812][T10670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 181.779321][T10670] BTRFS info (device loop0): checking UUID tree [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./51/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./51") = 0 [pid 5067] mkdir("./52", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 10670] <... mount resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10776 attached [pid 10670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 10776 [pid 10776] set_robust_list(0x555557145760, 24 [pid 10670] <... openat resumed>) = 3 [pid 10776] <... set_robust_list resumed>) = 0 [pid 10670] chdir("./file0" [pid 10776] chdir("./52" [pid 10670] <... chdir resumed>) = 0 [pid 10776] <... chdir resumed>) = 0 [pid 10670] ioctl(4, LOOP_CLR_FD [pid 10776] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10670] <... ioctl resumed>) = 0 [pid 10776] <... prctl resumed>) = 0 [pid 10670] close(4 [pid 10776] setpgid(0, 0 [pid 10670] <... close resumed>) = 0 [pid 10776] <... setpgid resumed>) = 0 [pid 10670] open("./file0", O_RDONLY [pid 10776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10670] <... open resumed>) = 4 [pid 10776] <... openat resumed>) = 3 [pid 10670] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10776] write(3, "1000", 4) = 4 [pid 10776] close(3) = 0 [pid 10776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10776] memfd_create("syzkaller", 0) = 3 [pid 10776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10670] <... ioctl resumed>) = 0 [pid 10670] open("./file0", O_RDONLY) = 5 [pid 10670] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10670] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10670] exit_group(0) = ? [pid 10670] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10670, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=36 /* 0.36 s */} --- [pid 5064] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./51/binderfs") = 0 [pid 5064] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 182.070781][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 10771] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./51/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./51") = 0 [pid 5064] mkdir("./52", 0777) = 0 [pid 10776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10778 attached , child_tidptr=0x555557145750) = 10778 [pid 10778] set_robust_list(0x555557145760, 24) = 0 [pid 10778] chdir("./52") = 0 [pid 10778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10778] setpgid(0, 0) = 0 [pid 10778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10778] write(3, "1000", 4) = 4 [pid 10778] close(3) = 0 [pid 10778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10778] memfd_create("syzkaller", 0) = 3 [pid 10778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10756] <... write resumed>) = 16777216 [pid 10756] munmap(0x7fda9371b000, 138412032) = 0 [pid 10756] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10756] close(3) = 0 [pid 10756] mkdir("./file0", 0777) = 0 [ 182.758332][T10756] loop1: detected capacity change from 0 to 32768 [ 182.814987][T10756] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10756) [pid 10756] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10771] <... write resumed>) = 16777216 [pid 10771] munmap(0x7fda9371b000, 138412032) = 0 [pid 10773] <... write resumed>) = 16777216 [ 182.912188][T10756] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 10773] munmap(0x7fda9371b000, 138412032 [pid 10771] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10771] ioctl(4, LOOP_SET_FD, 3 [pid 10774] <... write resumed>) = 16777216 [pid 10774] munmap(0x7fda9371b000, 138412032 [pid 10773] <... munmap resumed>) = 0 [pid 10771] <... ioctl resumed>) = 0 [pid 10773] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 10771] close(3) = 0 [pid 10771] mkdir("./file0", 0777 [ 182.958982][T10756] BTRFS info (device loop1): force clearing of disk cache [ 182.968219][T10756] BTRFS info (device loop1): setting nodatasum [ 182.974937][T10771] loop4: detected capacity change from 0 to 32768 [ 182.993843][T10756] BTRFS info (device loop1): allowing degraded mounts [pid 10773] ioctl(4, LOOP_SET_FD, 3 [pid 10771] <... mkdir resumed>) = 0 [pid 10771] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10774] <... munmap resumed>) = 0 [pid 10774] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10774] ioctl(4, LOOP_SET_FD, 3 [pid 10778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10773] <... ioctl resumed>) = 0 [ 183.005194][T10773] loop5: detected capacity change from 0 to 32768 [ 183.013904][T10771] BTRFS: device /dev/loop4 using temp-fsid 96eb04bf-f3c1-4ed0-b7af-d8fc7b0b6849 [ 183.022322][T10774] loop2: detected capacity change from 0 to 32768 [ 183.029183][T10756] BTRFS info (device loop1): enabling disk space caching [pid 10774] <... ioctl resumed>) = 0 [pid 10773] close(3 [pid 10774] close(3 [pid 10773] <... close resumed>) = 0 [pid 10774] <... close resumed>) = 0 [pid 10773] mkdir("./file0", 0777) = 0 [pid 10774] mkdir("./file0", 0777 [pid 10773] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10774] <... mkdir resumed>) = 0 [pid 10774] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10776] <... write resumed>) = 16777216 [pid 10776] munmap(0x7fda9371b000, 138412032) = 0 [ 183.052654][T10756] BTRFS info (device loop1): disk space caching is enabled [ 183.060326][T10771] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10771) [pid 10776] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10776] close(3) = 0 [ 183.101772][T10773] BTRFS: device /dev/loop5 using temp-fsid 7ff56629-1616-435d-9612-6aca12f6226f [ 183.114042][T10776] loop3: detected capacity change from 0 to 32768 [ 183.114853][T10771] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 183.129742][T10773] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10773) [ 183.138847][T10771] BTRFS info (device loop4): force clearing of disk cache [pid 10776] mkdir("./file0", 0777) = 0 [ 183.154121][T10771] BTRFS info (device loop4): setting nodatasum [ 183.160875][T10771] BTRFS info (device loop4): allowing degraded mounts [ 183.167718][T10771] BTRFS info (device loop4): enabling disk space caching [ 183.177074][T10771] BTRFS info (device loop4): disk space caching is enabled [ 183.214861][T10774] BTRFS: device /dev/loop2 using temp-fsid 03e5808f-8014-434e-ba44-7ca7eea033f6 [ 183.227710][T10773] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 183.238049][T10774] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10774) [ 183.248835][T10773] BTRFS info (device loop5): force clearing of disk cache [pid 10776] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10778] <... write resumed>) = 16777216 [pid 10778] munmap(0x7fda9371b000, 138412032 [pid 10756] <... mount resumed>) = 0 [pid 10756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 183.259351][T10773] BTRFS info (device loop5): setting nodatasum [ 183.265699][T10773] BTRFS info (device loop5): allowing degraded mounts [ 183.274864][T10776] BTRFS: device /dev/loop3 using temp-fsid cdb9d085-0ba6-4c1e-bec7-a1c8e521f92e [ 183.289916][T10776] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10776) [pid 10756] chdir("./file0" [pid 10771] <... mount resumed>) = 0 [pid 10756] <... chdir resumed>) = 0 [pid 10771] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10756] ioctl(4, LOOP_CLR_FD [pid 10778] <... munmap resumed>) = 0 [pid 10778] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10756] <... ioctl resumed>) = 0 [pid 10771] <... openat resumed>) = 3 [pid 10778] <... openat resumed>) = 4 [pid 10771] chdir("./file0" [pid 10756] close(4) = 0 [pid 10771] <... chdir resumed>) = 0 [pid 10778] ioctl(4, LOOP_SET_FD, 3 [pid 10771] ioctl(4, LOOP_CLR_FD [pid 10756] open("./file0", O_RDONLY [pid 10771] <... ioctl resumed>) = 0 [pid 10778] <... ioctl resumed>) = 0 [pid 10771] close(4 [pid 10756] <... open resumed>) = 4 [pid 10771] <... close resumed>) = 0 [pid 10756] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10771] open("./file0", O_RDONLY) = 4 [pid 10778] close(3) = 0 [pid 10778] mkdir("./file0", 0777) = 0 [pid 10771] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 183.356646][T10778] loop0: detected capacity change from 0 to 32768 [ 183.381369][T10778] BTRFS: device /dev/loop0 using temp-fsid 208781f7-1537-4e94-8fc3-6c4a30fa61fe [pid 10778] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10756] <... ioctl resumed>) = 0 [pid 10756] open("./file0", O_RDONLY) = 5 [pid 10756] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10771] <... ioctl resumed>) = 0 [pid 10771] open("./file0", O_RDONLY) = 5 [pid 10756] <... ioctl resumed>) = 0 [pid 10771] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10771] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10756] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10756] exit_group(0) = ? [pid 10771] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10771] exit_group(0) = ? [pid 10771] +++ exited with 0 +++ [pid 10756] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10771, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10756, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [ 183.396472][T10778] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10778) [pid 5065] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 5065] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] getdents64(3, [pid 5065] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] unlink("./52/binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5065] <... unlink resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] unlink("./53/binderfs") = 0 [pid 5068] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10773] <... mount resumed>) = 0 [pid 10774] <... mount resumed>) = 0 [pid 10773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10774] chdir("./file0") = 0 [pid 10774] ioctl(4, LOOP_CLR_FD) = 0 [pid 10774] close(4) = 0 [pid 10774] open("./file0", O_RDONLY) = 4 [pid 10774] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10773] <... openat resumed>) = 3 [pid 10773] chdir("./file0" [pid 10776] <... mount resumed>) = 0 [pid 10773] <... chdir resumed>) = 0 [pid 10774] <... ioctl resumed>) = 0 [pid 10773] ioctl(4, LOOP_CLR_FD [pid 10774] open("./file0", O_RDONLY) = 5 [pid 10774] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10774] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10774] exit_group(0) = ? [pid 10774] +++ exited with 0 +++ [pid 10773] <... ioctl resumed>) = 0 [pid 10773] close(4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10774, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 10773] <... close resumed>) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 10773] open("./file0", O_RDONLY [pid 5066] <... restart_syscall resumed>) = 0 [pid 10773] <... open resumed>) = 4 [pid 10776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10776] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 10776] chdir("./file0" [pid 10773] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 10776] <... chdir resumed>) = 0 [pid 10776] ioctl(4, LOOP_CLR_FD [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 10776] <... ioctl resumed>) = 0 [pid 5066] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./53/binderfs", [pid 10776] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10776] <... close resumed>) = 0 [pid 5066] unlink("./53/binderfs" [pid 10776] open("./file0", O_RDONLY [pid 5066] <... unlink resumed>) = 0 [pid 10776] <... open resumed>) = 4 [pid 5066] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10776] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10773] <... ioctl resumed>) = 0 [pid 10773] open("./file0", O_RDONLY) = 5 [pid 10773] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10773] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10773] exit_group(0) = ? [pid 10773] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10773, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5065] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 5069] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... openat resumed>) = 3 [pid 5065] getdents64(4, [pid 5069] newfstatat(3, "", [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./52/file0" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./52") = 0 [pid 5069] getdents64(3, [pid 5065] mkdir("./53", 0777 [pid 10776] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... mkdir resumed>) = 0 [pid 10776] open("./file0", O_RDONLY [pid 5069] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10776] <... open resumed>) = 5 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./53/file0", [pid 10778] <... mount resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 10778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10776] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 10778] chdir("./file0") = 0 [pid 10778] ioctl(4, LOOP_CLR_FD [pid 5065] <... ioctl resumed>) = 0 [pid 10778] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 10778] close(4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10778] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 10778] open("./file0", O_RDONLY [pid 5069] unlink("./53/binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10778] <... open resumed>) = 4 [pid 10776] <... ioctl resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 10877 ./strace-static-x86_64: Process 10877 attached [pid 10877] set_robust_list(0x555557145760, 24 [pid 10778] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10877] <... set_robust_list resumed>) = 0 [pid 10877] chdir("./53" [pid 5068] <... openat resumed>) = 4 [pid 5069] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(4, "", [pid 10877] <... chdir resumed>) = 0 [pid 10877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10877] setpgid(0, 0 [pid 5068] getdents64(4, [pid 10877] <... setpgid resumed>) = 0 [pid 10776] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10776] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] getdents64(4, [pid 10776] exit_group(0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 10776] <... exit_group resumed>) = ? [pid 10877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10877] write(3, "1000", 4) = 4 [pid 10776] +++ exited with 0 +++ [pid 5068] <... close resumed>) = 0 [pid 10877] close(3) = 0 [pid 10877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10877] memfd_create("syzkaller", 0 [pid 5068] rmdir("./53/file0") = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10776, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 10778] <... ioctl resumed>) = 0 [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 5068] getdents64(3, [pid 10877] <... memfd_create resumed>) = 3 [pid 10778] open("./file0", O_RDONLY [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... restart_syscall resumed>) = 0 [pid 10877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10778] <... open resumed>) = 5 [pid 10877] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] close(3) = 0 [pid 10778] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] rmdir("./53" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5068] mkdir("./54", 0777 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... mkdir resumed>) = 0 [pid 5067] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5068] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./52/binderfs" [pid 10778] <... ioctl resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5067] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10778] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10778] exit_group(0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5066] <... umount2 resumed>) = 0 [pid 10778] <... exit_group resumed>) = ? [pid 5068] <... ioctl resumed>) = 0 [pid 10778] +++ exited with 0 +++ [pid 5068] close(3) = 0 [pid 5066] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./53/file0", [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10778, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- [pid 5064] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10879 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10879 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10879] set_robust_list(0x555557145760, 24 [pid 5066] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(3, "", [pid 10879] <... set_robust_list resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(4, "", [pid 10879] chdir("./54" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 10879] <... chdir resumed>) = 0 [pid 5066] getdents64(4, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./52/binderfs") = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./53/file0" [pid 10879] setpgid(0, 0 [pid 5066] <... rmdir resumed>) = 0 [pid 10879] <... setpgid resumed>) = 0 [pid 10879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10879] <... openat resumed>) = 3 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 10879] write(3, "1000", 4 [pid 5066] close(3 [pid 10879] <... write resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 10879] close(3 [pid 5066] rmdir("./53" [pid 10879] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 10879] symlink("/dev/binderfs", "./binderfs" [pid 5066] mkdir("./54", 0777 [pid 10879] <... symlink resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 10879] memfd_create("syzkaller", 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10879] <... memfd_create resumed>) = 3 [pid 5066] <... openat resumed>) = 3 [pid 10879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 10879] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10880 attached , child_tidptr=0x555557145750) = 10880 [pid 10880] set_robust_list(0x555557145760, 24) = 0 [pid 10880] chdir("./54") = 0 [pid 10880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10880] setpgid(0, 0) = 0 [pid 10880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10880] write(3, "1000", 4) = 4 [pid 10880] close(3) = 0 [pid 10880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10880] memfd_create("syzkaller", 0) = 3 [pid 10877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./52/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./52") = 0 [pid 5064] mkdir("./53", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10882 ./strace-static-x86_64: Process 10882 attached [pid 10882] set_robust_list(0x555557145760, 24) = 0 [pid 10882] chdir("./53") = 0 [pid 10882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10882] setpgid(0, 0) = 0 [pid 10882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10882] write(3, "1000", 4 [pid 10879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10882] <... write resumed>) = 4 [pid 10882] close(3) = 0 [pid 10882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10882] memfd_create("syzkaller", 0) = 3 [pid 10882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... umount2 resumed>) = 0 [pid 10882] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./53/file0") = 0 [pid 10880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./53") = 0 [pid 5069] mkdir("./54", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10883 attached [pid 10883] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10883 [pid 10883] <... set_robust_list resumed>) = 0 [pid 10883] chdir("./54") = 0 [pid 10883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10883] setpgid(0, 0) = 0 [pid 10883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... umount2 resumed>) = 0 [pid 10883] <... openat resumed>) = 3 [pid 10883] write(3, "1000", 4 [pid 5067] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10883] <... write resumed>) = 4 [pid 10883] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10883] <... close resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./52/file0", [pid 10883] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10883] <... symlink resumed>) = 0 [pid 5067] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10883] memfd_create("syzkaller", 0) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10883] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./52/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./52") = 0 [pid 5067] mkdir("./53", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10884 attached [pid 10884] set_robust_list(0x555557145760, 24) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 10884 [pid 10884] chdir("./53") = 0 [pid 10884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10884] setpgid(0, 0) = 0 [pid 10884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10884] write(3, "1000", 4) = 4 [pid 10884] close(3) = 0 [pid 10884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10884] memfd_create("syzkaller", 0) = 3 [pid 10884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10877] <... write resumed>) = 16777216 [pid 10877] munmap(0x7fda9371b000, 138412032) = 0 [pid 10877] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 184.745386][T10877] loop1: detected capacity change from 0 to 32768 [pid 10877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10877] close(3) = 0 [pid 10877] mkdir("./file0", 0777) = 0 [ 184.840797][T10877] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10877) [pid 10877] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10880] <... write resumed>) = 16777216 [pid 10880] munmap(0x7fda9371b000, 138412032) = 0 [pid 10880] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10880] ioctl(4, LOOP_SET_FD, 3 [pid 10884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10880] <... ioctl resumed>) = 0 [pid 10880] close(3) = 0 [pid 10880] mkdir("./file0", 0777) = 0 [pid 10880] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10879] <... write resumed>) = 16777216 [pid 10879] munmap(0x7fda9371b000, 138412032) = 0 [ 185.035221][T10880] loop2: detected capacity change from 0 to 32768 [ 185.053296][T10880] BTRFS: device /dev/loop2 using temp-fsid b9c63e1f-ddb1-4df7-9dfb-fe235288ff28 [ 185.062411][T10880] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10880) [pid 10879] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10877] <... mount resumed>) = 0 [pid 10879] close(3 [pid 10877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10879] <... close resumed>) = 0 [pid 10877] <... openat resumed>) = 3 [pid 10879] mkdir("./file0", 0777 [pid 10877] chdir("./file0" [pid 10879] <... mkdir resumed>) = 0 [pid 10877] <... chdir resumed>) = 0 [ 185.124855][T10879] loop4: detected capacity change from 0 to 32768 [pid 10879] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10877] ioctl(4, LOOP_CLR_FD) = 0 [pid 10877] close(4) = 0 [pid 10877] open("./file0", O_RDONLY) = 4 [pid 10877] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10884] <... write resumed>) = 16777216 [pid 10884] munmap(0x7fda9371b000, 138412032) = 0 [pid 10877] <... ioctl resumed>) = 0 [pid 10877] open("./file0", O_RDONLY) = 5 [pid 10877] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10877] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10877] exit_group(0) = ? [ 185.173743][T10879] BTRFS: device /dev/loop4 using temp-fsid 0ce7e752-e71b-4a0c-af07-9ecc4b5f08a2 [pid 10877] +++ exited with 0 +++ [pid 10884] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10877, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5065] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10884] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10884] ioctl(4, LOOP_SET_FD, 3 [pid 5065] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 10884] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10884] close(3) = 0 [pid 10884] mkdir("./file0", 0777 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./53/binderfs") = 0 [pid 5065] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10884] <... mkdir resumed>) = 0 [pid 10884] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10880] <... mount resumed>) = 0 [pid 10880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10880] chdir("./file0") = 0 [ 185.228225][T10879] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10879) [ 185.239732][T10880] _btrfs_printk: 93 callbacks suppressed [ 185.239743][T10880] BTRFS info (device loop2): checking UUID tree [ 185.256160][T10884] loop3: detected capacity change from 0 to 32768 [ 185.258407][ T2855] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 10880] ioctl(4, LOOP_CLR_FD) = 0 [pid 10880] close(4) = 0 [ 185.297223][T10884] BTRFS: device /dev/loop3 using temp-fsid 68882c58-0d2f-4902-ae6f-81dfd6d61cde [ 185.307098][T10879] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 185.323046][T10879] BTRFS info (device loop4): force clearing of disk cache [ 185.338602][T10879] BTRFS info (device loop4): setting nodatasum [pid 10880] open("./file0", O_RDONLY) = 4 [pid 10880] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10880] open("./file0", O_RDONLY) = 5 [pid 10880] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10880] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10880] exit_group(0) = ? [pid 10880] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10880, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 5066] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 185.352109][T10884] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10884) [ 185.378536][T10879] BTRFS info (device loop4): allowing degraded mounts [pid 5066] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./54/binderfs") = 0 [pid 5066] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10883] <... write resumed>) = 16777216 [ 185.415622][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 185.430062][T10879] BTRFS info (device loop4): enabling disk space caching [ 185.447330][T10884] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 10883] munmap(0x7fda9371b000, 138412032) = 0 [pid 10883] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 10883] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... umount2 resumed>) = 0 [pid 10882] <... write resumed>) = 16777216 [pid 5065] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./53/file0", [pid 10882] munmap(0x7fda9371b000, 138412032 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10883] <... ioctl resumed>) = 0 [pid 10883] close(3) = 0 [ 185.469251][T10879] BTRFS info (device loop4): disk space caching is enabled [ 185.486269][T10884] BTRFS info (device loop3): force clearing of disk cache [ 185.493929][T10884] BTRFS info (device loop3): setting nodatasum [ 185.503514][T10884] BTRFS info (device loop3): allowing degraded mounts [ 185.512109][T10883] loop5: detected capacity change from 0 to 32768 [pid 10883] mkdir("./file0", 0777) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10883] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./53/file0") = 0 [pid 10882] <... munmap resumed>) = 0 [pid 5065] getdents64(3, [pid 10882] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 10882] <... openat resumed>) = 4 [ 185.541105][T10884] BTRFS info (device loop3): enabling disk space caching [ 185.555622][T10884] BTRFS info (device loop3): disk space caching is enabled [ 185.559016][T10883] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10883) [pid 5065] close(3 [pid 10882] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./53") = 0 [pid 5065] mkdir("./54", 0777) = 0 [pid 10882] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 10882] close(3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 10882] <... close resumed>) = 0 [pid 10882] mkdir("./file0", 0777 [pid 5065] <... ioctl resumed>) = 0 [pid 10882] <... mkdir resumed>) = 0 [pid 5065] close(3) = 0 [pid 10882] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10940 ./strace-static-x86_64: Process 10940 attached [pid 10940] set_robust_list(0x555557145760, 24) = 0 [ 185.594984][T10882] loop0: detected capacity change from 0 to 32768 [ 185.634336][T10882] BTRFS: device /dev/loop0 using temp-fsid 8c55ee9c-ddd5-41c3-a6f5-fa21d1864357 [pid 10940] chdir("./54") = 0 [pid 10940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10940] setpgid(0, 0) = 0 [pid 10940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10940] write(3, "1000", 4) = 4 [pid 10940] close(3) = 0 [pid 10940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10940] memfd_create("syzkaller", 0) = 3 [pid 5066] <... umount2 resumed>) = 0 [pid 10940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 185.643986][T10883] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 185.669131][T10882] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (10882) [ 185.672865][T10883] BTRFS info (device loop5): force clearing of disk cache [pid 5066] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./54/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./54") = 0 [pid 5066] mkdir("./55", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10948 [ 185.682166][T10879] BTRFS info (device loop4): enabling ssd optimizations [ 185.698107][T10879] BTRFS info (device loop4): auto enabling async discard [ 185.708001][T10879] BTRFS info (device loop4): rebuilding free space tree [ 185.718833][T10883] BTRFS info (device loop5): setting nodatasum [ 185.725855][T10883] BTRFS info (device loop5): allowing degraded mounts [ 185.733808][T10883] BTRFS info (device loop5): enabling disk space caching [ 185.741485][T10883] BTRFS info (device loop5): disk space caching is enabled ./strace-static-x86_64: Process 10948 attached [pid 10948] set_robust_list(0x555557145760, 24) = 0 [pid 10948] chdir("./55") = 0 [pid 10948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10948] setpgid(0, 0) = 0 [pid 10948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10948] write(3, "1000", 4) = 4 [pid 10948] close(3) = 0 [pid 10948] symlink("/dev/binderfs", "./binderfs") = 0 [ 185.775343][T10882] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 185.788667][T10879] BTRFS info (device loop4): disabling free space tree [ 185.813210][T10879] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10948] memfd_create("syzkaller", 0) = 3 [pid 10948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 185.824063][T10882] BTRFS info (device loop0): force clearing of disk cache [ 185.849708][T10879] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 185.851092][T10884] BTRFS info (device loop3): enabling ssd optimizations [ 185.860250][T10882] BTRFS info (device loop0): setting nodatasum [ 185.905417][T10884] BTRFS info (device loop3): auto enabling async discard [ 185.941143][T10882] BTRFS info (device loop0): allowing degraded mounts [ 185.942201][T10879] BTRFS info (device loop4): checking UUID tree [ 185.947976][T10882] BTRFS info (device loop0): enabling disk space caching [ 185.978906][T10883] BTRFS info (device loop5): enabling ssd optimizations [ 185.985861][T10883] BTRFS info (device loop5): auto enabling async discard [ 185.989896][T10884] BTRFS info (device loop3): rebuilding free space tree [ 186.013268][T10882] BTRFS info (device loop0): disk space caching is enabled [ 186.031299][T10883] BTRFS info (device loop5): rebuilding free space tree [pid 10948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10879] <... mount resumed>) = 0 [pid 10879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10879] chdir("./file0") = 0 [ 186.060377][T10883] BTRFS info (device loop5): disabling free space tree [ 186.060427][T10884] BTRFS info (device loop3): disabling free space tree [ 186.075717][T10883] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10879] ioctl(4, LOOP_CLR_FD) = 0 [pid 10879] close(4) = 0 [pid 10879] open("./file0", O_RDONLY) = 4 [pid 10879] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10879] open("./file0", O_RDONLY) = 5 [pid 10879] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10883] <... mount resumed>) = 0 [pid 10879] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10879] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10883] <... openat resumed>) = 3 [pid 10883] chdir("./file0") = 0 [pid 10883] ioctl(4, LOOP_CLR_FD) = 0 [pid 10883] close(4) = 0 [pid 10879] exit_group(0 [pid 10883] open("./file0", O_RDONLY) = 4 [pid 10883] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10879] <... exit_group resumed>) = ? [pid 10879] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10879, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [ 186.100680][T10883] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 186.110123][T10884] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 186.123477][T10883] BTRFS info (device loop5): checking UUID tree [pid 5068] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./54/binderfs") = 0 [pid 5068] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10883] <... ioctl resumed>) = 0 [pid 10883] open("./file0", O_RDONLY) = 5 [pid 10883] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10883] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10883] exit_group(0) = ? [pid 10883] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10883, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5069] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./54/binderfs") = 0 [pid 5069] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10884] <... mount resumed>) = 0 [ 186.197888][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 186.208895][T10884] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 186.234376][T10884] BTRFS info (device loop3): checking UUID tree [pid 10884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10884] chdir("./file0") = 0 [pid 10884] ioctl(4, LOOP_CLR_FD) = 0 [pid 10884] close(4) = 0 [pid 10884] open("./file0", O_RDONLY) = 4 [pid 10884] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 10884] open("./file0", O_RDONLY) = 5 [pid 10884] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 10884] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10884] exit_group(0) = ? [ 186.264263][T10882] BTRFS info (device loop0): enabling ssd optimizations [ 186.274073][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 10884] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10884, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [pid 5067] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 186.320497][T10882] BTRFS info (device loop0): auto enabling async discard [ 186.355352][T10882] BTRFS info (device loop0): rebuilding free space tree [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... umount2 resumed>) = 0 [pid 5067] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./53/binderfs") = 0 [pid 5068] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./54/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./54") = 0 [ 186.378175][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5068] mkdir("./55", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 10986 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 10986 attached [pid 5069] newfstatat(4, "", [pid 10986] set_robust_list(0x555557145760, 24 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10986] <... set_robust_list resumed>) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10986] chdir("./55" [pid 5069] getdents64(4, [pid 10986] <... chdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10986] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] close(4) = 0 [pid 10986] <... prctl resumed>) = 0 [pid 5069] rmdir("./54/file0" [pid 10986] setpgid(0, 0 [pid 5069] <... rmdir resumed>) = 0 [pid 10986] <... setpgid resumed>) = 0 [pid 5069] getdents64(3, [pid 10986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./54" [pid 10986] <... openat resumed>) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 10986] write(3, "1000", 4 [pid 5069] mkdir("./55", 0777 [pid 10986] <... write resumed>) = 4 [pid 10986] close(3 [pid 5069] <... mkdir resumed>) = 0 [pid 10986] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 10986] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... openat resumed>) = 3 [pid 10986] <... symlink resumed>) = 0 [pid 10986] memfd_create("syzkaller", 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3 [pid 10986] <... memfd_create resumed>) = 3 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 ./strace-static-x86_64: Process 10988 attached [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 10988 [pid 10988] set_robust_list(0x555557145760, 24) = 0 [ 186.430124][T10882] BTRFS info (device loop0): disabling free space tree [ 186.442794][T10882] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10988] chdir("./55") = 0 [pid 10988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10988] setpgid(0, 0) = 0 [pid 10988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10988] write(3, "1000", 4) = 4 [pid 10988] close(3) = 0 [pid 10988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10988] memfd_create("syzkaller", 0) = 3 [pid 10988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 186.521591][T10882] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10940] <... write resumed>) = 16777216 [pid 10882] <... mount resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [ 186.629565][T10882] BTRFS info (device loop0): checking UUID tree [pid 10948] <... write resumed>) = 16777216 [pid 10940] munmap(0x7fda9371b000, 138412032 [pid 10882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10882] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10882] chdir("./file0" [pid 5067] newfstatat(AT_FDCWD, "./53/file0", [pid 10882] <... chdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10882] ioctl(4, LOOP_CLR_FD [pid 5067] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10940] <... munmap resumed>) = 0 [pid 10882] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10948] munmap(0x7fda9371b000, 138412032) = 0 [pid 10882] close(4 [pid 5067] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10882] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 10882] open("./file0", O_RDONLY [pid 5067] newfstatat(4, "", [pid 10882] <... open resumed>) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10882] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 10940] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10882] <... ioctl resumed>) = 0 [pid 5067] getdents64(4, [pid 10882] open("./file0", O_RDONLY [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 10882] <... open resumed>) = 5 [pid 5067] close(4 [pid 10948] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10940] <... openat resumed>) = 4 [pid 5067] <... close resumed>) = 0 [pid 10948] <... openat resumed>) = 4 [pid 5067] rmdir("./53/file0" [pid 10948] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... rmdir resumed>) = 0 [pid 10940] ioctl(4, LOOP_SET_FD, 3 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./53") = 0 [pid 5067] mkdir("./54", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 10990 [pid 10882] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}./strace-static-x86_64: Process 10990 attached [pid 10990] set_robust_list(0x555557145760, 24) = 0 [pid 10990] chdir("./54") = 0 [pid 10990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10990] setpgid(0, 0) = 0 [pid 10990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10948] <... ioctl resumed>) = 0 [pid 10940] <... ioctl resumed>) = 0 [pid 10882] <... ioctl resumed>) = 0 [pid 10948] close(3 [pid 10940] close(3 [pid 10948] <... close resumed>) = 0 [pid 10940] <... close resumed>) = 0 [pid 10882] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 10948] mkdir("./file0", 0777 [pid 10940] mkdir("./file0", 0777 [pid 10882] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 10990] <... openat resumed>) = 3 [pid 10940] <... mkdir resumed>) = 0 [pid 10882] exit_group(0 [pid 10990] write(3, "1000", 4) = 4 [ 186.755239][T10948] loop2: detected capacity change from 0 to 32768 [ 186.762699][T10940] loop1: detected capacity change from 0 to 32768 [pid 10990] close(3 [pid 10948] <... mkdir resumed>) = 0 [pid 10940] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10882] <... exit_group resumed>) = ? [pid 10990] <... close resumed>) = 0 [pid 10990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10882] +++ exited with 0 +++ [pid 10990] memfd_create("syzkaller", 0 [pid 10948] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10882, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 10990] <... memfd_create resumed>) = 3 [pid 10990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 186.809697][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 186.842376][T10940] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (10940) [pid 5064] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./53/binderfs" [pid 10986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... unlink resumed>) = 0 [ 186.903419][T10948] BTRFS: device /dev/loop2 using temp-fsid 1f2794e3-86e4-4d19-b66f-b2f4a02f6af6 [ 186.915215][T10940] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 186.940904][T10948] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (10948) [ 186.964077][T10940] BTRFS info (device loop1): force clearing of disk cache [ 187.002649][T10940] BTRFS info (device loop1): setting nodatasum [ 187.019388][T10948] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 187.028606][T10948] BTRFS info (device loop2): force clearing of disk cache [ 187.068839][T10940] BTRFS info (device loop1): allowing degraded mounts [ 187.075627][T10940] BTRFS info (device loop1): enabling disk space caching [pid 5064] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 187.118808][T10948] BTRFS info (device loop2): setting nodatasum [ 187.125180][T10940] BTRFS info (device loop1): disk space caching is enabled [ 187.158842][T10948] BTRFS info (device loop2): allowing degraded mounts [pid 10988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 187.166695][T10948] BTRFS info (device loop2): enabling disk space caching [pid 5064] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [ 187.191718][T10948] BTRFS info (device loop2): disk space caching is enabled [pid 5064] rmdir("./53/file0") = 0 [pid 10990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./53") = 0 [pid 5064] mkdir("./54", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11007 attached , child_tidptr=0x555557145750) = 11007 [pid 11007] set_robust_list(0x555557145760, 24) = 0 [pid 11007] chdir("./54") = 0 [pid 11007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11007] setpgid(0, 0) = 0 [pid 11007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11007] write(3, "1000", 4) = 4 [pid 11007] close(3) = 0 [pid 11007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11007] memfd_create("syzkaller", 0) = 3 [pid 11007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 187.452215][T10940] BTRFS info (device loop1): enabling ssd optimizations [ 187.508788][T10940] BTRFS info (device loop1): auto enabling async discard [ 187.536059][T10948] BTRFS info (device loop2): enabling ssd optimizations [ 187.543930][T10940] BTRFS info (device loop1): rebuilding free space tree [ 187.560033][T10948] BTRFS info (device loop2): auto enabling async discard [ 187.603223][T10948] BTRFS info (device loop2): rebuilding free space tree [pid 10986] <... write resumed>) = 16777216 [ 187.645113][T10940] BTRFS info (device loop1): disabling free space tree [ 187.665454][T10948] BTRFS info (device loop2): disabling free space tree [ 187.679295][T10940] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10990] <... write resumed>) = 16777216 [pid 10986] munmap(0x7fda9371b000, 138412032 [pid 10990] munmap(0x7fda9371b000, 138412032 [pid 10986] <... munmap resumed>) = 0 [pid 10990] <... munmap resumed>) = 0 [pid 10990] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10988] <... write resumed>) = 16777216 [pid 10986] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 187.683309][T10948] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 187.700774][T10948] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 187.722114][T10990] loop3: detected capacity change from 0 to 32768 [ 187.731085][T10940] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10990] close(3 [pid 10986] ioctl(4, LOOP_SET_FD, 3 [pid 10990] <... close resumed>) = 0 [pid 10990] mkdir("./file0", 0777 [pid 10988] munmap(0x7fda9371b000, 138412032 [pid 10948] <... mount resumed>) = 0 [pid 10940] <... mount resumed>) = 0 [pid 10990] <... mkdir resumed>) = 0 [pid 10948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10940] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10990] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10948] <... openat resumed>) = 3 [pid 10988] <... munmap resumed>) = 0 [pid 10948] chdir("./file0" [pid 10940] <... openat resumed>) = 3 [pid 10986] <... ioctl resumed>) = 0 [pid 10986] close(3) = 0 [pid 10986] mkdir("./file0", 0777) = 0 [pid 10986] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10940] chdir("./file0" [pid 10948] <... chdir resumed>) = 0 [pid 10940] <... chdir resumed>) = 0 [pid 10948] ioctl(4, LOOP_CLR_FD [pid 10940] ioctl(4, LOOP_CLR_FD [pid 10948] <... ioctl resumed>) = 0 [pid 10940] <... ioctl resumed>) = 0 [ 187.743020][T10948] BTRFS info (device loop2): checking UUID tree [ 187.747064][T10986] loop4: detected capacity change from 0 to 32768 [ 187.753545][T10940] BTRFS info (device loop1): checking UUID tree [ 187.772136][T10990] BTRFS: device /dev/loop3 using temp-fsid 8b9c5862-cb3a-4e0e-872e-5d791c2e34cb [pid 10948] close(4 [pid 10940] close(4 [pid 10948] <... close resumed>) = 0 [pid 10988] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 10948] open("./file0", O_RDONLY [pid 10940] <... close resumed>) = 0 [pid 10948] <... open resumed>) = 4 [pid 10940] open("./file0", O_RDONLY [pid 10988] ioctl(4, LOOP_SET_FD, 3 [pid 10948] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10940] <... open resumed>) = 4 [pid 10940] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 10948] <... ioctl resumed>) = 0 [pid 10940] <... ioctl resumed>) = 0 [pid 10940] open("./file0", O_RDONLY [pid 10948] open("./file0", O_RDONLY [pid 10940] <... open resumed>) = 5 [pid 10940] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10948] <... open resumed>) = 5 [pid 10948] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10940] <... ioctl resumed>) = 0 [pid 10940] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10948] <... ioctl resumed>) = 0 [pid 10940] exit_group(0) = ? [pid 10988] <... ioctl resumed>) = 0 [pid 10988] close(3) = 0 [pid 10988] mkdir("./file0", 0777) = 0 [pid 10988] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10940] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10940, si_uid=0, si_status=0, si_utime=0, si_stime=36 /* 0.36 s */} --- [ 187.783636][T10990] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (10990) [ 187.805563][T10988] loop5: detected capacity change from 0 to 32768 [ 187.831856][T10990] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 10948] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10948] exit_group(0) = ? [ 187.855763][T10986] BTRFS: device /dev/loop4 using temp-fsid 8f470449-341e-48e7-b14f-da7b8a691c5a [ 187.860410][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 187.878886][T10986] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (10986) [ 187.890958][ T2855] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 10948] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10948, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5065] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./55/binderfs") = 0 [pid 5066] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./54/binderfs") = 0 [ 187.892095][T10990] BTRFS info (device loop3): force clearing of disk cache [pid 5065] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 187.960468][T10990] BTRFS info (device loop3): setting nodatasum [ 187.968502][T10986] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 187.969701][T10988] BTRFS: device /dev/loop5 using temp-fsid efe6c928-7a23-4b57-8a47-2bcd62310a2e [ 188.001098][T10986] BTRFS info (device loop4): force clearing of disk cache [ 188.003663][T10990] BTRFS info (device loop3): allowing degraded mounts [ 188.017167][T10990] BTRFS info (device loop3): enabling disk space caching [ 188.018351][T10986] BTRFS info (device loop4): setting nodatasum [ 188.025766][T10990] BTRFS info (device loop3): disk space caching is enabled [ 188.049928][T10988] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (10988) [ 188.072408][T10986] BTRFS info (device loop4): allowing degraded mounts [ 188.088702][T10986] BTRFS info (device loop4): enabling disk space caching [pid 11007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./54/file0") = 0 [pid 5066] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./55/file0", [pid 5065] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./54" [pid 5066] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [ 188.106225][T10986] BTRFS info (device loop4): disk space caching is enabled [ 188.117565][T10988] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] mkdir("./55", 0777) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5066] close(4) = 0 [pid 5066] rmdir("./55/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./55" [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] mkdir("./56", 0777) = 0 ./strace-static-x86_64: Process 11063 attached [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11063] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 11063] chdir("./55" [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 11063] <... chdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 11063 [pid 11063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11063] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 11067 attached [pid 11063] setpgid(0, 0 [pid 11067] set_robust_list(0x555557145760, 24 [pid 11063] <... setpgid resumed>) = 0 [pid 11063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11067] <... set_robust_list resumed>) = 0 [pid 11067] chdir("./56" [pid 11063] <... openat resumed>) = 3 [pid 10990] <... mount resumed>) = 0 [pid 10990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10990] chdir("./file0") = 0 [pid 10990] ioctl(4, LOOP_CLR_FD) = 0 [pid 10990] close(4) = 0 [pid 10990] open("./file0", O_RDONLY) = 4 [pid 10990] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11067] <... chdir resumed>) = 0 [pid 11067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11063] write(3, "1000", 4 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 11067 [pid 11067] <... prctl resumed>) = 0 [pid 11063] <... write resumed>) = 4 [pid 11067] setpgid(0, 0 [pid 11063] close(3 [pid 11067] <... setpgid resumed>) = 0 [pid 11063] <... close resumed>) = 0 [pid 10990] <... ioctl resumed>) = 0 [pid 11063] symlink("/dev/binderfs", "./binderfs" [pid 10990] open("./file0", O_RDONLY [pid 11067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11063] <... symlink resumed>) = 0 [pid 10990] <... open resumed>) = 5 [pid 11063] memfd_create("syzkaller", 0 [pid 10990] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11067] <... openat resumed>) = 3 [pid 11063] <... memfd_create resumed>) = 3 [pid 11063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11067] write(3, "1000", 4 [pid 11063] <... mmap resumed>) = 0x7fda9371b000 [pid 11067] <... write resumed>) = 4 [pid 11067] close(3) = 0 [pid 11067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11067] memfd_create("syzkaller", 0) = 3 [pid 11067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 10990] <... ioctl resumed>) = 0 [pid 10990] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10990] exit_group(0) = ? [pid 10990] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10990, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 5067] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11007] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11007] munmap(0x7fda9371b000, 138412032 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11007] <... munmap resumed>) = 0 [pid 10986] <... mount resumed>) = 0 [pid 5067] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10986] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10986] <... openat resumed>) = 3 [pid 10986] chdir("./file0" [pid 11007] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] newfstatat(AT_FDCWD, "./54/binderfs", [pid 10986] <... chdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11007] <... openat resumed>) = 4 [pid 5067] unlink("./54/binderfs" [pid 11007] ioctl(4, LOOP_SET_FD, 3 [pid 10986] ioctl(4, LOOP_CLR_FD [pid 5067] <... unlink resumed>) = 0 [pid 10986] <... ioctl resumed>) = 0 [pid 11007] <... ioctl resumed>) = 0 [pid 10986] close(4 [pid 5067] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10986] <... close resumed>) = 0 [pid 11007] close(3) = 0 [pid 11007] mkdir("./file0", 0777 [pid 10986] open("./file0", O_RDONLY) = 4 [pid 11007] <... mkdir resumed>) = 0 [pid 10986] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11007] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 10988] <... mount resumed>) = 0 [pid 10986] <... ioctl resumed>) = 0 [pid 10988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10986] open("./file0", O_RDONLY [pid 10988] <... openat resumed>) = 3 [pid 10986] <... open resumed>) = 5 [pid 10986] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 10988] chdir("./file0") = 0 [pid 10988] ioctl(4, LOOP_CLR_FD) = 0 [pid 10988] close(4) = 0 [pid 10988] open("./file0", O_RDONLY) = 4 [pid 10988] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 10986] <... ioctl resumed>) = 0 [pid 10986] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 10986] exit_group(0) = ? [pid 10986] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10986, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [ 188.390260][T11007] loop0: detected capacity change from 0 to 32768 [ 188.421058][T11007] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11007) [pid 10988] <... ioctl resumed>) = 0 [pid 10988] open("./file0", O_RDONLY) = 5 [pid 10988] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 10988] <... ioctl resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 10988] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 10988] exit_group(0 [pid 5068] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10988] <... exit_group resumed>) = ? [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10988] +++ exited with 0 +++ [pid 5068] unlink("./55/binderfs" [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10988, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5068] <... unlink resumed>) = 0 [pid 5069] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./55/binderfs") = 0 [pid 5069] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11063] <... write resumed>) = 16777216 [pid 11063] munmap(0x7fda9371b000, 138412032 [pid 11007] <... mount resumed>) = 0 [pid 11007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11007] chdir("./file0") = 0 [pid 11007] ioctl(4, LOOP_CLR_FD) = 0 [pid 11007] close(4) = 0 [pid 11007] open("./file0", O_RDONLY) = 4 [pid 11007] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11007] open("./file0", O_RDONLY) = 5 [pid 11007] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11007] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11007] exit_group(0) = ? [pid 11007] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11007, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 11063] <... munmap resumed>) = 0 [pid 11063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11063] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11063] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 5068] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./54/binderfs", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] newfstatat(AT_FDCWD, "./55/file0", [pid 5064] unlink("./54/binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... unlink resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11063] <... ioctl resumed>) = 0 [pid 11063] close(3 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 11063] <... close resumed>) = 0 [pid 11063] mkdir("./file0", 0777 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 188.874223][T11063] loop1: detected capacity change from 0 to 32768 [pid 11063] <... mkdir resumed>) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11063] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./55/file0") = 0 [pid 5069] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./55" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... rmdir resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./55/file0", [pid 5068] mkdir("./56", 0777 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5069] getdents64(4, [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5068] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5069] close(4) = 0 [pid 5068] <... close resumed>) = 0 [pid 5069] rmdir("./55/file0" [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 11095 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./55"./strace-static-x86_64: Process 11095 attached [pid 11095] set_robust_list(0x555557145760, 24) = 0 [pid 11095] chdir("./56" [pid 5069] <... rmdir resumed>) = 0 [pid 11095] <... chdir resumed>) = 0 [pid 11095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 188.949044][T11063] BTRFS: device /dev/loop1 using temp-fsid 9a9fc3bf-04c5-4e74-85fb-71197cbea5bc [pid 11095] setpgid(0, 0) = 0 [pid 11095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] mkdir("./56", 0777 [pid 11095] write(3, "1000", 4 [pid 5069] <... mkdir resumed>) = 0 [pid 11095] <... write resumed>) = 4 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 11095] close(3) = 0 [pid 11095] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... openat resumed>) = 3 [pid 11095] <... symlink resumed>) = 0 [pid 11095] memfd_create("syzkaller", 0) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 11095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [ 189.007377][T11063] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11063) [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11097 attached , child_tidptr=0x555557145750) = 11097 [pid 11097] set_robust_list(0x555557145760, 24) = 0 [pid 11097] chdir("./56") = 0 [pid 11097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11097] setpgid(0, 0) = 0 [pid 11097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11097] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11097] write(3, "1000", 4 [pid 5067] newfstatat(AT_FDCWD, "./54/file0", [pid 11097] <... write resumed>) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11097] close(3 [pid 5067] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11097] <... close resumed>) = 0 [pid 11097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(4, "", [pid 11097] memfd_create("syzkaller", 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11097] <... memfd_create resumed>) = 3 [pid 5064] newfstatat(AT_FDCWD, "./54/file0", [pid 11097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] getdents64(4, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] close(4 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5067] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] rmdir("./54/file0" [pid 5064] getdents64(4, [pid 5067] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5067] close(3) = 0 [pid 5064] <... close resumed>) = 0 [pid 5067] rmdir("./54" [pid 5064] rmdir("./54/file0" [pid 5067] <... rmdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5067] mkdir("./55", 0777 [pid 5064] getdents64(3, [pid 5067] <... mkdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5064] close(3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5064] <... close resumed>) = 0 [pid 5067] close(3) = 0 [pid 5064] rmdir("./54" [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./55", 0777) = 0 ./strace-static-x86_64: Process 11109 attached [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 11109 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11109] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... openat resumed>) = 3 [pid 11109] chdir("./55") = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 11109] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... ioctl resumed>) = 0 [pid 11109] <... prctl resumed>) = 0 [pid 5064] close(3 [pid 11109] setpgid(0, 0) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11109] write(3, "1000", 4) = 4 [pid 11109] close(3) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 11113 [pid 11109] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 11113 attached [pid 11113] set_robust_list(0x555557145760, 24 [pid 11109] memfd_create("syzkaller", 0 [pid 11113] <... set_robust_list resumed>) = 0 [pid 11109] <... memfd_create resumed>) = 3 [pid 11109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11113] chdir("./55" [pid 11109] <... mmap resumed>) = 0x7fda9371b000 [pid 11113] <... chdir resumed>) = 0 [pid 11113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11113] setpgid(0, 0) = 0 [pid 11113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11113] write(3, "1000", 4) = 4 [pid 11113] close(3) = 0 [pid 11113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11113] memfd_create("syzkaller", 0) = 3 [pid 11113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11063] <... mount resumed>) = 0 [pid 11063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11063] chdir("./file0") = 0 [pid 11063] ioctl(4, LOOP_CLR_FD) = 0 [pid 11063] close(4) = 0 [pid 11063] open("./file0", O_RDONLY) = 4 [pid 11063] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11063] <... ioctl resumed>) = 0 [pid 11067] <... write resumed>) = 16777216 [pid 11063] open("./file0", O_RDONLY) = 5 [pid 11063] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11063] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11063] exit_group(0) = ? [pid 11063] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11063, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./55/binderfs") = 0 [pid 5065] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11067] munmap(0x7fda9371b000, 138412032) = 0 [pid 11067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11067] close(3) = 0 [pid 11067] mkdir("./file0", 0777 [pid 11097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11067] <... mkdir resumed>) = 0 [ 189.662382][T11067] loop2: detected capacity change from 0 to 32768 [ 189.721165][T11067] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11067) [pid 11067] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 11109] <... write resumed>) = 16777216 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11109] munmap(0x7fda9371b000, 138412032 [pid 11113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11109] <... munmap resumed>) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./55/file0" [pid 11109] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] <... rmdir resumed>) = 0 [pid 11109] <... openat resumed>) = 4 [pid 5065] getdents64(3, [pid 11109] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11109] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./55") = 0 [pid 5065] mkdir("./56", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11132 attached , child_tidptr=0x555557145750) = 11132 [pid 11132] set_robust_list(0x555557145760, 24 [pid 11109] close(3 [pid 11132] <... set_robust_list resumed>) = 0 [pid 11109] <... close resumed>) = 0 [pid 11132] chdir("./56" [pid 11109] mkdir("./file0", 0777 [pid 11132] <... chdir resumed>) = 0 [pid 11109] <... mkdir resumed>) = 0 [pid 11132] prctl(PR_SET_PDEATHSIG, SIGKILL [ 189.929940][T11109] loop3: detected capacity change from 0 to 32768 [pid 11109] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11132] <... prctl resumed>) = 0 [pid 11132] setpgid(0, 0) = 0 [pid 11132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11132] write(3, "1000", 4) = 4 [pid 11132] close(3) = 0 [pid 11132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11132] memfd_create("syzkaller", 0) = 3 [pid 11132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 189.984261][T11109] BTRFS: device /dev/loop3 using temp-fsid bdd5486c-0be8-4d6c-ac08-85cf68b8d13a [ 190.040162][T11109] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11109) [pid 11095] <... write resumed>) = 16777216 [pid 11067] <... mount resumed>) = 0 [pid 11095] munmap(0x7fda9371b000, 138412032 [pid 11067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11067] chdir("./file0" [pid 11113] <... write resumed>) = 16777216 [pid 11113] munmap(0x7fda9371b000, 138412032 [pid 11095] <... munmap resumed>) = 0 [pid 11095] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11095] ioctl(4, LOOP_SET_FD, 3 [pid 11113] <... munmap resumed>) = 0 [pid 11095] <... ioctl resumed>) = 0 [pid 11113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11113] ioctl(4, LOOP_SET_FD, 3 [pid 11067] <... chdir resumed>) = 0 [pid 11095] close(3 [pid 11067] ioctl(4, LOOP_CLR_FD) = 0 [pid 11095] <... close resumed>) = 0 [pid 11095] mkdir("./file0", 0777 [pid 11067] close(4 [pid 11095] <... mkdir resumed>) = 0 [pid 11067] <... close resumed>) = 0 [pid 11067] open("./file0", O_RDONLY) = 4 [pid 11067] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11113] <... ioctl resumed>) = 0 [pid 11095] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11067] <... ioctl resumed>) = 0 [ 190.169090][T11095] loop4: detected capacity change from 0 to 32768 [ 190.196043][T11113] loop0: detected capacity change from 0 to 32768 [pid 11067] open("./file0", O_RDONLY [pid 11113] close(3 [pid 11067] <... open resumed>) = 5 [pid 11067] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11067] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11113] <... close resumed>) = 0 [pid 11067] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11113] mkdir("./file0", 0777 [pid 11067] exit_group(0 [pid 11113] <... mkdir resumed>) = 0 [pid 11067] <... exit_group resumed>) = ? [pid 11113] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11067] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11067, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=23 /* 0.23 s */} --- [pid 5066] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./56/binderfs") = 0 [ 190.237842][T11095] BTRFS: device /dev/loop4 using temp-fsid 04d9cfe4-bc96-4e8f-878a-b7a2928b9c19 [pid 5066] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 190.296971][T11095] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11095) [ 190.299516][ T2497] _btrfs_printk: 76 callbacks suppressed [ 190.299527][ T2497] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 190.353652][T11113] BTRFS: device /dev/loop0 using temp-fsid 603e4a52-c2c6-448a-a51a-091636141475 [ 190.368955][T11095] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 190.388806][T11095] BTRFS info (device loop4): force clearing of disk cache [ 190.395930][T11095] BTRFS info (device loop4): setting nodatasum [pid 11132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11097] <... write resumed>) = 16777216 [pid 11097] munmap(0x7fda9371b000, 138412032) = 0 [pid 11097] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 11097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11097] close(3) = 0 [pid 11097] mkdir("./file0", 0777) = 0 [ 190.419392][T11095] BTRFS info (device loop4): allowing degraded mounts [ 190.426339][T11095] BTRFS info (device loop4): enabling disk space caching [ 190.434935][T11113] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11113) [ 190.450629][T11097] loop5: detected capacity change from 0 to 32768 [ 190.460039][T11095] BTRFS info (device loop4): disk space caching is enabled [ 190.508905][T11113] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 190.525243][T11097] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11097) [ 190.539619][T11113] BTRFS info (device loop0): force clearing of disk cache [ 190.540132][T11109] BTRFS info (device loop3): enabling ssd optimizations [pid 11097] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./56/file0") = 0 [ 190.546723][T11113] BTRFS info (device loop0): setting nodatasum [ 190.546742][T11113] BTRFS info (device loop0): allowing degraded mounts [ 190.546759][T11113] BTRFS info (device loop0): enabling disk space caching [pid 11132] <... write resumed>) = 16777216 [pid 5066] getdents64(3, [pid 11132] munmap(0x7fda9371b000, 138412032 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [ 190.610546][T11097] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 190.615127][T11113] BTRFS info (device loop0): disk space caching is enabled [ 190.621192][T11109] BTRFS info (device loop3): auto enabling async discard [ 190.648831][T11097] BTRFS info (device loop5): force clearing of disk cache [pid 5066] rmdir("./56" [pid 11132] <... munmap resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./57", 0777 [pid 11132] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... mkdir resumed>) = 0 [pid 11132] <... openat resumed>) = 4 [pid 11132] ioctl(4, LOOP_SET_FD, 3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11172 attached [pid 11172] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 11172 [pid 11172] chdir("./57") = 0 [pid 11132] <... ioctl resumed>) = 0 [pid 11132] close(3 [pid 11172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11172] setpgid(0, 0) = 0 [pid 11132] <... close resumed>) = 0 [pid 11132] mkdir("./file0", 0777) = 0 [pid 11172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11132] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11172] write(3, "1000", 4) = 4 [pid 11172] close(3) = 0 [pid 11172] symlink("/dev/binderfs", "./binderfs") = 0 [ 190.655950][T11097] BTRFS info (device loop5): setting nodatasum [ 190.667250][T11109] BTRFS info (device loop3): rebuilding free space tree [ 190.676350][T11132] loop1: detected capacity change from 0 to 32768 [pid 11172] memfd_create("syzkaller", 0) = 3 [pid 11172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 190.721553][T11132] BTRFS: device /dev/loop1 using temp-fsid d0125fd6-9e9e-41c2-a224-0a287be27d40 [ 190.730922][T11097] BTRFS info (device loop5): allowing degraded mounts [ 190.737703][T11097] BTRFS info (device loop5): enabling disk space caching [ 190.745114][T11097] BTRFS info (device loop5): disk space caching is enabled [ 190.755172][T11109] BTRFS info (device loop3): disabling free space tree [ 190.769121][T11095] BTRFS info (device loop4): enabling ssd optimizations [ 190.782621][T11095] BTRFS info (device loop4): auto enabling async discard [ 190.789815][T11132] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11132) [ 190.809846][T11109] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 190.830984][T11095] BTRFS info (device loop4): rebuilding free space tree [ 190.849095][T11109] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 190.877342][T11132] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 190.892144][T11113] BTRFS info (device loop0): enabling ssd optimizations [ 190.897522][T11132] BTRFS info (device loop1): force clearing of disk cache [ 190.900664][T11113] BTRFS info (device loop0): auto enabling async discard [ 190.907734][T11109] BTRFS info (device loop3): checking UUID tree [ 190.914882][T11132] BTRFS info (device loop1): setting nodatasum [pid 11109] <... mount resumed>) = 0 [pid 11109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 190.928545][T11095] BTRFS info (device loop4): disabling free space tree [ 190.937095][T11132] BTRFS info (device loop1): allowing degraded mounts [ 190.945552][T11095] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 190.950153][T11132] BTRFS info (device loop1): enabling disk space caching [ 190.955594][T11095] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 190.974389][T11113] BTRFS info (device loop0): rebuilding free space tree [pid 11109] chdir("./file0" [pid 11095] <... mount resumed>) = 0 [pid 11109] <... chdir resumed>) = 0 [pid 11095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11109] ioctl(4, LOOP_CLR_FD [pid 11095] <... openat resumed>) = 3 [pid 11109] <... ioctl resumed>) = 0 [pid 11095] chdir("./file0" [pid 11109] close(4) = 0 [pid 11109] open("./file0", O_RDONLY [pid 11095] <... chdir resumed>) = 0 [pid 11095] ioctl(4, LOOP_CLR_FD [pid 11109] <... open resumed>) = 4 [pid 11109] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11095] <... ioctl resumed>) = 0 [pid 11095] close(4) = 0 [pid 11095] open("./file0", O_RDONLY) = 4 [ 190.976426][T11095] BTRFS info (device loop4): checking UUID tree [ 190.989908][T11132] BTRFS info (device loop1): disk space caching is enabled [ 190.998920][T11097] BTRFS info (device loop5): enabling ssd optimizations [ 191.005870][T11097] BTRFS info (device loop5): auto enabling async discard [pid 11095] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11109] <... ioctl resumed>) = 0 [pid 11109] open("./file0", O_RDONLY) = 5 [pid 11109] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11109] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11109] exit_group(0) = ? [pid 11095] <... ioctl resumed>) = 0 [pid 11109] +++ exited with 0 +++ [pid 11095] open("./file0", O_RDONLY) = 5 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11109, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- [pid 11095] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11095] <... ioctl resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11095] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11095] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11095] exit_group(0 [pid 5067] newfstatat(AT_FDCWD, "./55/binderfs", [pid 11095] <... exit_group resumed>) = ? [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./55/binderfs" [pid 11095] +++ exited with 0 +++ [pid 5067] <... unlink resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11095, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [ 191.043037][ T2855] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 191.048910][T11113] BTRFS info (device loop0): disabling free space tree [ 191.067284][T11097] BTRFS info (device loop5): rebuilding free space tree [ 191.082051][T11113] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./56/binderfs") = 0 [ 191.143431][T11132] BTRFS info (device loop1): enabling ssd optimizations [ 191.150741][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 191.159937][T11113] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 191.179613][T11132] BTRFS info (device loop1): auto enabling async discard [ 191.186272][T11113] BTRFS info (device loop0): checking UUID tree [pid 5068] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 191.196799][T11097] BTRFS info (device loop5): disabling free space tree [ 191.221170][T11097] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 191.231167][T11132] BTRFS info (device loop1): rebuilding free space tree [pid 11113] <... mount resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 11113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11113] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11113] chdir("./file0" [pid 5067] newfstatat(AT_FDCWD, "./55/file0", [pid 11113] <... chdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11113] ioctl(4, LOOP_CLR_FD [pid 5067] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11113] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11113] close(4 [pid 5067] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11113] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 11113] open("./file0", O_RDONLY [pid 5067] newfstatat(4, "", [pid 11113] <... open resumed>) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11113] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./55/file0") = 0 [ 191.251725][T11132] BTRFS info (device loop1): disabling free space tree [ 191.262055][T11132] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 191.273034][T11132] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 191.278648][T11097] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 191.286949][T11132] BTRFS info (device loop1): checking UUID tree [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./55") = 0 [pid 5067] mkdir("./56", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11113] <... ioctl resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 11113] open("./file0", O_RDONLY [pid 5067] ioctl(3, LOOP_CLR_FD [pid 11113] <... open resumed>) = 5 [pid 5067] <... ioctl resumed>) = 0 [pid 11113] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] close(3 [pid 11113] <... ioctl resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11113] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11113] exit_group(0) = ? ./strace-static-x86_64: Process 11218 attached [pid 11113] +++ exited with 0 +++ [pid 11218] set_robust_list(0x555557145760, 24 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11113, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 11218 [pid 11218] <... set_robust_list resumed>) = 0 [pid 5064] <... restart_syscall resumed>) = 0 [pid 11218] chdir("./56") = 0 [pid 5064] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11218] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./55/binderfs" [pid 11218] <... prctl resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 11218] setpgid(0, 0 [pid 11132] <... mount resumed>) = 0 [pid 5064] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11132] chdir("./file0") = 0 [pid 11132] ioctl(4, LOOP_CLR_FD) = 0 [pid 11218] <... setpgid resumed>) = 0 [pid 11132] close(4) = 0 [pid 11132] open("./file0", O_RDONLY) = 4 [pid 11132] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11218] write(3, "1000", 4 [pid 5068] <... umount2 resumed>) = 0 [pid 11218] <... write resumed>) = 4 [pid 11218] close(3) = 0 [pid 5068] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11218] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11218] <... symlink resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./56/file0", [pid 11218] memfd_create("syzkaller", 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 191.349508][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 11218] <... memfd_create resumed>) = 3 [pid 5068] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 11132] <... ioctl resumed>) = 0 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11132] open("./file0", O_RDONLY [pid 5068] getdents64(4, [pid 11132] <... open resumed>) = 5 [pid 11132] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./56/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 11132] <... ioctl resumed>) = 0 [pid 11132] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11132] exit_group(0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./56" [pid 11132] <... exit_group resumed>) = ? [pid 11132] +++ exited with 0 +++ [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./57", 0777 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11132, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5068] <... mkdir resumed>) = 0 [pid 5065] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./56/binderfs") = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5065] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... ioctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11220 ./strace-static-x86_64: Process 11220 attached [pid 11220] set_robust_list(0x555557145760, 24) = 0 [pid 11220] chdir("./57" [pid 11097] <... mount resumed>) = 0 [pid 11097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11097] chdir("./file0") = 0 [pid 11097] ioctl(4, LOOP_CLR_FD) = 0 [ 191.434183][T11097] BTRFS info (device loop5): checking UUID tree [ 191.452298][ T2855] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 11220] <... chdir resumed>) = 0 [pid 11097] close(4 [pid 11220] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11097] <... close resumed>) = 0 [pid 11220] <... prctl resumed>) = 0 [pid 11097] open("./file0", O_RDONLY) = 4 [pid 11220] setpgid(0, 0 [pid 11097] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11220] <... setpgid resumed>) = 0 [pid 11220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11097] <... ioctl resumed>) = 0 [pid 11097] open("./file0", O_RDONLY [pid 11220] write(3, "1000", 4 [pid 11097] <... open resumed>) = 5 [pid 11097] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11220] <... write resumed>) = 4 [pid 11097] <... ioctl resumed>) = 0 [pid 11220] close(3) = 0 [pid 11097] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11220] symlink("/dev/binderfs", "./binderfs" [pid 11097] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] <... umount2 resumed>) = 0 [pid 11220] <... symlink resumed>) = 0 [pid 11097] exit_group(0 [pid 5064] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11220] memfd_create("syzkaller", 0 [pid 11097] <... exit_group resumed>) = ? [pid 5064] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 11097] +++ exited with 0 +++ [pid 5064] rmdir("./55/file0" [pid 11220] <... memfd_create resumed>) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 11220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11097, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 11220] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./55") = 0 [pid 5064] mkdir("./56", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5069] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(3 [pid 5069] <... openat resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 11223 [pid 5069] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 11223 attached [pid 5069] unlink("./56/binderfs") = 0 [pid 11223] set_robust_list(0x555557145760, 24) = 0 [ 191.587488][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11223] chdir("./56") = 0 [pid 11223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11223] setpgid(0, 0) = 0 [pid 11223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11223] write(3, "1000", 4) = 4 [pid 11223] close(3) = 0 [pid 11223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11223] memfd_create("syzkaller", 0) = 3 [pid 11223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./56/file0", [pid 11223] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 11172] <... write resumed>) = 16777216 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./56/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./56") = 0 [pid 5065] mkdir("./57", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11172] munmap(0x7fda9371b000, 138412032) = 0 ./strace-static-x86_64: Process 11225 attached [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 11225 [pid 11225] set_robust_list(0x555557145760, 24 [pid 11172] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11225] <... set_robust_list resumed>) = 0 [pid 11172] <... openat resumed>) = 4 [pid 11225] chdir("./57" [pid 11172] ioctl(4, LOOP_SET_FD, 3 [pid 11225] <... chdir resumed>) = 0 [pid 11225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11225] setpgid(0, 0) = 0 [pid 11225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11225] write(3, "1000", 4) = 4 [pid 11225] close(3) = 0 [pid 11225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11225] memfd_create("syzkaller", 0 [pid 11172] <... ioctl resumed>) = 0 [pid 11225] <... memfd_create resumed>) = 3 [pid 11172] close(3 [pid 11225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11172] <... close resumed>) = 0 [pid 11225] <... mmap resumed>) = 0x7fda9371b000 [ 191.771166][T11172] loop2: detected capacity change from 0 to 32768 [pid 11172] mkdir("./file0", 0777) = 0 [ 191.821408][T11172] BTRFS: device /dev/loop2 using temp-fsid 1bd77771-5f63-42fe-b64a-1bd26429babf [pid 11172] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 191.898849][T11172] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11172) [ 191.967852][T11172] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 192.023334][T11172] BTRFS info (device loop2): force clearing of disk cache [pid 11218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 192.069373][T11172] BTRFS info (device loop2): setting nodatasum [pid 5069] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 11220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] rmdir("./56/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [ 192.109938][T11172] BTRFS info (device loop2): allowing degraded mounts [pid 5069] rmdir("./56" [pid 11223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./57", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [ 192.151497][T11172] BTRFS info (device loop2): enabling disk space caching [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11226 attached [pid 11226] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 11226 [pid 11226] <... set_robust_list resumed>) = 0 [ 192.201819][T11172] BTRFS info (device loop2): disk space caching is enabled [pid 11226] chdir("./57") = 0 [pid 11226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11226] setpgid(0, 0) = 0 [pid 11226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11226] write(3, "1000", 4) = 4 [pid 11226] close(3) = 0 [pid 11225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11226] memfd_create("syzkaller", 0) = 3 [pid 11226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11220] <... write resumed>) = 16777216 [pid 11220] munmap(0x7fda9371b000, 138412032) = 0 [pid 11220] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11220] close(3) = 0 [ 192.570185][T11220] loop4: detected capacity change from 0 to 32768 [ 192.608867][T11172] BTRFS info (device loop2): enabling ssd optimizations [pid 11220] mkdir("./file0", 0777) = 0 [pid 11220] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11223] <... write resumed>) = 16777216 [ 192.615824][T11172] BTRFS info (device loop2): auto enabling async discard [ 192.625765][T11220] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11220) [ 192.652625][T11172] BTRFS info (device loop2): rebuilding free space tree [pid 11218] <... write resumed>) = 16777216 [pid 11223] munmap(0x7fda9371b000, 138412032) = 0 [ 192.679587][T11220] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 11218] munmap(0x7fda9371b000, 138412032 [pid 11223] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11218] <... munmap resumed>) = 0 [pid 11223] <... openat resumed>) = 4 [pid 11218] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11218] ioctl(4, LOOP_SET_FD, 3 [ 192.728909][T11220] BTRFS info (device loop4): force clearing of disk cache [ 192.738009][T11172] BTRFS info (device loop2): disabling free space tree [ 192.745439][T11220] BTRFS info (device loop4): setting nodatasum [ 192.759994][T11218] loop3: detected capacity change from 0 to 32768 [ 192.766677][T11220] BTRFS info (device loop4): allowing degraded mounts [pid 11223] ioctl(4, LOOP_SET_FD, 3 [pid 11226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11218] <... ioctl resumed>) = 0 [pid 11218] close(3) = 0 [pid 11218] mkdir("./file0", 0777) = 0 [pid 11218] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11223] <... ioctl resumed>) = 0 [pid 11223] close(3) = 0 [ 192.775799][T11223] loop0: detected capacity change from 0 to 32768 [ 192.785541][T11172] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 192.796021][T11218] BTRFS: device /dev/loop3 using temp-fsid 6bd33132-2904-444f-9e7f-b24de21f1831 [ 192.799385][T11220] BTRFS info (device loop4): enabling disk space caching [pid 11223] mkdir("./file0", 0777) = 0 [ 192.823589][T11172] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 192.848580][T11218] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11218) [ 192.850879][T11220] BTRFS info (device loop4): disk space caching is enabled [ 192.874754][T11223] BTRFS: device /dev/loop0 using temp-fsid 55eb3f0e-93f5-4773-985d-4cf960e23719 [ 192.875212][T11172] BTRFS info (device loop2): checking UUID tree [ 192.892875][T11218] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 192.899381][T11223] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11223) [ 192.915769][T11218] BTRFS info (device loop3): force clearing of disk cache [pid 11223] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11172] <... mount resumed>) = 0 [pid 11172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11172] chdir("./file0") = 0 [pid 11172] ioctl(4, LOOP_CLR_FD) = 0 [pid 11172] close(4) = 0 [pid 11172] open("./file0", O_RDONLY) = 4 [ 192.928779][T11218] BTRFS info (device loop3): setting nodatasum [ 192.934983][T11218] BTRFS info (device loop3): allowing degraded mounts [pid 11172] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11172] open("./file0", O_RDONLY) = 5 [pid 11172] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11172] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11172] exit_group(0) = ? [pid 11172] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11172, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./57/binderfs") = 0 [ 192.986055][T11218] BTRFS info (device loop3): enabling disk space caching [ 193.024008][T11223] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11226] <... write resumed>) = 16777216 [pid 11226] munmap(0x7fda9371b000, 138412032 [pid 11225] <... write resumed>) = 16777216 [pid 11226] <... munmap resumed>) = 0 [ 193.027465][T11218] BTRFS info (device loop3): disk space caching is enabled [ 193.040171][ T2497] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 193.047853][T11223] BTRFS info (device loop0): force clearing of disk cache [ 193.066876][T11223] BTRFS info (device loop0): setting nodatasum [ 193.078812][T11223] BTRFS info (device loop0): allowing degraded mounts [pid 11225] munmap(0x7fda9371b000, 138412032) = 0 [pid 11225] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11225] ioctl(4, LOOP_SET_FD, 3 [pid 11226] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 11225] <... ioctl resumed>) = 0 [pid 11226] <... openat resumed>) = 4 [pid 11226] ioctl(4, LOOP_SET_FD, 3 [ 193.086315][T11223] BTRFS info (device loop0): enabling disk space caching [ 193.094815][T11220] BTRFS info (device loop4): enabling ssd optimizations [ 193.101878][T11223] BTRFS info (device loop0): disk space caching is enabled [ 193.106122][T11225] loop1: detected capacity change from 0 to 32768 [ 193.115610][T11220] BTRFS info (device loop4): auto enabling async discard [ 193.116384][T11220] BTRFS info (device loop4): rebuilding free space tree [pid 11225] close(3 [pid 11220] <... mount resumed>) = 0 [pid 11225] <... close resumed>) = 0 [pid 11220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11225] mkdir("./file0", 0777 [pid 11220] chdir("./file0") = 0 [pid 11225] <... mkdir resumed>) = 0 [pid 11220] ioctl(4, LOOP_CLR_FD) = 0 [pid 11220] close(4 [pid 11225] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11220] <... close resumed>) = 0 [pid 11226] <... ioctl resumed>) = 0 [pid 11220] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = 0 [pid 11220] <... open resumed>) = 4 [pid 11226] close(3 [pid 11220] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11226] <... close resumed>) = 0 [pid 11220] <... ioctl resumed>) = 0 [pid 11220] open("./file0", O_RDONLY) = 5 [pid 11220] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11226] mkdir("./file0", 0777) = 0 [pid 11220] <... ioctl resumed>) = 0 [pid 11226] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11220] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11220] exit_group(0) = ? [pid 5066] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11220] +++ exited with 0 +++ [ 193.152116][T11226] loop5: detected capacity change from 0 to 32768 [ 193.181526][T11225] BTRFS: device /dev/loop1 using temp-fsid 6db80ce7-b6b2-4b8e-ba86-82bd633b96c6 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./57/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./57") = 0 [pid 5066] mkdir("./58", 0777 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11220, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5068] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5068] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11288 attached [pid 5068] newfstatat(3, "", [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 11288 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 193.207601][T11225] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11225) [ 193.237295][T11226] BTRFS: device /dev/loop5 using temp-fsid bbb208d9-439b-4f86-acf3-533ec5a79c7d [pid 5068] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11288] set_robust_list(0x555557145760, 24) = 0 [pid 11288] chdir("./58") = 0 [pid 11288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11288] setpgid(0, 0) = 0 [pid 11288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11288] write(3, "1000", 4 [pid 5068] unlink("./57/binderfs") = 0 [pid 5068] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11288] <... write resumed>) = 4 [pid 11288] close(3) = 0 [pid 11288] symlink("/dev/binderfs", "./binderfs" [pid 11218] <... mount resumed>) = 0 [pid 11288] <... symlink resumed>) = 0 [pid 11218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11288] memfd_create("syzkaller", 0 [pid 11218] <... openat resumed>) = 3 [pid 11288] <... memfd_create resumed>) = 3 [pid 11218] chdir("./file0" [pid 11288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11218] <... chdir resumed>) = 0 [pid 11288] <... mmap resumed>) = 0x7fda9371b000 [pid 11218] ioctl(4, LOOP_CLR_FD) = 0 [pid 11218] close(4) = 0 [pid 11218] open("./file0", O_RDONLY) = 4 [ 193.252732][T11226] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11226) [pid 11218] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11218] open("./file0", O_RDONLY) = 5 [pid 11218] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11218] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11218] exit_group(0) = ? [pid 11218] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11218, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11223] <... mount resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] newfstatat(AT_FDCWD, "./56/binderfs", [pid 11223] chdir("./file0") = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11223] ioctl(4, LOOP_CLR_FD [pid 5068] <... umount2 resumed>) = 0 [pid 5067] unlink("./56/binderfs" [pid 11223] <... ioctl resumed>) = 0 [pid 5068] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... unlink resumed>) = 0 [pid 11223] close(4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11223] <... close resumed>) = 0 [pid 11223] open("./file0", O_RDONLY) = 4 [pid 5068] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 11223] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./57/file0") = 0 [pid 5068] getdents64(3, [pid 11225] <... mount resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11223] <... ioctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 11225] <... openat resumed>) = 3 [pid 11223] open("./file0", O_RDONLY [pid 5068] rmdir("./57" [pid 11223] <... open resumed>) = 5 [pid 5068] <... rmdir resumed>) = 0 [pid 11225] chdir("./file0") = 0 [pid 11225] ioctl(4, LOOP_CLR_FD) = 0 [pid 11225] close(4) = 0 [pid 11225] open("./file0", O_RDONLY) = 4 [pid 11223] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] mkdir("./58", 0777 [pid 11225] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11223] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 11223] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] close(3 [pid 11223] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11223] exit_group(0) = ? ./strace-static-x86_64: Process 11326 attached [pid 11225] <... ioctl resumed>) = 0 [pid 11223] +++ exited with 0 +++ [pid 11326] set_robust_list(0x555557145760, 24 [pid 11225] open("./file0", O_RDONLY [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 11326 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11223, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 11225] <... open resumed>) = 5 [pid 11225] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11326] <... set_robust_list resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11326] chdir("./58" [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./56/binderfs" [pid 11326] <... chdir resumed>) = 0 [pid 11225] <... ioctl resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 11326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11326] setpgid(0, 0 [pid 5064] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11326] <... setpgid resumed>) = 0 [pid 11225] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11225] exit_group(0 [pid 11226] <... mount resumed>) = 0 [pid 11225] <... exit_group resumed>) = ? [pid 11326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11226] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11225] +++ exited with 0 +++ [pid 11326] <... openat resumed>) = 3 [pid 11226] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11225, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 11326] write(3, "1000", 4) = 4 [pid 11326] close(3) = 0 [pid 11326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11326] memfd_create("syzkaller", 0 [pid 5065] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 11326] <... memfd_create resumed>) = 3 [pid 11226] chdir("./file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11226] <... chdir resumed>) = 0 [pid 5065] getdents64(3, [pid 11326] <... mmap resumed>) = 0x7fda9371b000 [pid 11226] ioctl(4, LOOP_CLR_FD [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11226] <... ioctl resumed>) = 0 [pid 5067] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./57/binderfs", [pid 11226] close(4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./57/binderfs" [pid 11226] <... close resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./56/file0", [pid 5065] <... unlink resumed>) = 0 [pid 11226] open("./file0", O_RDONLY) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11226] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 11226] <... ioctl resumed>) = 0 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11226] open("./file0", O_RDONLY [pid 5067] getdents64(4, [pid 11226] <... open resumed>) = 5 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11226] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] getdents64(4, [pid 11226] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 11226] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... close resumed>) = 0 [pid 11226] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] rmdir("./56/file0") = 0 [pid 11226] exit_group(0) = ? [pid 5067] getdents64(3, [pid 11226] +++ exited with 0 +++ [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11226, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 5067] close(3) = 0 [pid 5067] rmdir("./56") = 0 [pid 5067] mkdir("./57", 0777 [pid 5069] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./57/binderfs") = 0 [pid 5069] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 11329 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 11329 attached [pid 11329] set_robust_list(0x555557145760, 24 [pid 5064] newfstatat(AT_FDCWD, "./56/file0", [pid 11329] <... set_robust_list resumed>) = 0 [pid 11329] chdir("./57") = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11329] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11329] <... prctl resumed>) = 0 [pid 11329] setpgid(0, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11329] <... setpgid resumed>) = 0 [pid 11329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11329] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 4 [pid 11329] write(3, "1000", 4) = 4 [pid 5064] newfstatat(4, "", [pid 11329] close(3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11329] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 11329] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 11329] <... symlink resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11329] memfd_create("syzkaller", 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./56/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./56") = 0 [pid 5064] mkdir("./57", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11332 ./strace-static-x86_64: Process 11332 attached [pid 11332] set_robust_list(0x555557145760, 24) = 0 [pid 11332] chdir("./57") = 0 [pid 11332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11332] setpgid(0, 0) = 0 [pid 11332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11332] write(3, "1000", 4) = 4 [pid 11332] close(3) = 0 [pid 11332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11329] <... memfd_create resumed>) = 3 [pid 11332] memfd_create("syzkaller", 0) = 3 [pid 11332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./57/file0", [pid 5065] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./57/file0", [pid 5069] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] getdents64(4, [pid 5065] <... openat resumed>) = 4 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(4, "", [pid 5069] close(4) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] rmdir("./57/file0" [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... rmdir resumed>) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(3, [pid 5065] close(4) = 0 [pid 5065] rmdir("./57/file0" [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5069] close(3 [pid 5065] getdents64(3, [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./57") = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 11326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] rmdir("./57") = 0 [pid 5065] mkdir("./58", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11333 [pid 5069] mkdir("./58", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 ./strace-static-x86_64: Process 11333 attached [pid 11333] set_robust_list(0x555557145760, 24) = 0 [pid 11333] chdir("./58") = 0 [pid 11333] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] ioctl(3, LOOP_CLR_FD [pid 11333] <... prctl resumed>) = 0 [pid 5069] <... ioctl resumed>) = 0 [pid 11333] setpgid(0, 0 [pid 5069] close(3 [pid 11333] <... setpgid resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 11333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11333] write(3, "1000", 4) = 4 [pid 11333] close(3) = 0 [pid 11333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11333] memfd_create("syzkaller", 0./strace-static-x86_64: Process 11334 attached ) = 3 [pid 11333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11334] set_robust_list(0x555557145760, 24) = 0 [pid 11334] chdir("./58" [pid 11288] <... write resumed>) = 16777216 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 11334 [pid 11334] <... chdir resumed>) = 0 [pid 11334] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11288] munmap(0x7fda9371b000, 138412032 [pid 11334] <... prctl resumed>) = 0 [pid 11288] <... munmap resumed>) = 0 [pid 11334] setpgid(0, 0) = 0 [pid 11334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11288] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11334] <... openat resumed>) = 3 [pid 11332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11288] <... openat resumed>) = 4 [pid 11334] write(3, "1000", 4 [pid 11288] ioctl(4, LOOP_SET_FD, 3 [pid 11334] <... write resumed>) = 4 [pid 11334] close(3) = 0 [pid 11334] symlink("/dev/binderfs", "./binderfs" [pid 11288] <... ioctl resumed>) = 0 [pid 11288] close(3) = 0 [ 194.379931][T11288] loop2: detected capacity change from 0 to 32768 [pid 11288] mkdir("./file0", 0777 [pid 11334] <... symlink resumed>) = 0 [pid 11329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11288] <... mkdir resumed>) = 0 [pid 11334] memfd_create("syzkaller", 0 [pid 11288] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11334] <... memfd_create resumed>) = 3 [pid 11334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 194.471225][T11288] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11288) [pid 11329] <... write resumed>) = 16777216 [pid 11329] munmap(0x7fda9371b000, 138412032) = 0 [pid 11329] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11329] ioctl(4, LOOP_SET_FD, 3) = 0 [ 194.791725][T11329] loop3: detected capacity change from 0 to 32768 [pid 11329] close(3) = 0 [pid 11329] mkdir("./file0", 0777) = 0 [pid 11329] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 194.892288][T11329] BTRFS: device /dev/loop3 using temp-fsid 6d60cb82-8a9b-41d2-9d90-7d8e08e863d2 [pid 11333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11288] <... mount resumed>) = 0 [pid 11288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11288] chdir("./file0") = 0 [pid 11288] ioctl(4, LOOP_CLR_FD) = 0 [pid 11288] close(4) = 0 [ 194.939637][T11329] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11329) [pid 11288] open("./file0", O_RDONLY) = 4 [pid 11288] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11288] open("./file0", O_RDONLY) = 5 [pid 11288] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11288] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11288] exit_group(0) = ? [pid 11288] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11288, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=18 /* 0.18 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5066] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./58/binderfs") = 0 [pid 5066] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11326] <... write resumed>) = 16777216 [pid 11334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11326] munmap(0x7fda9371b000, 138412032) = 0 [pid 11326] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11326] close(3) = 0 [pid 11326] mkdir("./file0", 0777) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./58/file0", [ 195.154162][T11326] loop4: detected capacity change from 0 to 32768 [pid 11326] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11332] <... write resumed>) = 16777216 [pid 5066] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11332] munmap(0x7fda9371b000, 138412032 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11332] <... munmap resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 11332] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11332] <... openat resumed>) = 4 [ 195.217856][T11326] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11326) [pid 5066] getdents64(4, [pid 11332] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./58/file0") = 0 [pid 11332] <... ioctl resumed>) = 0 [pid 11332] close(3 [pid 5066] getdents64(3, [pid 11332] <... close resumed>) = 0 [pid 11332] mkdir("./file0", 0777 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11332] <... mkdir resumed>) = 0 [pid 11332] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] close(3) = 0 [pid 5066] rmdir("./58") = 0 [ 195.262529][T11332] loop0: detected capacity change from 0 to 32768 [pid 5066] mkdir("./59", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 195.311744][T11329] _btrfs_printk: 72 callbacks suppressed [ 195.311756][T11329] BTRFS info (device loop3): disabling free space tree [ 195.332303][T11326] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 195.346217][T11332] BTRFS: device /dev/loop0 using temp-fsid 0f632de5-f659-44aa-bdeb-b95b5e902a6c [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [ 195.355555][T11329] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 195.398888][T11326] BTRFS info (device loop4): force clearing of disk cache [ 195.407042][T11332] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11332) [ 195.433423][T11326] BTRFS info (device loop4): setting nodatasum [ 195.440438][T11329] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 195.462488][T11326] BTRFS info (device loop4): allowing degraded mounts [ 195.473986][T11332] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 195.481878][T11326] BTRFS info (device loop4): enabling disk space caching [ 195.492946][T11329] BTRFS info (device loop3): checking UUID tree [pid 5066] close(3 [pid 11329] <... mount resumed>) = 0 [pid 11329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11329] chdir("./file0") = 0 [pid 11329] ioctl(4, LOOP_CLR_FD) = 0 [pid 11329] close(4) = 0 [pid 11329] open("./file0", O_RDONLY) = 4 [pid 11333] <... write resumed>) = 16777216 [pid 11329] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 195.508865][T11326] BTRFS info (device loop4): disk space caching is enabled [ 195.523835][T11332] BTRFS info (device loop0): force clearing of disk cache [pid 11333] munmap(0x7fda9371b000, 138412032) = 0 [pid 11329] <... ioctl resumed>) = 0 [pid 11329] open("./file0", O_RDONLY) = 5 [pid 11329] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11329] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11329] exit_group(0) = ? [pid 11329] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11329, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./57/binderfs") = 0 [pid 11333] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5067] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 195.578971][T11332] BTRFS info (device loop0): setting nodatasum [ 195.596325][T11333] loop1: detected capacity change from 0 to 32768 [ 195.618886][T11332] BTRFS info (device loop0): allowing degraded mounts [pid 11333] ioctl(4, LOOP_SET_FD, 3 [pid 11334] <... write resumed>) = 16777216 [pid 11334] munmap(0x7fda9371b000, 138412032) = 0 [pid 11333] <... ioctl resumed>) = 0 [pid 11334] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 11334] ioctl(4, LOOP_SET_FD, 3 [pid 11333] close(3) = 0 [ 195.632992][ T2497] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 195.650527][T11332] BTRFS info (device loop0): enabling disk space caching [ 195.660305][T11332] BTRFS info (device loop0): disk space caching is enabled [ 195.661119][T11334] loop5: detected capacity change from 0 to 32768 [pid 11333] mkdir("./file0", 0777) = 0 [pid 11333] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11334] <... ioctl resumed>) = 0 [pid 11334] close(3 [pid 5066] <... close resumed>) = 0 [pid 11334] <... close resumed>) = 0 [pid 11334] mkdir("./file0", 0777 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11334] <... mkdir resumed>) = 0 [pid 11334] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,"./strace-static-x86_64: Process 11387 attached [pid 11387] set_robust_list(0x555557145760, 24) = 0 [pid 11387] chdir("./59") = 0 [pid 11387] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 11387 [pid 11387] <... prctl resumed>) = 0 [ 195.679312][T11333] BTRFS: device /dev/loop1 using temp-fsid 60159d86-0913-42fa-a880-4e822fa41dfc [ 195.701102][T11333] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11333) [ 195.724239][T11333] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 11387] setpgid(0, 0 [pid 5067] <... umount2 resumed>) = 0 [pid 11387] <... setpgid resumed>) = 0 [pid 11387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11387] write(3, "1000", 4) = 4 [pid 11387] close(3) = 0 [pid 11387] symlink("/dev/binderfs", "./binderfs" [pid 5067] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11387] <... symlink resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11387] memfd_create("syzkaller", 0) = 3 [pid 11387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 195.730895][T11334] BTRFS: device /dev/loop5 using temp-fsid df9d93e0-5599-4e61-957f-791c747b3ece [ 195.734946][T11333] BTRFS info (device loop1): force clearing of disk cache [ 195.751065][T11333] BTRFS info (device loop1): setting nodatasum [ 195.757521][T11333] BTRFS info (device loop1): allowing degraded mounts [ 195.765386][T11333] BTRFS info (device loop1): enabling disk space caching [ 195.775398][T11333] BTRFS info (device loop1): disk space caching is enabled [pid 5067] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./57/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [ 195.785593][T11334] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11334) [ 195.820180][T11334] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5067] rmdir("./57") = 0 [pid 5067] mkdir("./58", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11413 ./strace-static-x86_64: Process 11413 attached [pid 11413] set_robust_list(0x555557145760, 24) = 0 [pid 11413] chdir("./58") = 0 [pid 11413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11413] setpgid(0, 0) = 0 [pid 11413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 195.832665][T11326] BTRFS info (device loop4): enabling ssd optimizations [ 195.839789][T11326] BTRFS info (device loop4): auto enabling async discard [ 195.848162][T11334] BTRFS info (device loop5): force clearing of disk cache [ 195.858050][T11334] BTRFS info (device loop5): setting nodatasum [ 195.868565][T11326] BTRFS info (device loop4): rebuilding free space tree [ 195.871258][T11332] BTRFS info (device loop0): enabling ssd optimizations [pid 11413] write(3, "1000", 4) = 4 [pid 11413] close(3) = 0 [pid 11413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11413] memfd_create("syzkaller", 0) = 3 [pid 11413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 195.911902][T11326] BTRFS info (device loop4): disabling free space tree [ 195.923457][T11334] BTRFS info (device loop5): allowing degraded mounts [ 195.938801][T11333] BTRFS info (device loop1): enabling ssd optimizations [ 195.945749][T11333] BTRFS info (device loop1): auto enabling async discard [ 195.954797][T11326] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 195.957087][T11332] BTRFS info (device loop0): auto enabling async discard [ 195.978444][T11334] BTRFS info (device loop5): enabling disk space caching [ 195.987216][T11332] BTRFS info (device loop0): rebuilding free space tree [ 196.006893][T11332] BTRFS info (device loop0): disabling free space tree [ 196.008899][T11334] BTRFS info (device loop5): disk space caching is enabled [ 196.021949][T11326] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 196.033365][T11332] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 196.049786][T11333] BTRFS info (device loop1): rebuilding free space tree [ 196.056987][T11332] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 196.085645][T11332] BTRFS info (device loop0): checking UUID tree [ 196.086347][T11326] BTRFS info (device loop4): checking UUID tree [pid 11387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11326] <... mount resumed>) = 0 [pid 11326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11332] <... mount resumed>) = 0 [pid 11326] <... openat resumed>) = 3 [pid 11332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11326] chdir("./file0" [pid 11332] <... openat resumed>) = 3 [pid 11326] <... chdir resumed>) = 0 [pid 11332] chdir("./file0" [pid 11326] ioctl(4, LOOP_CLR_FD [pid 11332] <... chdir resumed>) = 0 [pid 11326] <... ioctl resumed>) = 0 [pid 11332] ioctl(4, LOOP_CLR_FD [pid 11326] close(4 [pid 11332] <... ioctl resumed>) = 0 [pid 11326] <... close resumed>) = 0 [pid 11332] close(4 [pid 11326] open("./file0", O_RDONLY [pid 11332] <... close resumed>) = 0 [pid 11326] <... open resumed>) = 4 [pid 11332] open("./file0", O_RDONLY [pid 11326] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11332] <... open resumed>) = 4 [pid 11332] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11326] <... ioctl resumed>) = 0 [ 196.133108][T11333] BTRFS info (device loop1): disabling free space tree [ 196.165007][T11333] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 11326] open("./file0", O_RDONLY) = 5 [pid 11332] <... ioctl resumed>) = 0 [pid 11326] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11332] open("./file0", O_RDONLY) = 5 [pid 11332] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11326] <... ioctl resumed>) = 0 [pid 11326] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11326] exit_group(0 [pid 11333] <... mount resumed>) = 0 [pid 11332] <... ioctl resumed>) = 0 [pid 11326] <... exit_group resumed>) = ? [pid 11333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11332] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11326] +++ exited with 0 +++ [pid 11333] chdir("./file0" [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11326, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- [pid 11333] <... chdir resumed>) = 0 [pid 11333] ioctl(4, LOOP_CLR_FD [pid 11332] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 196.214963][T11333] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 196.232054][T11333] BTRFS info (device loop1): checking UUID tree [ 196.242075][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 11332] exit_group(0 [pid 11333] <... ioctl resumed>) = 0 [pid 5068] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11333] close(4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11333] <... close resumed>) = 0 [pid 11333] open("./file0", O_RDONLY [pid 11332] <... exit_group resumed>) = ? [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 11333] <... open resumed>) = 4 [pid 11332] +++ exited with 0 +++ [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11332, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [pid 5064] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11333] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5064] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] unlink("./58/binderfs" [pid 5064] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... unlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./57/binderfs", [pid 5068] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 196.288828][T11334] BTRFS info (device loop5): enabling ssd optimizations [ 196.295798][T11334] BTRFS info (device loop5): auto enabling async discard [ 196.320379][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] unlink("./57/binderfs") = 0 [pid 11333] <... ioctl resumed>) = 0 [pid 5064] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11333] open("./file0", O_RDONLY) = 5 [pid 11333] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11333] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11333] exit_group(0) = ? [pid 11333] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11333, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 196.389311][T11334] BTRFS info (device loop5): rebuilding free space tree [ 196.399902][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] getdents64(3, [pid 11387] <... write resumed>) = 16777216 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11387] munmap(0x7fda9371b000, 138412032 [pid 5065] unlink("./58/binderfs") = 0 [pid 5065] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11387] <... munmap resumed>) = 0 [pid 11334] <... mount resumed>) = 0 [pid 11334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11334] chdir("./file0") = 0 [pid 11387] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11334] ioctl(4, LOOP_CLR_FD [pid 11387] <... openat resumed>) = 4 [pid 11334] <... ioctl resumed>) = 0 [ 196.473380][T11334] BTRFS info (device loop5): disabling free space tree [ 196.488222][T11334] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 196.498702][T11334] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 196.514869][T11334] BTRFS info (device loop5): checking UUID tree [pid 11387] ioctl(4, LOOP_SET_FD, 3 [pid 11334] close(4) = 0 [pid 11334] open("./file0", O_RDONLY) = 4 [pid 11334] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11334] open("./file0", O_RDONLY) = 5 [pid 11334] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./57/file0", [pid 11334] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11334] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11334] exit_group(0 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 11334] <... exit_group resumed>) = ? [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 11334] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11334, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5064] close(4 [pid 5069] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] rmdir("./57/file0" [pid 5069] <... openat resumed>) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 11387] <... ioctl resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5064] getdents64(3, [pid 11387] close(3) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(3, [pid 5064] close(3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... close resumed>) = 0 [pid 5069] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] rmdir("./57") = 0 [pid 11387] mkdir("./file0", 0777 [pid 5064] mkdir("./58", 0777 [pid 11387] <... mkdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11387] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [ 196.598867][T11387] loop2: detected capacity change from 0 to 32768 [ 196.622763][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5064] close(3 [pid 5069] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./58/binderfs") = 0 [pid 5069] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11439 ./strace-static-x86_64: Process 11439 attached [pid 11439] set_robust_list(0x555557145760, 24) = 0 [pid 11439] chdir("./58") = 0 [pid 11439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 196.637662][T11387] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11387) [pid 11439] setpgid(0, 0) = 0 [pid 11439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... umount2 resumed>) = 0 [pid 11439] <... openat resumed>) = 3 [pid 5068] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11439] write(3, "1000", 4 [pid 5068] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 11439] <... write resumed>) = 4 [pid 11439] close(3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./58/file0" [pid 11439] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 11439] symlink("/dev/binderfs", "./binderfs" [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 11439] <... symlink resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./58" [pid 11439] memfd_create("syzkaller", 0 [pid 5068] <... rmdir resumed>) = 0 [pid 11439] <... memfd_create resumed>) = 3 [pid 5068] mkdir("./59", 0777 [pid 11439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11440 ./strace-static-x86_64: Process 11440 attached [pid 11440] set_robust_list(0x555557145760, 24 [pid 11439] <... mmap resumed>) = 0x7fda9371b000 [pid 11440] <... set_robust_list resumed>) = 0 [pid 11440] chdir("./59") = 0 [pid 11440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11440] setpgid(0, 0) = 0 [pid 11440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11440] write(3, "1000", 4) = 4 [pid 11440] close(3) = 0 [pid 11440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11440] memfd_create("syzkaller", 0) = 3 [pid 11440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 196.769342][T11387] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 196.778602][T11387] BTRFS info (device loop2): force clearing of disk cache [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./58/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./58") = 0 [pid 5065] mkdir("./59", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] close(3 [pid 5069] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11442 [pid 5069] newfstatat(AT_FDCWD, "./58/file0", ./strace-static-x86_64: Process 11442 attached [pid 11442] set_robust_list(0x555557145760, 24) = 0 [pid 11442] chdir("./59" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11442] <... chdir resumed>) = 0 [pid 5069] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11442] setpgid(0, 0 [pid 5069] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11442] <... setpgid resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 11442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] newfstatat(4, "", [pid 11442] <... openat resumed>) = 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11442] write(3, "1000", 4 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11442] <... write resumed>) = 4 [pid 5069] close(4) = 0 [ 196.879569][T11387] BTRFS info (device loop2): setting nodatasum [ 196.905022][T11387] BTRFS info (device loop2): allowing degraded mounts [pid 11442] close(3) = 0 [pid 5069] rmdir("./58/file0" [pid 11442] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... rmdir resumed>) = 0 [pid 11442] <... symlink resumed>) = 0 [pid 5069] getdents64(3, [pid 11442] memfd_create("syzkaller", 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./58") = 0 [pid 5069] mkdir("./59", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 11442] <... memfd_create resumed>) = 3 [pid 5069] <... ioctl resumed>) = 0 [pid 11442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] close(3 [pid 11442] <... mmap resumed>) = 0x7fda9371b000 [pid 11413] <... write resumed>) = 16777216 [pid 5069] <... close resumed>) = 0 [ 196.944668][T11387] BTRFS info (device loop2): enabling disk space caching [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11443 attached [pid 11443] set_robust_list(0x555557145760, 24 [pid 11413] munmap(0x7fda9371b000, 138412032 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 11443 [pid 11413] <... munmap resumed>) = 0 [pid 11443] <... set_robust_list resumed>) = 0 [pid 11413] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11443] chdir("./59" [pid 11413] <... openat resumed>) = 4 [pid 11443] <... chdir resumed>) = 0 [pid 11413] ioctl(4, LOOP_SET_FD, 3 [pid 11443] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11413] <... ioctl resumed>) = 0 [pid 11443] <... prctl resumed>) = 0 [pid 11443] setpgid(0, 0) = 0 [pid 11443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11443] write(3, "1000", 4) = 4 [pid 11413] close(3) = 0 [ 196.990013][T11387] BTRFS info (device loop2): disk space caching is enabled [ 197.021089][T11413] loop3: detected capacity change from 0 to 32768 [pid 11413] mkdir("./file0", 0777 [pid 11443] close(3 [pid 11413] <... mkdir resumed>) = 0 [pid 11443] <... close resumed>) = 0 [pid 11413] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11443] memfd_create("syzkaller", 0) = 3 [ 197.062892][T11413] BTRFS: device /dev/loop3 using temp-fsid ffc509bd-a80a-441b-a607-369a46a2936a [ 197.072332][T11413] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11413) [ 197.087969][T11413] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 197.098022][T11413] BTRFS info (device loop3): force clearing of disk cache [ 197.105911][T11413] BTRFS info (device loop3): setting nodatasum [pid 11443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 197.113470][T11413] BTRFS info (device loop3): allowing degraded mounts [ 197.120503][T11413] BTRFS info (device loop3): enabling disk space caching [ 197.127662][T11413] BTRFS info (device loop3): disk space caching is enabled [pid 11442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 197.279794][T11387] BTRFS info (device loop2): enabling ssd optimizations [ 197.338816][T11387] BTRFS info (device loop2): auto enabling async discard [ 197.394282][T11387] BTRFS info (device loop2): rebuilding free space tree [ 197.433323][T11413] BTRFS info (device loop3): enabling ssd optimizations [pid 11440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 197.450900][T11413] BTRFS info (device loop3): auto enabling async discard [ 197.486326][T11387] BTRFS info (device loop2): disabling free space tree [ 197.498995][T11413] BTRFS info (device loop3): rebuilding free space tree [ 197.522651][T11387] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 197.551472][T11413] BTRFS info (device loop3): disabling free space tree [ 197.558373][T11413] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 197.595292][T11387] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 197.640975][T11413] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 197.680263][T11387] BTRFS info (device loop2): checking UUID tree [pid 11443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11387] <... mount resumed>) = 0 [pid 11387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11387] chdir("./file0") = 0 [pid 11387] ioctl(4, LOOP_CLR_FD) = 0 [pid 11387] close(4) = 0 [pid 11413] <... mount resumed>) = 0 [pid 11387] open("./file0", O_RDONLY) = 4 [pid 11387] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11413] chdir("./file0") = 0 [pid 11413] ioctl(4, LOOP_CLR_FD) = 0 [ 197.702080][T11413] BTRFS info (device loop3): checking UUID tree [pid 11413] close(4) = 0 [pid 11413] open("./file0", O_RDONLY) = 4 [pid 11413] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11413] open("./file0", O_RDONLY) = 5 [pid 11413] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11387] <... ioctl resumed>) = 0 [pid 11413] <... ioctl resumed>) = 0 [pid 11413] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11413] exit_group(0) = ? [pid 11387] open("./file0", O_RDONLY) = 5 [pid 11387] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11387] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11413] +++ exited with 0 +++ [pid 11387] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11387] exit_group(0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11413, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 11387] <... exit_group resumed>) = ? [pid 11387] +++ exited with 0 +++ [pid 5067] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11387, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- [pid 5067] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5067] newfstatat(3, "", [pid 5066] <... restart_syscall resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5066] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(3, "", [pid 5067] unlink("./58/binderfs" [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5066] getdents64(3, [pid 5067] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./59/binderfs") = 0 [ 197.804497][ T2497] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 197.840903][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11442] <... write resumed>) = 16777216 [pid 11442] munmap(0x7fda9371b000, 138412032) = 0 [pid 11442] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11442] close(3) = 0 [pid 11439] <... write resumed>) = 16777216 [pid 11442] mkdir("./file0", 0777 [pid 11439] munmap(0x7fda9371b000, 138412032) = 0 [ 197.970497][T11442] loop1: detected capacity change from 0 to 32768 [pid 11442] <... mkdir resumed>) = 0 [pid 11440] <... write resumed>) = 16777216 [pid 11439] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] <... umount2 resumed>) = 0 [pid 11442] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11440] munmap(0x7fda9371b000, 138412032 [pid 11439] <... openat resumed>) = 4 [pid 5067] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11443] <... write resumed>) = 16777216 [pid 11440] <... munmap resumed>) = 0 [pid 11439] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(4) = 0 [pid 5066] rmdir("./59/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 11443] munmap(0x7fda9371b000, 138412032 [pid 11440] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11439] <... ioctl resumed>) = 0 [ 198.031015][T11442] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11442) [ 198.052425][T11439] loop0: detected capacity change from 0 to 32768 [pid 5067] newfstatat(AT_FDCWD, "./58/file0", [pid 5066] <... close resumed>) = 0 [pid 11443] <... munmap resumed>) = 0 [pid 11440] <... openat resumed>) = 4 [pid 11439] close(3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11440] ioctl(4, LOOP_SET_FD, 3 [pid 11439] <... close resumed>) = 0 [pid 5067] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./59" [pid 11439] mkdir("./file0", 0777 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11443] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 11439] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... rmdir resumed>) = 0 [pid 11443] <... openat resumed>) = 4 [pid 11439] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... openat resumed>) = 4 [pid 11443] ioctl(4, LOOP_SET_FD, 3 [pid 5067] newfstatat(4, "", [pid 5066] mkdir("./60", 0777 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] getdents64(4, [pid 5066] <... openat resumed>) = 3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 11440] <... ioctl resumed>) = 0 [pid 5067] getdents64(4, [pid 11440] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11440] <... close resumed>) = 0 [pid 5067] close(4 [pid 11440] mkdir("./file0", 0777 [pid 5067] <... close resumed>) = 0 [pid 11440] <... mkdir resumed>) = 0 [pid 5067] rmdir("./58/file0" [pid 11440] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./58") = 0 [pid 5067] mkdir("./59", 0777) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 11478 attached ) = 0 [pid 11478] set_robust_list(0x555557145760, 24 [pid 5067] close(3 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 11478 [pid 11478] <... set_robust_list resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 11478] chdir("./60" [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11479 [pid 11478] <... chdir resumed>) = 0 [ 198.083768][T11440] loop4: detected capacity change from 0 to 32768 [ 198.094021][T11442] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 198.095128][T11443] loop5: detected capacity change from 0 to 32768 [ 198.113925][T11439] BTRFS: device /dev/loop0 using temp-fsid 1ce8165a-9f0a-4ef6-bacc-08651356485e [ 198.126225][T11442] BTRFS info (device loop1): force clearing of disk cache [pid 11478] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 11479 attached ) = 0 [pid 11479] set_robust_list(0x555557145760, 24) = 0 [pid 11479] chdir("./59") = 0 [pid 11479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11479] setpgid(0, 0) = 0 [pid 11479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11479] write(3, "1000", 4) = 4 [pid 11479] close(3) = 0 [pid 11479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11479] memfd_create("syzkaller", 0) = 3 [pid 11479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11478] setpgid(0, 0 [pid 11443] <... ioctl resumed>) = 0 [pid 11443] close(3) = 0 [pid 11443] mkdir("./file0", 0777) = 0 [pid 11443] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11478] <... setpgid resumed>) = 0 [pid 11478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 198.149436][T11439] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11439) [ 198.158822][T11442] BTRFS info (device loop1): setting nodatasum [ 198.179323][T11442] BTRFS info (device loop1): allowing degraded mounts [pid 11478] write(3, "1000", 4) = 4 [pid 11478] close(3) = 0 [pid 11478] symlink("/dev/binderfs", "./binderfs") = 0 [ 198.195554][T11442] BTRFS info (device loop1): enabling disk space caching [ 198.210119][T11440] BTRFS: device /dev/loop4 using temp-fsid 5040fa07-69b0-4f52-8d1e-c4c4bb3046d5 [ 198.228884][T11442] BTRFS info (device loop1): disk space caching is enabled [ 198.229087][T11439] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 11478] memfd_create("syzkaller", 0) = 3 [pid 11478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 198.249983][T11440] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11440) [ 198.274604][T11439] BTRFS info (device loop0): force clearing of disk cache [ 198.291930][T11439] BTRFS info (device loop0): setting nodatasum [ 198.298269][T11443] BTRFS: device /dev/loop5 using temp-fsid cd07293c-38a6-4eee-84ac-595abc9be88f [ 198.318826][T11440] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 198.328038][T11440] BTRFS info (device loop4): force clearing of disk cache [ 198.351358][T11443] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11443) [pid 11478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11442] <... mount resumed>) = 0 [pid 11442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11442] chdir("./file0") = 0 [pid 11442] ioctl(4, LOOP_CLR_FD) = 0 [pid 11442] close(4 [pid 11443] <... mount resumed>) = 0 [pid 11443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11439] <... mount resumed>) = 0 [pid 11442] <... close resumed>) = 0 [pid 11443] <... openat resumed>) = 3 [pid 11439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11443] chdir("./file0" [pid 11442] open("./file0", O_RDONLY [pid 11439] <... openat resumed>) = 3 [pid 11443] <... chdir resumed>) = 0 [pid 11443] ioctl(4, LOOP_CLR_FD [pid 11439] chdir("./file0" [pid 11443] <... ioctl resumed>) = 0 [pid 11439] <... chdir resumed>) = 0 [pid 11443] close(4 [pid 11442] <... open resumed>) = 4 [pid 11439] ioctl(4, LOOP_CLR_FD [pid 11443] <... close resumed>) = 0 [pid 11439] <... ioctl resumed>) = 0 [pid 11443] open("./file0", O_RDONLY [pid 11439] close(4 [pid 11443] <... open resumed>) = 4 [pid 11439] <... close resumed>) = 0 [pid 11442] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11443] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11439] open("./file0", O_RDONLY) = 4 [pid 11439] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11443] <... ioctl resumed>) = 0 [pid 11443] open("./file0", O_RDONLY) = 5 [pid 11443] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11443] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11443] exit_group(0) = ? [pid 11443] +++ exited with 0 +++ [pid 11442] <... ioctl resumed>) = 0 [pid 11442] open("./file0", O_RDONLY [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11443, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- [pid 5069] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11442] <... open resumed>) = 5 [pid 11442] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 11439] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11439] open("./file0", O_RDONLY [pid 5069] newfstatat(AT_FDCWD, "./59/binderfs", [pid 11442] <... ioctl resumed>) = 0 [pid 11439] <... open resumed>) = 5 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11442] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11439] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] unlink("./59/binderfs") = 0 [pid 11442] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11439] <... ioctl resumed>) = 0 [pid 5069] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11442] exit_group(0 [pid 11439] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11442] <... exit_group resumed>) = ? [pid 11442] +++ exited with 0 +++ [pid 11439] exit_group(0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11442, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 11440] <... mount resumed>) = 0 [pid 11439] <... exit_group resumed>) = ? [pid 5065] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11439] +++ exited with 0 +++ [pid 5065] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11439, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- [pid 11440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] newfstatat(3, "", [pid 11440] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11440] chdir("./file0" [pid 5065] getdents64(3, [pid 5064] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11440] <... chdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11440] ioctl(4, LOOP_CLR_FD [pid 5065] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11440] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 11440] close(4 [pid 5065] newfstatat(AT_FDCWD, "./59/binderfs", [pid 11440] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 11440] open("./file0", O_RDONLY [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11440] <... open resumed>) = 4 [pid 5065] unlink("./59/binderfs" [pid 5064] getdents64(3, [pid 11440] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./58/binderfs") = 0 [pid 5064] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11440] <... ioctl resumed>) = 0 [pid 11440] open("./file0", O_RDONLY) = 5 [pid 11440] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11440] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11440] exit_group(0) = ? [pid 11440] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11440, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 5068] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./59/binderfs") = 0 [pid 5068] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./59/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./59") = 0 [pid 5069] mkdir("./60", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5065] <... umount2 resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] close(3 [pid 5065] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, ./strace-static-x86_64: Process 11548 attached 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11548] set_robust_list(0x555557145760, 24 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11548] <... set_robust_list resumed>) = 0 [pid 5065] close(4 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 11548 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./59/file0" [pid 11548] chdir("./60" [pid 5065] <... rmdir resumed>) = 0 [pid 11548] <... chdir resumed>) = 0 [pid 5065] getdents64(3, [pid 11548] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./59" [pid 11548] <... prctl resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 11548] setpgid(0, 0 [pid 5065] mkdir("./60", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 11548] <... setpgid resumed>) = 0 [pid 5064] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11548] <... openat resumed>) = 3 [pid 5064] newfstatat(AT_FDCWD, "./58/file0", [pid 11548] write(3, "1000", 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 11549 attached [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 11549 [pid 11549] set_robust_list(0x555557145760, 24) = 0 [pid 11549] chdir("./60") = 0 [pid 11549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11548] <... write resumed>) = 4 [pid 5064] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11549] setpgid(0, 0) = 0 [pid 11549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11549] <... openat resumed>) = 3 [pid 11549] write(3, "1000", 4 [pid 5064] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11549] <... write resumed>) = 4 [pid 11548] close(3 [pid 5068] <... umount2 resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 11549] close(3 [pid 11548] <... close resumed>) = 0 [pid 5068] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./59/file0", [pid 11548] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11549] <... close resumed>) = 0 [pid 5068] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11549] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... openat resumed>) = 4 [pid 5064] getdents64(4, [pid 11548] <... symlink resumed>) = 0 [pid 5068] newfstatat(4, "", [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11549] <... symlink resumed>) = 0 [pid 11549] memfd_create("syzkaller", 0) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] getdents64(4, [pid 11549] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 11548] memfd_create("syzkaller", 0 [pid 5068] getdents64(4, [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11548] <... memfd_create resumed>) = 3 [pid 5064] close(4 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] close(4 [pid 5064] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./59/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5064] rmdir("./58/file0" [pid 11548] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] rmdir("./59") = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5068] mkdir("./60", 0777 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5064] close(3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... close resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5064] rmdir("./58" [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./59", 0777 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 11550 [pid 5064] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 11550 attached [pid 11550] set_robust_list(0x555557145760, 24) = 0 [pid 11550] chdir("./60" [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 11550] <... chdir resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 11550] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] close(3) = 0 [pid 11550] <... prctl resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11550] setpgid(0, 0) = 0 [pid 11550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 11551 attached ) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 11551 [pid 11551] set_robust_list(0x555557145760, 24 [pid 11550] write(3, "1000", 4) = 4 [pid 11550] close(3) = 0 [pid 11550] symlink("/dev/binderfs", "./binderfs" [pid 11551] <... set_robust_list resumed>) = 0 [pid 11550] <... symlink resumed>) = 0 [pid 11551] chdir("./59" [pid 11550] memfd_create("syzkaller", 0) = 3 [pid 11550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11551] <... chdir resumed>) = 0 [pid 11551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11551] setpgid(0, 0) = 0 [pid 11551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11551] write(3, "1000", 4) = 4 [pid 11551] close(3) = 0 [pid 11551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11551] memfd_create("syzkaller", 0) = 3 [pid 11551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11478] <... write resumed>) = 16777216 [pid 11478] munmap(0x7fda9371b000, 138412032) = 0 [pid 11478] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11478] ioctl(4, LOOP_SET_FD, 3 [pid 11479] <... write resumed>) = 16777216 [pid 11478] <... ioctl resumed>) = 0 [pid 11478] close(3) = 0 [pid 11478] mkdir("./file0", 0777) = 0 [ 199.260176][T11478] loop2: detected capacity change from 0 to 32768 [pid 11478] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11479] munmap(0x7fda9371b000, 138412032) = 0 [pid 11479] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 199.305965][T11478] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11478) [pid 11479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11479] close(3) = 0 [pid 11479] mkdir("./file0", 0777) = 0 [ 199.366214][T11479] loop3: detected capacity change from 0 to 32768 [ 199.427276][T11479] BTRFS: device /dev/loop3 using temp-fsid 553a5fd3-0d37-408a-8455-4799ea246b82 [pid 11479] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 199.522468][T11479] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11479) [pid 11550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11548] <... write resumed>) = 16777216 [pid 11548] munmap(0x7fda9371b000, 138412032) = 0 [pid 11551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11548] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 11548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11548] close(3) = 0 [pid 11548] mkdir("./file0", 0777) = 0 [ 199.691893][T11548] loop5: detected capacity change from 0 to 32768 [ 199.726880][T11548] BTRFS: device /dev/loop5 using temp-fsid 0af85844-8e6a-4e04-8fc3-9c8bdbc77f01 [ 199.784007][T11548] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11548) [pid 11548] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11478] <... mount resumed>) = 0 [pid 11478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11478] chdir("./file0") = 0 [pid 11478] ioctl(4, LOOP_CLR_FD) = 0 [pid 11478] close(4) = 0 [pid 11478] open("./file0", O_RDONLY) = 4 [pid 11478] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11478] open("./file0", O_RDONLY) = 5 [pid 11478] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11478] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11478] exit_group(0) = ? [pid 11478] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11478, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [pid 5066] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./60/binderfs") = 0 [pid 5066] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11479] <... mount resumed>) = 0 [pid 11479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11479] chdir("./file0") = 0 [pid 11479] ioctl(4, LOOP_CLR_FD) = 0 [pid 11479] close(4) = 0 [pid 11479] open("./file0", O_RDONLY) = 4 [pid 11479] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11479] open("./file0", O_RDONLY) = 5 [pid 11479] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11479] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11479] exit_group(0) = ? [pid 11479] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11479, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./59/binderfs") = 0 [pid 5067] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11550] <... write resumed>) = 16777216 [pid 11548] <... mount resumed>) = 0 [pid 11548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11550] munmap(0x7fda9371b000, 138412032 [pid 11548] chdir("./file0") = 0 [pid 11548] ioctl(4, LOOP_CLR_FD) = 0 [pid 11548] close(4 [pid 11550] <... munmap resumed>) = 0 [pid 11548] <... close resumed>) = 0 [pid 11548] open("./file0", O_RDONLY [pid 11550] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11548] <... open resumed>) = 4 [pid 11550] <... openat resumed>) = 4 [pid 11550] ioctl(4, LOOP_SET_FD, 3 [pid 11548] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11550] <... ioctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./60/file0", [pid 11550] close(3) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11550] mkdir("./file0", 0777 [pid 5066] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 200.223727][T11550] loop4: detected capacity change from 0 to 32768 [pid 5066] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11550] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 11550] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11549] <... write resumed>) = 16777216 [pid 11548] <... ioctl resumed>) = 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11548] open("./file0", O_RDONLY [pid 5066] getdents64(4, [pid 11548] <... open resumed>) = 5 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11549] munmap(0x7fda9371b000, 138412032 [pid 5066] close(4 [pid 11548] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... close resumed>) = 0 [pid 11548] <... ioctl resumed>) = 0 [pid 5066] rmdir("./60/file0" [pid 11548] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... rmdir resumed>) = 0 [pid 11549] <... munmap resumed>) = 0 [pid 11548] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 11548] exit_group(0 [pid 5066] <... close resumed>) = 0 [pid 11548] <... exit_group resumed>) = ? [ 200.265085][T11550] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11550) [pid 11548] +++ exited with 0 +++ [pid 5066] rmdir("./60" [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11548, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [pid 5069] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] mkdir("./61", 0777 [pid 11549] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11551] <... write resumed>) = 16777216 [pid 11549] <... openat resumed>) = 4 [pid 5069] unlink("./60/binderfs") = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 11551] munmap(0x7fda9371b000, 138412032 [pid 11549] ioctl(4, LOOP_SET_FD, 3 [pid 5069] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 11551] <... munmap resumed>) = 0 [pid 5066] close(3 [pid 5067] <... umount2 resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5067] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 11603 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11551] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] close(4 [pid 11551] <... openat resumed>) = 4 [pid 11549] <... ioctl resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 11549] close(3 [pid 5067] rmdir("./59/file0" [pid 11549] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 11603 attached [pid 11549] mkdir("./file0", 0777 [ 200.344558][T11549] loop1: detected capacity change from 0 to 32768 [ 200.352715][T11550] _btrfs_printk: 87 callbacks suppressed [ 200.352729][T11550] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5067] getdents64(3, [pid 11603] set_robust_list(0x555557145760, 24 [pid 11551] ioctl(4, LOOP_SET_FD, 3 [pid 11549] <... mkdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11603] <... set_robust_list resumed>) = 0 [pid 5067] close(3 [pid 11603] chdir("./61" [pid 5067] <... close resumed>) = 0 [pid 11603] <... chdir resumed>) = 0 [pid 5067] rmdir("./59" [pid 11603] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... rmdir resumed>) = 0 [pid 11603] <... prctl resumed>) = 0 [pid 5067] mkdir("./60", 0777 [pid 11603] setpgid(0, 0 [pid 5067] <... mkdir resumed>) = 0 [pid 11603] <... setpgid resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... openat resumed>) = 3 [pid 11603] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 11603] write(3, "1000", 4 [pid 5067] <... ioctl resumed>) = 0 [pid 11603] <... write resumed>) = 4 [pid 5067] close(3 [pid 11603] close(3) = 0 [pid 5067] <... close resumed>) = 0 [pid 11603] symlink("/dev/binderfs", "./binderfs" [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11603] <... symlink resumed>) = 0 [pid 11549] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11603] memfd_create("syzkaller", 0 [pid 11551] <... ioctl resumed>) = 0 [pid 11551] close(3./strace-static-x86_64: Process 11604 attached [pid 11603] <... memfd_create resumed>) = 3 [pid 11551] <... close resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 11604 [pid 11551] mkdir("./file0", 0777 [pid 11604] set_robust_list(0x555557145760, 24 [pid 11603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11604] <... set_robust_list resumed>) = 0 [pid 11603] <... mmap resumed>) = 0x7fda9371b000 [pid 11551] <... mkdir resumed>) = 0 [pid 11604] chdir("./60" [pid 11551] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11604] <... chdir resumed>) = 0 [pid 11604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11604] setpgid(0, 0) = 0 [pid 11604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11604] write(3, "1000", 4) = 4 [pid 11604] close(3) = 0 [ 200.389204][T11551] loop0: detected capacity change from 0 to 32768 [ 200.397166][T11549] BTRFS: device /dev/loop1 using temp-fsid 91d4ee04-b515-4c00-99cc-bb25d4227017 [ 200.420813][T11550] BTRFS info (device loop4): force clearing of disk cache [pid 11604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11604] memfd_create("syzkaller", 0) = 3 [pid 11604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 200.434847][T11549] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11549) [ 200.450821][T11550] BTRFS info (device loop4): setting nodatasum [ 200.480824][T11550] BTRFS info (device loop4): allowing degraded mounts [ 200.501868][T11551] BTRFS: device /dev/loop0 using temp-fsid 0fbd590d-c97e-4413-a0bf-4ef343a9cb20 [ 200.509545][T11550] BTRFS info (device loop4): enabling disk space caching [ 200.520832][T11549] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 200.540534][T11550] BTRFS info (device loop4): disk space caching is enabled [ 200.548879][T11551] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11551) [ 200.561778][T11549] BTRFS info (device loop1): force clearing of disk cache [ 200.582300][T11549] BTRFS info (device loop1): setting nodatasum [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 200.594566][T11549] BTRFS info (device loop1): allowing degraded mounts [ 200.621005][T11551] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5069] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 200.649044][T11549] BTRFS info (device loop1): enabling disk space caching [ 200.656082][T11549] BTRFS info (device loop1): disk space caching is enabled [ 200.677448][T11551] BTRFS info (device loop0): force clearing of disk cache [pid 5069] close(4) = 0 [pid 5069] rmdir("./60/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./60") = 0 [pid 11603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] mkdir("./61", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11624 ./strace-static-x86_64: Process 11624 attached [pid 11624] set_robust_list(0x555557145760, 24) = 0 [ 200.748945][T11551] BTRFS info (device loop0): setting nodatasum [ 200.755123][T11551] BTRFS info (device loop0): allowing degraded mounts [ 200.765353][T11550] BTRFS info (device loop4): enabling ssd optimizations [pid 11624] chdir("./61") = 0 [ 200.798817][T11550] BTRFS info (device loop4): auto enabling async discard [pid 11624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11624] setpgid(0, 0) = 0 [pid 11624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11624] write(3, "1000", 4) = 4 [pid 11624] close(3) = 0 [ 200.840179][T11551] BTRFS info (device loop0): enabling disk space caching [ 200.847224][T11551] BTRFS info (device loop0): disk space caching is enabled [ 200.858301][T11550] BTRFS info (device loop4): rebuilding free space tree [pid 11624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11624] memfd_create("syzkaller", 0) = 3 [pid 11624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 200.937141][T11549] BTRFS info (device loop1): enabling ssd optimizations [ 200.945186][T11550] BTRFS info (device loop4): disabling free space tree [ 200.953017][T11549] BTRFS info (device loop1): auto enabling async discard [ 201.002374][T11550] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 201.019946][T11549] BTRFS info (device loop1): rebuilding free space tree [ 201.080285][T11550] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 201.095021][T11549] BTRFS info (device loop1): disabling free space tree [pid 11604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11550] <... mount resumed>) = 0 [pid 11550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11550] chdir("./file0") = 0 [pid 11550] ioctl(4, LOOP_CLR_FD) = 0 [ 201.150527][T11549] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 201.162059][T11550] BTRFS info (device loop4): checking UUID tree [ 201.177278][T11551] BTRFS info (device loop0): enabling ssd optimizations [pid 11550] close(4) = 0 [pid 11550] open("./file0", O_RDONLY) = 4 [pid 11603] <... write resumed>) = 16777216 [pid 11550] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11550] open("./file0", O_RDONLY) = 5 [pid 11603] munmap(0x7fda9371b000, 138412032 [pid 11550] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 201.212047][T11549] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 201.225504][T11551] BTRFS info (device loop0): auto enabling async discard [pid 11603] <... munmap resumed>) = 0 [pid 11550] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11550] exit_group(0) = ? [pid 11603] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11550] +++ exited with 0 +++ [pid 11603] close(3 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11550, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 11603] <... close resumed>) = 0 [pid 5068] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11603] mkdir("./file0", 0777 [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 11603] <... mkdir resumed>) = 0 [pid 11603] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 201.256044][T11551] BTRFS info (device loop0): rebuilding free space tree [ 201.269329][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 201.280908][T11603] loop2: detected capacity change from 0 to 32768 [ 201.280962][T11549] BTRFS info (device loop1): checking UUID tree [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./60/binderfs") = 0 [pid 5068] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11549] <... mount resumed>) = 0 [pid 11549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11549] chdir("./file0") = 0 [pid 11549] ioctl(4, LOOP_CLR_FD) = 0 [pid 11549] close(4) = 0 [pid 11549] open("./file0", O_RDONLY) = 4 [ 201.303399][T11603] BTRFS: device /dev/loop2 using temp-fsid 16ea92a1-aaf0-4b6b-968c-15fc4d606de4 [ 201.317925][T11551] BTRFS info (device loop0): disabling free space tree [ 201.325101][T11603] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11603) [ 201.326019][T11551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 11549] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11549] open("./file0", O_RDONLY) = 5 [pid 11549] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11549] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11549] exit_group(0) = ? [pid 11549] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11549, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [ 201.388849][T11603] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 201.408119][T11603] BTRFS info (device loop2): force clearing of disk cache [ 201.418482][ T2497] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 201.419819][T11551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 11604] <... write resumed>) = 16777216 [pid 5065] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11604] munmap(0x7fda9371b000, 138412032 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11604] <... munmap resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11604] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] <... openat resumed>) = 3 [pid 11604] <... openat resumed>) = 4 [pid 5065] newfstatat(3, "", [pid 11604] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11604] <... ioctl resumed>) = 0 [pid 5065] getdents64(3, [pid 11604] close(3) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11604] mkdir("./file0", 0777 [ 201.449288][T11603] BTRFS info (device loop2): setting nodatasum [ 201.455517][T11603] BTRFS info (device loop2): allowing degraded mounts [ 201.462799][T11603] BTRFS info (device loop2): enabling disk space caching [ 201.477855][T11603] BTRFS info (device loop2): disk space caching is enabled [ 201.491405][T11604] loop3: detected capacity change from 0 to 32768 [pid 5065] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11604] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11604] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] newfstatat(AT_FDCWD, "./60/binderfs", [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] unlink("./60/binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... unlink resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./60/file0", [pid 5065] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 11551] <... mount resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 11551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... close resumed>) = 0 [ 201.512316][T11551] BTRFS info (device loop0): checking UUID tree [ 201.534165][T11604] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11604) [pid 11551] <... openat resumed>) = 3 [pid 11551] chdir("./file0") = 0 [pid 11551] ioctl(4, LOOP_CLR_FD [pid 5068] rmdir("./60/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./60") = 0 [pid 5068] mkdir("./61", 0777) = 0 [pid 11551] <... ioctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 11551] close(4) = 0 [pid 11551] open("./file0", O_RDONLY) = 4 [pid 11551] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11670 attached [pid 11670] set_robust_list(0x555557145760, 24) = 0 [ 201.597039][T11604] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 11670] chdir("./61" [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 11670 [pid 11670] <... chdir resumed>) = 0 [pid 11670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11670] setpgid(0, 0) = 0 [pid 11551] <... ioctl resumed>) = 0 [pid 11670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11551] open("./file0", O_RDONLY [pid 11670] <... openat resumed>) = 3 [pid 11670] write(3, "1000", 4 [pid 11551] <... open resumed>) = 5 [pid 11670] <... write resumed>) = 4 [pid 11551] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11670] close(3) = 0 [pid 11670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11670] memfd_create("syzkaller", 0) = 3 [pid 11670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11551] <... ioctl resumed>) = 0 [pid 11551] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11624] <... write resumed>) = 16777216 [pid 11551] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11624] munmap(0x7fda9371b000, 138412032 [pid 11551] exit_group(0 [pid 11624] <... munmap resumed>) = 0 [pid 11551] <... exit_group resumed>) = ? [ 201.683964][T11604] BTRFS info (device loop3): force clearing of disk cache [ 201.709834][ T2497] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 201.712966][T11604] BTRFS info (device loop3): setting nodatasum [ 201.725666][T11604] BTRFS info (device loop3): allowing degraded mounts [pid 11624] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 11551] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11551, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5064] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./59/binderfs", [pid 11624] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11624] ioctl(4, LOOP_SET_FD, 3 [pid 5064] unlink("./59/binderfs") = 0 [pid 5064] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 201.732674][T11604] BTRFS info (device loop3): enabling disk space caching [ 201.740441][T11604] BTRFS info (device loop3): disk space caching is enabled [ 201.748281][T11624] loop5: detected capacity change from 0 to 32768 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./60/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./60" [pid 11624] <... ioctl resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 11624] close(3 [pid 5065] mkdir("./61", 0777 [pid 11624] <... close resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 11624] mkdir("./file0", 0777 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11624] <... mkdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 11624] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... ioctl resumed>) = 0 [ 201.811577][T11603] BTRFS info (device loop2): enabling ssd optimizations [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11682 attached [pid 11682] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 11682 [pid 11682] <... set_robust_list resumed>) = 0 [pid 11682] chdir("./61") = 0 [pid 11682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11682] setpgid(0, 0) = 0 [pid 11682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11682] write(3, "1000", 4) = 4 [pid 11682] close(3) = 0 [pid 11682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11682] memfd_create("syzkaller", 0) = 3 [pid 11682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 201.860479][T11624] BTRFS: device /dev/loop5 using temp-fsid dfe38ed9-c16b-4acd-a1ef-63b4c243f977 [ 201.887645][T11603] BTRFS info (device loop2): auto enabling async discard [ 201.910796][T11624] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11624) [ 201.942017][T11603] BTRFS info (device loop2): rebuilding free space tree [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 202.014838][T11624] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 202.025125][T11603] BTRFS info (device loop2): disabling free space tree [ 202.037380][T11603] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./59/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./59") = 0 [pid 5064] mkdir("./60", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [ 202.069873][T11624] BTRFS info (device loop5): force clearing of disk cache [ 202.077566][T11603] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 202.077741][T11604] BTRFS info (device loop3): enabling ssd optimizations [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 11690 ./strace-static-x86_64: Process 11690 attached [pid 11690] set_robust_list(0x555557145760, 24) = 0 [pid 11690] chdir("./60") = 0 [pid 11690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11690] setpgid(0, 0) = 0 [pid 11690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11690] write(3, "1000", 4) = 4 [pid 11690] close(3) = 0 [ 202.117713][T11603] BTRFS info (device loop2): checking UUID tree [ 202.120201][T11624] BTRFS info (device loop5): setting nodatasum [pid 11690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11690] memfd_create("syzkaller", 0) = 3 [pid 11690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11670] <... write resumed>) = 16777216 [ 202.161513][T11604] BTRFS info (device loop3): auto enabling async discard [ 202.168783][T11624] BTRFS info (device loop5): allowing degraded mounts [pid 11670] munmap(0x7fda9371b000, 138412032) = 0 [pid 11603] <... mount resumed>) = 0 [pid 11670] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11603] chdir("./file0" [pid 11670] <... openat resumed>) = 4 [pid 11603] <... chdir resumed>) = 0 [pid 11670] ioctl(4, LOOP_SET_FD, 3 [pid 11603] ioctl(4, LOOP_CLR_FD) = 0 [pid 11603] close(4) = 0 [ 202.209732][T11624] BTRFS info (device loop5): enabling disk space caching [ 202.220585][T11604] BTRFS info (device loop3): rebuilding free space tree [ 202.239719][T11624] BTRFS info (device loop5): disk space caching is enabled [ 202.242007][T11670] loop4: detected capacity change from 0 to 32768 [pid 11603] open("./file0", O_RDONLY) = 4 [pid 11603] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11603] open("./file0", O_RDONLY) = 5 [pid 11670] <... ioctl resumed>) = 0 [pid 11670] close(3 [pid 11603] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11670] <... close resumed>) = 0 [pid 11670] mkdir("./file0", 0777) = 0 [pid 11603] <... ioctl resumed>) = 0 [pid 11670] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 202.283531][T11604] BTRFS info (device loop3): disabling free space tree [ 202.316608][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 11603] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11603] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11603] exit_group(0) = ? [pid 11603] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11603, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5066] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 202.332090][T11604] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 202.343059][T11670] BTRFS: device /dev/loop4 using temp-fsid b256681e-2f93-4b78-b085-352066e1b5dc [pid 5066] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./61/binderfs") = 0 [ 202.387975][T11604] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 202.399467][T11670] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11670) [ 202.464978][T11670] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 202.476697][T11604] BTRFS info (device loop3): checking UUID tree [pid 5066] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11604] <... mount resumed>) = 0 [pid 11604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11604] chdir("./file0") = 0 [pid 11604] ioctl(4, LOOP_CLR_FD) = 0 [pid 11604] close(4) = 0 [ 202.519881][T11670] BTRFS info (device loop4): force clearing of disk cache [ 202.527179][T11624] BTRFS info (device loop5): enabling ssd optimizations [pid 11604] open("./file0", O_RDONLY) = 4 [pid 11604] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 202.566319][T11670] BTRFS info (device loop4): setting nodatasum [ 202.573581][T11624] BTRFS info (device loop5): auto enabling async discard [pid 11604] open("./file0", O_RDONLY) = 5 [pid 11604] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11682] <... write resumed>) = 16777216 [pid 11682] munmap(0x7fda9371b000, 138412032 [pid 11604] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./61/file0", [pid 11682] <... munmap resumed>) = 0 [pid 11604] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11604] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11604] exit_group(0 [ 202.618491][T11670] BTRFS info (device loop4): allowing degraded mounts [ 202.640313][T11624] BTRFS info (device loop5): rebuilding free space tree [ 202.660354][T11670] BTRFS info (device loop4): enabling disk space caching [pid 5066] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11604] <... exit_group resumed>) = ? [pid 5066] <... openat resumed>) = 4 [pid 11604] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 11690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 11682] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 11682] <... openat resumed>) = 4 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11604, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=40 /* 0.40 s */} --- [pid 5066] rmdir("./61/file0") = 0 [ 202.674065][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 202.685619][T11624] BTRFS info (device loop5): disabling free space tree [ 202.693111][T11624] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 202.703966][T11670] BTRFS info (device loop4): disk space caching is enabled [ 202.705106][T11624] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 11682] ioctl(4, LOOP_SET_FD, 3 [pid 5067] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./61" [pid 11682] <... ioctl resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... rmdir resumed>) = 0 [pid 11682] close(3) = 0 [pid 5067] <... openat resumed>) = 3 [pid 11682] mkdir("./file0", 0777 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] mkdir("./62", 0777 [pid 11682] <... mkdir resumed>) = 0 [pid 5067] getdents64(3, [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5067] newfstatat(AT_FDCWD, "./60/binderfs", [pid 5066] <... ioctl resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3 [pid 5067] unlink("./60/binderfs" [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11682] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 11710 attached [pid 5067] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11710] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 11710 [pid 11710] <... set_robust_list resumed>) = 0 [ 202.722152][T11682] loop1: detected capacity change from 0 to 32768 [ 202.742589][T11682] BTRFS: device /dev/loop1 using temp-fsid 2f5741c1-727b-416c-b084-8fedc78f4695 [ 202.751981][T11624] BTRFS info (device loop5): checking UUID tree [pid 11710] chdir("./62") = 0 [pid 11710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11710] setpgid(0, 0) = 0 [pid 11624] <... mount resumed>) = 0 [pid 11710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11710] <... openat resumed>) = 3 [pid 11624] <... openat resumed>) = 3 [pid 11624] chdir("./file0") = 0 [pid 11710] write(3, "1000", 4) = 4 [ 202.762224][T11682] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11682) [ 202.792158][T11682] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 202.807688][T11682] BTRFS info (device loop1): force clearing of disk cache [ 202.815604][T11682] BTRFS info (device loop1): setting nodatasum [pid 11624] ioctl(4, LOOP_CLR_FD [pid 11710] close(3 [pid 11624] <... ioctl resumed>) = 0 [pid 11710] <... close resumed>) = 0 [pid 11624] close(4 [pid 11710] symlink("/dev/binderfs", "./binderfs" [pid 11624] <... close resumed>) = 0 [pid 11710] <... symlink resumed>) = 0 [pid 11624] open("./file0", O_RDONLY [pid 11710] memfd_create("syzkaller", 0 [pid 11624] <... open resumed>) = 4 [pid 11624] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11710] <... memfd_create resumed>) = 3 [pid 11624] <... ioctl resumed>) = 0 [pid 11710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11624] open("./file0", O_RDONLY) = 5 [ 202.823443][T11682] BTRFS info (device loop1): allowing degraded mounts [ 202.832047][T11682] BTRFS info (device loop1): enabling disk space caching [ 202.839977][T11682] BTRFS info (device loop1): disk space caching is enabled [pid 11624] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11710] <... mmap resumed>) = 0x7fda9371b000 [pid 11624] <... ioctl resumed>) = 0 [pid 11624] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11624] exit_group(0) = ? [pid 11624] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11624, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [pid 5069] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5067] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./60/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./60") = 0 [pid 5067] mkdir("./61", 0777) = 0 [ 202.872057][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... openat resumed>) = 3 [pid 5069] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... ioctl resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5067] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... close resumed>) = 0 [pid 5069] unlink("./61/binderfs" [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 11734 ./strace-static-x86_64: Process 11734 attached [pid 11734] set_robust_list(0x555557145760, 24) = 0 [pid 11734] chdir("./61") = 0 [pid 11734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11734] setpgid(0, 0) = 0 [pid 11734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11734] write(3, "1000", 4) = 4 [pid 11734] close(3) = 0 [pid 11734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11734] memfd_create("syzkaller", 0) = 3 [pid 11734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 202.972784][T11670] BTRFS info (device loop4): enabling ssd optimizations [ 203.012294][T11670] BTRFS info (device loop4): auto enabling async discard [ 203.075076][T11682] BTRFS info (device loop1): enabling ssd optimizations [ 203.090286][T11670] BTRFS info (device loop4): rebuilding free space tree [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 11682] <... mount resumed>) = 0 [pid 11670] <... mount resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] getdents64(4, [pid 11670] <... openat resumed>) = 3 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11682] <... openat resumed>) = 3 [pid 5069] close(4) = 0 [pid 5069] rmdir("./61/file0" [pid 11670] chdir("./file0") = 0 [pid 11670] ioctl(4, LOOP_CLR_FD [pid 5069] <... rmdir resumed>) = 0 [pid 11670] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, [pid 11682] chdir("./file0" [pid 11670] close(4 [pid 11682] <... chdir resumed>) = 0 [pid 11670] <... close resumed>) = 0 [pid 11682] ioctl(4, LOOP_CLR_FD [pid 11670] open("./file0", O_RDONLY) = 4 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11682] <... ioctl resumed>) = 0 [pid 11682] close(4) = 0 [pid 11682] open("./file0", O_RDONLY) = 4 [pid 11682] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11670] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] close(3) = 0 [pid 5069] rmdir("./61") = 0 [pid 5069] mkdir("./62", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 11682] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 11682] open("./file0", O_RDONLY [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11682] <... open resumed>) = 5 [pid 11682] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] close(3 [pid 11682] <... ioctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 11682] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11682] exit_group(0 [pid 11670] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 11746 attached [pid 11682] <... exit_group resumed>) = ? [pid 11670] open("./file0", O_RDONLY) = 5 [pid 11746] set_robust_list(0x555557145760, 24) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 11746 [pid 11746] chdir("./62" [pid 11670] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11746] <... chdir resumed>) = 0 [pid 11682] +++ exited with 0 +++ [pid 11746] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11670] <... ioctl resumed>) = 0 [pid 11670] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11670] exit_group(0 [pid 11746] <... prctl resumed>) = 0 [pid 11670] <... exit_group resumed>) = ? [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11682, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [pid 11746] setpgid(0, 0 [pid 11670] +++ exited with 0 +++ [pid 11746] <... setpgid resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11670, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 11746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11746] write(3, "1000", 4 [pid 5068] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11746] <... write resumed>) = 4 [pid 11746] close(3 [pid 5068] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11746] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./61/binderfs") = 0 [pid 11746] symlink("/dev/binderfs", "./binderfs" [pid 5068] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 11746] <... symlink resumed>) = 0 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11746] memfd_create("syzkaller", 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11746] <... memfd_create resumed>) = 3 [pid 11746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11746] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./61/binderfs") = 0 [pid 11690] <... write resumed>) = 16777216 [pid 5065] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11690] munmap(0x7fda9371b000, 138412032) = 0 [pid 11690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11690] ioctl(4, LOOP_SET_FD, 3 [ 203.505685][T11690] loop0: detected capacity change from 0 to 32768 [pid 11734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11690] <... ioctl resumed>) = 0 [pid 11690] close(3) = 0 [pid 11690] mkdir("./file0", 0777) = 0 [ 203.602641][T11690] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11690) [pid 11690] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(4, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./61/file0", [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] close(4 [pid 5068] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./61/file0" [pid 5068] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5065] getdents64(3, [pid 5068] newfstatat(4, "", [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(3 [pid 5068] getdents64(4, [pid 5065] <... close resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] rmdir("./61" [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./61/file0") = 0 [pid 5065] mkdir("./62", 0777 [pid 5068] getdents64(3, [pid 5065] <... mkdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./61" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] <... rmdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 5068] mkdir("./62", 0777 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 11760 attached [pid 11760] set_robust_list(0x555557145760, 24 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11760] <... set_robust_list resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 11760] chdir("./62" [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 11760 [pid 11760] <... chdir resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 11760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] close(3 [pid 11760] setpgid(0, 0 [pid 5068] <... close resumed>) = 0 [pid 11760] <... setpgid resumed>) = 0 [pid 11760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11760] <... openat resumed>) = 3 [pid 11760] write(3, "1000", 4) = 4 [pid 11760] close(3./strace-static-x86_64: Process 11761 attached ) = 0 [pid 11761] set_robust_list(0x555557145760, 24 [pid 11760] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 11761 [pid 11760] <... symlink resumed>) = 0 [pid 11761] <... set_robust_list resumed>) = 0 [pid 11761] chdir("./62" [pid 11760] memfd_create("syzkaller", 0 [pid 11761] <... chdir resumed>) = 0 [pid 11761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11760] <... memfd_create resumed>) = 3 [pid 11761] setpgid(0, 0 [pid 11760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11761] <... setpgid resumed>) = 0 [pid 11760] <... mmap resumed>) = 0x7fda9371b000 [pid 11761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11761] write(3, "1000", 4) = 4 [pid 11761] close(3) = 0 [pid 11761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11761] memfd_create("syzkaller", 0) = 3 [pid 11761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11690] <... mount resumed>) = 0 [pid 11690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11690] chdir("./file0") = 0 [pid 11690] ioctl(4, LOOP_CLR_FD) = 0 [pid 11690] close(4) = 0 [pid 11690] open("./file0", O_RDONLY) = 4 [pid 11690] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11734] <... write resumed>) = 16777216 [pid 11734] munmap(0x7fda9371b000, 138412032) = 0 [pid 11690] <... ioctl resumed>) = 0 [pid 11690] open("./file0", O_RDONLY) = 5 [pid 11690] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11690] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11690] exit_group(0) = ? [pid 11690] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11690, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 11734] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./60/binderfs") = 0 [pid 11734] <... openat resumed>) = 4 [pid 5064] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11734] close(3) = 0 [pid 11734] mkdir("./file0", 0777) = 0 [ 204.127212][T11734] loop3: detected capacity change from 0 to 32768 [ 204.168070][T11734] BTRFS: device /dev/loop3 using temp-fsid d4bf3bc8-72f0-498e-ac81-48e82f93b3cf [pid 11734] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11710] <... write resumed>) = 16777216 [ 204.209255][T11734] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11734) [pid 11710] munmap(0x7fda9371b000, 138412032) = 0 [pid 11710] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11710] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 204.315767][T11710] loop2: detected capacity change from 0 to 32768 [pid 11710] <... ioctl resumed>) = 0 [pid 5064] close(4) = 0 [pid 11710] close(3 [pid 5064] rmdir("./60/file0" [pid 11710] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 11710] mkdir("./file0", 0777 [pid 5064] getdents64(3, [pid 11710] <... mkdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 11710] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./60") = 0 [pid 5064] mkdir("./61", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 11781 ./strace-static-x86_64: Process 11781 attached [pid 11781] set_robust_list(0x555557145760, 24) = 0 [pid 11781] chdir("./61") = 0 [pid 11781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11781] setpgid(0, 0) = 0 [ 204.383876][T11710] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11710) [pid 11781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11781] write(3, "1000", 4) = 4 [pid 11781] close(3) = 0 [pid 11781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11781] memfd_create("syzkaller", 0) = 3 [pid 11781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11746] <... write resumed>) = 16777216 [pid 11746] munmap(0x7fda9371b000, 138412032) = 0 [pid 11746] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 11746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11746] close(3) = 0 [pid 11746] mkdir("./file0", 0777) = 0 [ 204.521865][T11746] loop5: detected capacity change from 0 to 32768 [ 204.569546][T11746] BTRFS: device /dev/loop5 using temp-fsid 3d589584-ec5b-4825-a07c-a9729a422167 [ 204.578606][T11746] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11746) [pid 11746] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11734] <... mount resumed>) = 0 [pid 11734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11734] chdir("./file0") = 0 [pid 11734] ioctl(4, LOOP_CLR_FD) = 0 [pid 11734] close(4) = 0 [pid 11734] open("./file0", O_RDONLY) = 4 [pid 11734] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11734] open("./file0", O_RDONLY) = 5 [pid 11734] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11734] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11734] exit_group(0) = ? [pid 11734] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11734, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5067] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./61/binderfs") = 0 [pid 5067] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11710] <... mount resumed>) = 0 [pid 11710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11710] chdir("./file0") = 0 [pid 11710] ioctl(4, LOOP_CLR_FD) = 0 [pid 11710] close(4) = 0 [pid 11710] open("./file0", O_RDONLY) = 4 [pid 11710] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11710] open("./file0", O_RDONLY) = 5 [pid 11710] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11710] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11710] exit_group(0) = ? [pid 11710] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11710, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5066] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./62/binderfs") = 0 [pid 5066] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11760] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 11760] munmap(0x7fda9371b000, 138412032 [pid 11746] <... mount resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11760] <... munmap resumed>) = 0 [pid 11746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 11746] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 11746] chdir("./file0" [pid 5067] rmdir("./61/file0" [pid 11746] <... chdir resumed>) = 0 [pid 11746] ioctl(4, LOOP_CLR_FD [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, [pid 11746] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11760] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11746] close(4 [pid 5067] close(3) = 0 [pid 11746] <... close resumed>) = 0 [pid 11760] ioctl(4, LOOP_SET_FD, 3 [pid 11746] open("./file0", O_RDONLY [pid 5067] rmdir("./61" [pid 11746] <... open resumed>) = 4 [pid 11746] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./62", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11819 attached [pid 11761] <... write resumed>) = 16777216 [pid 11819] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 11819 [pid 11819] <... set_robust_list resumed>) = 0 [pid 11819] chdir("./62") = 0 [ 204.995459][T11760] loop1: detected capacity change from 0 to 32768 [pid 11819] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11761] munmap(0x7fda9371b000, 138412032 [pid 11760] <... ioctl resumed>) = 0 [pid 11746] <... ioctl resumed>) = 0 [pid 11819] <... prctl resumed>) = 0 [pid 11760] close(3 [pid 11746] open("./file0", O_RDONLY [pid 11819] setpgid(0, 0 [pid 11760] <... close resumed>) = 0 [pid 11746] <... open resumed>) = 5 [pid 11819] <... setpgid resumed>) = 0 [pid 11760] mkdir("./file0", 0777 [pid 11746] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11760] <... mkdir resumed>) = 0 [pid 11819] <... openat resumed>) = 3 [pid 11761] <... munmap resumed>) = 0 [pid 11760] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11819] write(3, "1000", 4) = 4 [pid 11746] <... ioctl resumed>) = 0 [pid 11746] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11761] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11746] exit_group(0 [pid 11761] <... openat resumed>) = 4 [pid 11746] <... exit_group resumed>) = ? [pid 11746] +++ exited with 0 +++ [pid 11761] ioctl(4, LOOP_SET_FD, 3 [pid 11819] close(3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11746, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- [pid 11819] <... close resumed>) = 0 [pid 11819] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11819] <... symlink resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./62/file0", [pid 11819] memfd_create("syzkaller", 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11819] <... memfd_create resumed>) = 3 [pid 5069] <... openat resumed>) = 3 [pid 5066] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(3, "", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5069] getdents64(3, [pid 11819] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] newfstatat(4, "", [pid 5069] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] newfstatat(AT_FDCWD, "./62/binderfs", [pid 11761] <... ioctl resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(4, [pid 11761] close(3 [pid 5069] unlink("./62/binderfs" [pid 11761] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 11761] mkdir("./file0", 0777 [pid 5069] <... unlink resumed>) = 0 [pid 5066] close(4 [pid 11761] <... mkdir resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 11761] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] rmdir("./62/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./62") = 0 [pid 5066] mkdir("./63", 0777) = 0 [pid 5069] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 205.069931][T11760] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11760) [ 205.088264][T11761] loop4: detected capacity change from 0 to 32768 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11820 attached , child_tidptr=0x555557145750) = 11820 [pid 11820] set_robust_list(0x555557145760, 24) = 0 [pid 11820] chdir("./63") = 0 [pid 11820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11820] setpgid(0, 0) = 0 [pid 11820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11820] write(3, "1000", 4) = 4 [pid 11820] close(3) = 0 [pid 11820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11820] memfd_create("syzkaller", 0) = 3 [pid 11820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 205.136141][T11761] BTRFS: device /dev/loop4 using temp-fsid 901b3827-16bb-4d9e-a48c-de0aa93cb095 [ 205.172655][T11761] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11761) [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./62/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11781] <... write resumed>) = 16777216 [pid 5069] close(3) = 0 [ 205.371473][T11760] _btrfs_printk: 80 callbacks suppressed [ 205.371488][T11760] BTRFS info (device loop1): enabling ssd optimizations [pid 5069] rmdir("./62" [pid 11781] munmap(0x7fda9371b000, 138412032 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./63", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11850 attached [pid 11850] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 11850 [pid 11850] <... set_robust_list resumed>) = 0 [pid 11781] <... munmap resumed>) = 0 [pid 11850] chdir("./63") = 0 [pid 11850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11850] setpgid(0, 0) = 0 [pid 11850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11850] write(3, "1000", 4) = 4 [pid 11850] close(3 [pid 11781] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11850] <... close resumed>) = 0 [pid 11781] <... openat resumed>) = 4 [pid 11850] symlink("/dev/binderfs", "./binderfs" [pid 11781] ioctl(4, LOOP_SET_FD, 3 [pid 11850] <... symlink resumed>) = 0 [pid 11850] memfd_create("syzkaller", 0) = 3 [pid 11850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 205.498836][T11760] BTRFS info (device loop1): auto enabling async discard [ 205.508289][T11781] loop0: detected capacity change from 0 to 32768 [ 205.538819][T11761] BTRFS info (device loop4): enabling ssd optimizations [pid 11781] <... ioctl resumed>) = 0 [pid 11781] close(3) = 0 [pid 11819] <... write resumed>) = 16777216 [pid 11781] mkdir("./file0", 0777 [pid 11819] munmap(0x7fda9371b000, 138412032 [pid 11781] <... mkdir resumed>) = 0 [ 205.545763][T11761] BTRFS info (device loop4): auto enabling async discard [ 205.557608][T11760] BTRFS info (device loop1): rebuilding free space tree [pid 11781] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11819] <... munmap resumed>) = 0 [pid 11819] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 205.608857][T11781] BTRFS: device /dev/loop0 using temp-fsid 9f4fffcb-f959-4317-8bc0-478d3d830fd4 [ 205.621555][T11781] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11781) [ 205.621587][T11819] loop3: detected capacity change from 0 to 32768 [pid 11819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11819] close(3) = 0 [ 205.659303][T11761] BTRFS info (device loop4): rebuilding free space tree [ 205.689288][T11761] BTRFS info (device loop4): disabling free space tree [ 205.689545][T11760] BTRFS info (device loop1): disabling free space tree [pid 11819] mkdir("./file0", 0777) = 0 [ 205.696356][T11761] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 205.731900][T11819] BTRFS: device /dev/loop3 using temp-fsid 6b7d2631-269c-47b5-86fe-619646adae70 [ 205.736042][T11781] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 205.751072][T11819] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11819) [ 205.759502][T11760] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 205.774276][T11761] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 205.810144][T11781] BTRFS info (device loop0): force clearing of disk cache [ 205.829415][T11781] BTRFS info (device loop0): setting nodatasum [ 205.835587][T11781] BTRFS info (device loop0): allowing degraded mounts [ 205.843566][T11760] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 205.844538][T11761] BTRFS info (device loop4): checking UUID tree [ 205.866310][T11819] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 205.894626][T11781] BTRFS info (device loop0): enabling disk space caching [ 205.896663][T11819] BTRFS info (device loop3): force clearing of disk cache [pid 11819] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11760] <... mount resumed>) = 0 [pid 11760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11760] chdir("./file0") = 0 [pid 11760] ioctl(4, LOOP_CLR_FD) = 0 [pid 11760] close(4) = 0 [pid 11760] open("./file0", O_RDONLY) = 4 [ 205.910868][T11760] BTRFS info (device loop1): checking UUID tree [ 205.926708][T11781] BTRFS info (device loop0): disk space caching is enabled [pid 11760] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11761] <... mount resumed>) = 0 [pid 11761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11820] <... write resumed>) = 16777216 [pid 11761] <... openat resumed>) = 3 [pid 11820] munmap(0x7fda9371b000, 138412032 [pid 11761] chdir("./file0") = 0 [pid 11761] ioctl(4, LOOP_CLR_FD [pid 11820] <... munmap resumed>) = 0 [pid 11761] <... ioctl resumed>) = 0 [pid 11761] close(4) = 0 [pid 11761] open("./file0", O_RDONLY [pid 11760] <... ioctl resumed>) = 0 [pid 11820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11761] <... open resumed>) = 4 [pid 11761] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11820] <... openat resumed>) = 4 [pid 11760] open("./file0", O_RDONLY) = 5 [ 205.959262][T11819] BTRFS info (device loop3): setting nodatasum [ 205.965428][T11819] BTRFS info (device loop3): allowing degraded mounts [pid 11760] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11820] ioctl(4, LOOP_SET_FD, 3 [pid 11760] <... ioctl resumed>) = 0 [pid 11760] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 206.007914][T11820] loop2: detected capacity change from 0 to 32768 [pid 11760] exit_group(0) = ? [pid 11760] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11760, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./62/binderfs") = 0 [pid 5065] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11820] <... ioctl resumed>) = 0 [pid 11761] <... ioctl resumed>) = 0 [pid 11820] close(3 [pid 11761] open("./file0", O_RDONLY [pid 11820] <... close resumed>) = 0 [pid 11761] <... open resumed>) = 5 [pid 11820] mkdir("./file0", 0777 [pid 11761] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11820] <... mkdir resumed>) = 0 [ 206.061540][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 206.069206][T11819] BTRFS info (device loop3): enabling disk space caching [ 206.083935][T11819] BTRFS info (device loop3): disk space caching is enabled [pid 11820] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11761] <... ioctl resumed>) = 0 [pid 11761] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11761] exit_group(0) = ? [pid 11761] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11761, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5068] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 206.123111][ T42] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 206.154620][T11820] BTRFS: device /dev/loop2 using temp-fsid b6f39475-3209-474d-b6da-9311d15158d4 [pid 5068] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./62/binderfs") = 0 [pid 5068] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 206.195859][T11820] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11820) [ 206.229730][T11820] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./62/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./62") = 0 [pid 5065] mkdir("./63", 0777) = 0 [ 206.305083][T11820] BTRFS info (device loop2): force clearing of disk cache [ 206.319297][T11819] BTRFS info (device loop3): enabling ssd optimizations [ 206.326434][T11819] BTRFS info (device loop3): auto enabling async discard [ 206.326673][T11781] BTRFS info (device loop0): enabling ssd optimizations [ 206.347109][T11819] BTRFS info (device loop3): rebuilding free space tree [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11888 attached [pid 11888] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 11888 [pid 11888] <... set_robust_list resumed>) = 0 [pid 11888] chdir("./63") = 0 [pid 11888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11888] setpgid(0, 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 206.357579][T11820] BTRFS info (device loop2): setting nodatasum [ 206.389936][T11820] BTRFS info (device loop2): allowing degraded mounts [ 206.400183][T11819] BTRFS info (device loop3): disabling free space tree [pid 11888] <... setpgid resumed>) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 11888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] rmdir("./62/file0" [pid 11888] <... openat resumed>) = 3 [pid 5068] <... rmdir resumed>) = 0 [pid 11888] write(3, "1000", 4 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./62") = 0 [pid 11888] <... write resumed>) = 4 [pid 5068] mkdir("./63", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11889 attached , child_tidptr=0x555557145750) = 11889 [pid 11889] set_robust_list(0x555557145760, 24) = 0 [ 206.407869][T11819] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 206.424950][T11781] BTRFS info (device loop0): auto enabling async discard [ 206.441114][T11820] BTRFS info (device loop2): enabling disk space caching [ 206.442617][T11819] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 11889] chdir("./63") = 0 [pid 11888] close(3) = 0 [pid 11888] symlink("/dev/binderfs", "./binderfs" [pid 11889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11888] <... symlink resumed>) = 0 [pid 11888] memfd_create("syzkaller", 0 [pid 11889] <... prctl resumed>) = 0 [pid 11889] setpgid(0, 0) = 0 [pid 11889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11888] <... memfd_create resumed>) = 3 [pid 11889] write(3, "1000", 4 [pid 11888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11889] <... write resumed>) = 4 [pid 11888] <... mmap resumed>) = 0x7fda9371b000 [pid 11889] close(3 [pid 11850] <... write resumed>) = 16777216 [pid 11889] <... close resumed>) = 0 [pid 11889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11889] memfd_create("syzkaller", 0) = 3 [pid 11889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11850] munmap(0x7fda9371b000, 138412032 [pid 11889] <... mmap resumed>) = 0x7fda9371b000 [ 206.480373][T11781] BTRFS info (device loop0): rebuilding free space tree [ 206.489374][T11820] BTRFS info (device loop2): disk space caching is enabled [pid 11850] <... munmap resumed>) = 0 [pid 11850] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 206.548912][T11781] BTRFS info (device loop0): disabling free space tree [ 206.555814][T11781] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 206.579207][T11819] BTRFS info (device loop3): checking UUID tree [pid 11850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11850] close(3) = 0 [pid 11850] mkdir("./file0", 0777) = 0 [ 206.609814][T11850] loop5: detected capacity change from 0 to 32768 [ 206.643698][T11781] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 11850] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11819] <... mount resumed>) = 0 [pid 11819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11819] chdir("./file0") = 0 [pid 11819] ioctl(4, LOOP_CLR_FD) = 0 [ 206.679443][T11850] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11850) [pid 11819] close(4) = 0 [pid 11819] open("./file0", O_RDONLY) = 4 [pid 11819] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 206.751709][T11781] BTRFS info (device loop0): checking UUID tree [ 206.790116][T11850] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 11819] open("./file0", O_RDONLY) = 5 [pid 11819] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11781] <... mount resumed>) = 0 [pid 11781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11819] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 11781] chdir("./file0" [pid 11819] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11781] <... chdir resumed>) = 0 [pid 11819] exit_group(0 [pid 11781] ioctl(4, LOOP_CLR_FD) = 0 [pid 11781] close(4 [pid 11819] <... exit_group resumed>) = ? [pid 11781] <... close resumed>) = 0 [pid 11819] +++ exited with 0 +++ [pid 11781] open("./file0", O_RDONLY [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11819, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 11781] <... open resumed>) = 4 [pid 5067] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 11781] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 206.839291][T11820] BTRFS info (device loop2): enabling ssd optimizations [ 206.862664][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 206.874002][T11850] BTRFS info (device loop5): force clearing of disk cache [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./62/binderfs") = 0 [pid 5067] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11781] <... ioctl resumed>) = 0 [pid 11781] open("./file0", O_RDONLY) = 5 [pid 11781] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11781] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11781] exit_group(0) = ? [pid 11781] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11781, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- [pid 5064] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 206.900127][T11820] BTRFS info (device loop2): auto enabling async discard [ 206.927391][T11820] BTRFS info (device loop2): rebuilding free space tree [ 206.930344][T11850] BTRFS info (device loop5): setting nodatasum [pid 5064] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./61/binderfs") = 0 [ 206.960830][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 206.982362][T11850] BTRFS info (device loop5): allowing degraded mounts [ 206.999310][T11820] BTRFS info (device loop2): disabling free space tree [ 206.999530][T11850] BTRFS info (device loop5): enabling disk space caching [ 207.006206][T11820] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 207.050000][T11850] BTRFS info (device loop5): disk space caching is enabled [pid 5064] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 207.119789][T11820] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] close(4) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5064] rmdir("./61/file0" [pid 5067] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(3) = 0 [pid 5064] rmdir("./61" [pid 5067] newfstatat(AT_FDCWD, "./62/file0", [pid 5064] <... rmdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11820] <... mount resumed>) = 0 [pid 5067] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] mkdir("./62", 0777 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] <... openat resumed>) = 4 [pid 11820] chdir("./file0" [pid 5067] newfstatat(4, "", [pid 5064] <... mkdir resumed>) = 0 [pid 11820] <... chdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11820] ioctl(4, LOOP_CLR_FD [pid 5067] getdents64(4, [pid 11820] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 11820] close(4 [pid 5067] getdents64(4, [pid 11820] <... close resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11820] open("./file0", O_RDONLY [ 207.193677][T11820] BTRFS info (device loop2): checking UUID tree [pid 5067] close(4 [pid 11820] <... open resumed>) = 4 [pid 5067] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5067] rmdir("./62/file0" [pid 5064] ioctl(3, LOOP_CLR_FD [pid 11820] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... rmdir resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5067] getdents64(3, [ 207.252761][T11850] BTRFS info (device loop5): enabling ssd optimizations [pid 5064] close(3 [pid 11888] <... write resumed>) = 16777216 [pid 11820] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 11820] open("./file0", O_RDONLY [pid 11888] munmap(0x7fda9371b000, 138412032 [pid 11820] <... open resumed>) = 5 [pid 5067] close(3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11888] <... munmap resumed>) = 0 [pid 11820] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] <... close resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 11925 [pid 5067] rmdir("./62" [pid 11820] <... ioctl resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 11888] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11820] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] mkdir("./63", 0777 [pid 11820] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11820] exit_group(0./strace-static-x86_64: Process 11925 attached [pid 11888] <... openat resumed>) = 4 [pid 11820] <... exit_group resumed>) = ? [pid 5067] <... mkdir resumed>) = 0 [pid 11925] set_robust_list(0x555557145760, 24) = 0 [pid 11888] ioctl(4, LOOP_SET_FD, 3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11925] chdir("./62" [pid 5067] <... openat resumed>) = 3 [pid 11925] <... chdir resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3 [pid 11925] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11888] <... ioctl resumed>) = 0 [pid 11820] +++ exited with 0 +++ [pid 5067] <... close resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11820, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [ 207.302915][T11850] BTRFS info (device loop5): auto enabling async discard [ 207.311736][T11850] BTRFS info (device loop5): rebuilding free space tree [ 207.332595][ T2497] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 207.344769][T11888] loop1: detected capacity change from 0 to 32768 [pid 11925] <... prctl resumed>) = 0 [pid 11925] setpgid(0, 0) = 0 [pid 11925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11925] write(3, "1000", 4) = 4 [pid 11925] close(3) = 0 [pid 11925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11925] memfd_create("syzkaller", 0) = 3 [pid 11925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11888] close(3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", ./strace-static-x86_64: Process 11926 attached [pid 11888] <... close resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 11926 [pid 11926] set_robust_list(0x555557145760, 24 [pid 11889] <... write resumed>) = 16777216 [pid 11888] mkdir("./file0", 0777 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11926] <... set_robust_list resumed>) = 0 [pid 5066] getdents64(3, [pid 11888] <... mkdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11926] chdir("./63" [pid 11888] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11926] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./63/binderfs", [ 207.370767][T11850] BTRFS info (device loop5): disabling free space tree [ 207.377744][T11850] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 207.408900][T11850] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 11926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./63/binderfs" [pid 11926] setpgid(0, 0) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 11926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11926] <... openat resumed>) = 3 [pid 11926] write(3, "1000", 4 [pid 11889] munmap(0x7fda9371b000, 138412032 [pid 11926] <... write resumed>) = 4 [pid 11889] <... munmap resumed>) = 0 [pid 11926] close(3) = 0 [ 207.427977][T11888] BTRFS: device /dev/loop1 using temp-fsid 562391f1-b4be-432c-9197-a6dbcadbaa68 [ 207.438829][T11888] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11888) [ 207.458375][T11850] BTRFS info (device loop5): checking UUID tree [pid 11926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11889] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11926] memfd_create("syzkaller", 0 [pid 11889] <... openat resumed>) = 4 [pid 11926] <... memfd_create resumed>) = 3 [pid 11889] ioctl(4, LOOP_SET_FD, 3 [pid 11926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 207.480231][T11888] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 207.494895][T11889] loop4: detected capacity change from 0 to 32768 [pid 11889] <... ioctl resumed>) = 0 [pid 11889] close(3) = 0 [pid 11889] mkdir("./file0", 0777 [pid 11850] <... mount resumed>) = 0 [pid 11850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11889] <... mkdir resumed>) = 0 [pid 11850] <... openat resumed>) = 3 [pid 11850] chdir("./file0") = 0 [pid 11889] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11850] ioctl(4, LOOP_CLR_FD) = 0 [pid 11850] close(4) = 0 [pid 11850] open("./file0", O_RDONLY) = 4 [ 207.529719][T11888] BTRFS info (device loop1): force clearing of disk cache [ 207.559538][T11888] BTRFS info (device loop1): setting nodatasum [pid 11850] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11850] open("./file0", O_RDONLY) = 5 [pid 11850] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11850] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11850] exit_group(0 [pid 5066] <... umount2 resumed>) = 0 [pid 11850] <... exit_group resumed>) = ? [pid 11850] +++ exited with 0 +++ [pid 5066] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11850, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=39 /* 0.39 s */} --- [ 207.588959][T11889] BTRFS: device /dev/loop4 using temp-fsid f4b54e8c-6831-442e-b23f-5d22c6a063d5 [ 207.590399][T11888] BTRFS info (device loop1): allowing degraded mounts [ 207.598021][T11889] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (11889) [pid 5066] newfstatat(AT_FDCWD, "./63/file0", [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... restart_syscall resumed>) = 0 [pid 5066] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] newfstatat(4, "", [pid 5069] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] newfstatat(3, "", [pid 5066] getdents64(4, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5066] rmdir("./63/file0" [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] unlink("./63/binderfs" [pid 5066] close(3) = 0 [pid 5066] rmdir("./63") = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5066] mkdir("./64", 0777) = 0 [pid 5069] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [ 207.634757][T11889] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 207.638469][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 207.656003][T11889] BTRFS info (device loop4): force clearing of disk cache [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11929 attached , child_tidptr=0x555557145750) = 11929 [pid 11929] set_robust_list(0x555557145760, 24) = 0 [pid 11929] chdir("./64") = 0 [pid 11929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11929] setpgid(0, 0) = 0 [pid 11929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11929] write(3, "1000", 4) = 4 [pid 11929] close(3) = 0 [pid 11925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11929] symlink("/dev/binderfs", "./binderfs") = 0 [ 207.689265][T11889] BTRFS info (device loop4): setting nodatasum [ 207.716964][T11888] BTRFS info (device loop1): enabling disk space caching [ 207.719579][T11889] BTRFS info (device loop4): allowing degraded mounts [pid 11929] memfd_create("syzkaller", 0) = 3 [pid 11929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 207.758829][T11888] BTRFS info (device loop1): disk space caching is enabled [ 207.760965][T11889] BTRFS info (device loop4): enabling disk space caching [ 207.805053][T11889] BTRFS info (device loop4): disk space caching is enabled [pid 11926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./63/file0") = 0 [ 207.990941][T11888] BTRFS info (device loop1): enabling ssd optimizations [ 207.997993][T11888] BTRFS info (device loop1): auto enabling async discard [ 208.022593][T11888] BTRFS info (device loop1): rebuilding free space tree [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./63") = 0 [ 208.051652][T11889] BTRFS info (device loop4): enabling ssd optimizations [ 208.059862][T11888] BTRFS info (device loop1): disabling free space tree [ 208.078817][T11888] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 208.088483][T11888] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5069] mkdir("./64", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [ 208.109056][T11889] BTRFS info (device loop4): auto enabling async discard [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11961 attached [pid 11961] set_robust_list(0x555557145760, 24) = 0 [pid 11961] chdir("./64" [pid 11926] <... write resumed>) = 16777216 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 11961 [pid 11926] munmap(0x7fda9371b000, 138412032 [pid 11961] <... chdir resumed>) = 0 [pid 11961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11961] setpgid(0, 0) = 0 [pid 11961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11961] write(3, "1000", 4) = 4 [pid 11961] close(3) = 0 [pid 11926] <... munmap resumed>) = 0 [pid 11961] symlink("/dev/binderfs", "./binderfs") = 0 [ 208.169635][T11889] BTRFS info (device loop4): rebuilding free space tree [ 208.193569][T11888] BTRFS info (device loop1): checking UUID tree [ 208.211551][T11889] BTRFS info (device loop4): disabling free space tree [pid 11961] memfd_create("syzkaller", 0) = 3 [pid 11961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11926] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11961] <... mmap resumed>) = 0x7fda9371b000 [pid 11926] ioctl(4, LOOP_SET_FD, 3 [pid 11888] <... mount resumed>) = 0 [pid 11888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11888] chdir("./file0") = 0 [pid 11888] ioctl(4, LOOP_CLR_FD) = 0 [pid 11888] close(4) = 0 [pid 11888] open("./file0", O_RDONLY) = 4 [pid 11888] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11888] open("./file0", O_RDONLY) = 5 [pid 11888] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11888] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11888] exit_group(0) = ? [pid 11888] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11888, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5065] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 208.250749][T11889] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 208.269252][T11926] loop3: detected capacity change from 0 to 32768 [pid 5065] newfstatat(3, "", [pid 11926] <... ioctl resumed>) = 0 [pid 11929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11926] close(3 [pid 5065] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11926] <... close resumed>) = 0 [pid 11926] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./63/binderfs" [pid 11926] <... mkdir resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 208.318824][T11889] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 208.335175][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 11926] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11925] <... write resumed>) = 16777216 [pid 11925] munmap(0x7fda9371b000, 138412032) = 0 [pid 11925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11925] ioctl(4, LOOP_SET_FD, 3 [pid 11889] <... mount resumed>) = 0 [pid 11889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11925] <... ioctl resumed>) = 0 [pid 11889] <... openat resumed>) = 3 [pid 11925] close(3) = 0 [pid 11889] chdir("./file0" [pid 11925] mkdir("./file0", 0777) = 0 [pid 11889] <... chdir resumed>) = 0 [ 208.358880][T11926] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (11926) [ 208.379668][T11889] BTRFS info (device loop4): checking UUID tree [ 208.400694][T11925] loop0: detected capacity change from 0 to 32768 [pid 11925] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11889] ioctl(4, LOOP_CLR_FD) = 0 [pid 11889] close(4) = 0 [pid 11889] open("./file0", O_RDONLY) = 4 [ 208.436950][T11926] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 208.459406][T11925] BTRFS: device /dev/loop0 using temp-fsid b445f019-6eb1-428d-9912-8bb3b36e942d [pid 11889] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 11889] open("./file0", O_RDONLY) = 5 [pid 11889] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11889] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 208.500167][T11925] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (11925) [pid 11889] exit_group(0) = ? [pid 11889] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11889, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5068] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./63/binderfs") = 0 [pid 5068] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./63/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./63") = 0 [pid 5065] mkdir("./64", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11990 attached [pid 11990] set_robust_list(0x555557145760, 24) = 0 [pid 11990] chdir("./64") = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 11990 [pid 11990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11990] setpgid(0, 0) = 0 [pid 11990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11990] write(3, "1000", 4) = 4 [pid 11990] close(3) = 0 [pid 11990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11990] memfd_create("syzkaller", 0) = 3 [pid 11990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 11925] <... mount resumed>) = 0 [pid 11925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11925] chdir("./file0") = 0 [pid 11925] ioctl(4, LOOP_CLR_FD) = 0 [pid 11925] close(4) = 0 [pid 11925] open("./file0", O_RDONLY) = 4 [pid 11925] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 11926] <... mount resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./63/file0" [pid 11926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... rmdir resumed>) = 0 [pid 11926] <... openat resumed>) = 3 [pid 5068] getdents64(3, [pid 11926] chdir("./file0" [pid 11925] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 11926] <... chdir resumed>) = 0 [pid 11925] open("./file0", O_RDONLY [pid 5068] close(3 [pid 11926] ioctl(4, LOOP_CLR_FD [pid 11925] <... open resumed>) = 5 [pid 5068] <... close resumed>) = 0 [pid 11926] <... ioctl resumed>) = 0 [pid 11925] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] rmdir("./63" [pid 11926] close(4 [pid 11925] <... ioctl resumed>) = 0 [pid 11926] <... close resumed>) = 0 [pid 11925] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... rmdir resumed>) = 0 [pid 11926] open("./file0", O_RDONLY) = 4 [pid 11925] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 11926] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11925] exit_group(0) = ? [pid 11925] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11925, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 5064] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] mkdir("./64", 0777 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./62/binderfs" [pid 5068] <... mkdir resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11926] <... ioctl resumed>) = 0 [pid 11926] open("./file0", O_RDONLY) = 5 [pid 11926] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11926] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11926] exit_group(0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11926] <... exit_group resumed>) = ? [pid 11926] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11926, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [pid 5067] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 11990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11929] <... write resumed>) = 16777216 [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(3 [pid 5067] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5068] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./63/binderfs" [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... unlink resumed>) = 0 [pid 5067] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 12000 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12000 [pid 12000] set_robust_list(0x555557145760, 24 [pid 11929] munmap(0x7fda9371b000, 138412032 [pid 12000] <... set_robust_list resumed>) = 0 [pid 11929] <... munmap resumed>) = 0 [pid 12000] chdir("./64") = 0 [pid 12000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12000] setpgid(0, 0) = 0 [pid 12000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12000] write(3, "1000", 4) = 4 [pid 12000] close(3 [pid 11929] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12000] <... close resumed>) = 0 [pid 12000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12000] memfd_create("syzkaller", 0) = 3 [pid 12000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11929] <... openat resumed>) = 4 [ 209.121942][T11929] loop2: detected capacity change from 0 to 32768 [pid 11929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 11929] close(3 [pid 5067] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11929] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11929] mkdir("./file0", 0777 [pid 5067] newfstatat(AT_FDCWD, "./63/file0", [pid 11929] <... mkdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11929] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./63/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./63") = 0 [pid 5067] mkdir("./64", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12002 attached , child_tidptr=0x555557145750) = 12002 [pid 12002] set_robust_list(0x555557145760, 24) = 0 [pid 12002] chdir("./64") = 0 [pid 12002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12002] setpgid(0, 0) = 0 [pid 12002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12002] write(3, "1000", 4) = 4 [pid 12002] close(3) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 12002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12002] memfd_create("syzkaller", 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12002] <... memfd_create resumed>) = 3 [pid 12002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] newfstatat(AT_FDCWD, "./62/file0", [pid 12002] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 209.200578][T11929] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (11929) [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./62/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./62") = 0 [pid 5064] mkdir("./63", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12011 ./strace-static-x86_64: Process 12011 attached [pid 12011] set_robust_list(0x555557145760, 24 [pid 11961] <... write resumed>) = 16777216 [pid 12011] <... set_robust_list resumed>) = 0 [pid 12011] chdir("./63") = 0 [pid 12011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12011] setpgid(0, 0) = 0 [pid 12011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11961] munmap(0x7fda9371b000, 138412032 [pid 12011] write(3, "1000", 4 [pid 11961] <... munmap resumed>) = 0 [pid 12011] <... write resumed>) = 4 [pid 12011] close(3) = 0 [pid 12011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12011] memfd_create("syzkaller", 0) = 3 [pid 12011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 11961] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 11961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11961] close(3) = 0 [pid 11961] mkdir("./file0", 0777) = 0 [ 209.427053][T11961] loop5: detected capacity change from 0 to 32768 [pid 11961] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 209.474426][T11961] BTRFS: device /dev/loop5 using temp-fsid d86204d0-1678-4c0d-8db7-fefd18e0b7ba [ 209.549475][T11961] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (11961) [pid 12000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 11929] <... mount resumed>) = 0 [pid 11929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11929] chdir("./file0") = 0 [pid 11929] ioctl(4, LOOP_CLR_FD) = 0 [pid 11929] close(4) = 0 [pid 11990] <... write resumed>) = 16777216 [pid 11929] open("./file0", O_RDONLY) = 4 [pid 11929] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 11990] munmap(0x7fda9371b000, 138412032) = 0 [pid 11929] <... ioctl resumed>) = 0 [pid 11929] open("./file0", O_RDONLY) = 5 [pid 11929] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 11990] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11990] ioctl(4, LOOP_SET_FD, 3 [pid 12002] <... write resumed>) = 16777216 [pid 11929] <... ioctl resumed>) = 0 [pid 12002] munmap(0x7fda9371b000, 138412032 [pid 11929] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11929] exit_group(0) = ? [pid 11929] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11929, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- [pid 5066] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 209.850274][T11990] loop1: detected capacity change from 0 to 32768 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12002] <... munmap resumed>) = 0 [pid 5066] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./64/binderfs", [pid 12002] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11990] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12002] <... openat resumed>) = 4 [pid 11990] close(3 [pid 5066] unlink("./64/binderfs" [pid 12002] ioctl(4, LOOP_SET_FD, 3 [pid 11990] <... close resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 11990] mkdir("./file0", 0777) = 0 [pid 5066] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11990] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12002] <... ioctl resumed>) = 0 [pid 12002] close(3) = 0 [pid 12002] mkdir("./file0", 0777) = 0 [pid 12002] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12000] <... write resumed>) = 16777216 [pid 12000] munmap(0x7fda9371b000, 138412032 [pid 11961] <... mount resumed>) = 0 [pid 11961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11961] chdir("./file0") = 0 [pid 11961] ioctl(4, LOOP_CLR_FD) = 0 [pid 11961] close(4) = 0 [ 209.922333][T12002] loop3: detected capacity change from 0 to 32768 [ 209.932071][T11990] BTRFS: device /dev/loop1 using temp-fsid bdcb346f-35bf-472e-bd1b-c569bd22f528 [pid 11961] open("./file0", O_RDONLY) = 4 [pid 12000] <... munmap resumed>) = 0 [pid 12000] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12000] ioctl(4, LOOP_SET_FD, 3 [pid 11961] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12000] <... ioctl resumed>) = 0 [pid 12000] close(3) = 0 [pid 12000] mkdir("./file0", 0777) = 0 [ 209.988874][T11990] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (11990) [ 210.001019][T12000] loop4: detected capacity change from 0 to 32768 [pid 12000] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 11961] <... ioctl resumed>) = 0 [pid 11961] open("./file0", O_RDONLY) = 5 [pid 11961] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 11961] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 11961] exit_group(0) = ? [ 210.039451][T12002] BTRFS: device /dev/loop3 using temp-fsid 506c6e4c-e0af-4856-a0ae-19460dd756c0 [pid 11961] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11961, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5069] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./64/binderfs") = 0 [ 210.080713][T12002] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12002) [ 210.167686][T12000] BTRFS: device /dev/loop4 using temp-fsid 34b247f5-14a8-427d-81a3-370f34b625dd [ 210.205934][T12000] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12000) [pid 5069] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] <... umount2 resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5069] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] newfstatat(AT_FDCWD, "./64/file0", [pid 5066] getdents64(4, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] close(4) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./64/file0" [pid 5069] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... rmdir resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5066] getdents64(3, [pid 5069] newfstatat(4, "", [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] close(3 [pid 5069] getdents64(4, [pid 5066] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] rmdir("./64" [pid 5069] getdents64(4, [pid 5066] <... rmdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] mkdir("./65", 0777 [pid 5069] close(4 [pid 5066] <... mkdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./64/file0") = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5069] close(3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5069] <... close resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5069] rmdir("./64" [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12080 attached [pid 5069] <... rmdir resumed>) = 0 [pid 12080] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 12080 [pid 12080] <... set_robust_list resumed>) = 0 [pid 5069] mkdir("./65", 0777 [pid 12080] chdir("./65" [pid 5069] <... mkdir resumed>) = 0 [pid 12080] <... chdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 12080] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... openat resumed>) = 3 [pid 12080] <... prctl resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 12080] setpgid(0, 0 [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12084 attached [pid 12080] <... setpgid resumed>) = 0 [pid 12080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12084] set_robust_list(0x555557145760, 24) = 0 [pid 12080] <... openat resumed>) = 3 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12084 [pid 12084] chdir("./65" [pid 12080] write(3, "1000", 4 [pid 11990] <... mount resumed>) = 0 [pid 11990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12080] <... write resumed>) = 4 [pid 12084] <... chdir resumed>) = 0 [pid 11990] chdir("./file0" [pid 12084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11990] <... chdir resumed>) = 0 [pid 12084] <... prctl resumed>) = 0 [pid 12084] setpgid(0, 0) = 0 [pid 12084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12080] close(3 [pid 11990] ioctl(4, LOOP_CLR_FD [pid 12080] <... close resumed>) = 0 [ 210.413214][T12002] _btrfs_printk: 84 callbacks suppressed [ 210.413228][T12002] BTRFS info (device loop3): disabling free space tree [ 210.439054][T12000] BTRFS info (device loop4): enabling ssd optimizations [ 210.446003][T12000] BTRFS info (device loop4): auto enabling async discard [pid 12084] <... openat resumed>) = 3 [pid 12080] symlink("/dev/binderfs", "./binderfs" [pid 11990] <... ioctl resumed>) = 0 [pid 11990] close(4 [pid 12080] <... symlink resumed>) = 0 [pid 11990] <... close resumed>) = 0 [pid 11990] open("./file0", O_RDONLY) = 4 [pid 11990] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12084] write(3, "1000", 4 [pid 12080] memfd_create("syzkaller", 0 [pid 12011] <... write resumed>) = 16777216 [ 210.455109][T12002] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12011] munmap(0x7fda9371b000, 138412032 [pid 12084] <... write resumed>) = 4 [pid 12080] <... memfd_create resumed>) = 3 [pid 12084] close(3) = 0 [pid 12080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12011] <... munmap resumed>) = 0 [pid 11990] <... ioctl resumed>) = 0 [pid 11990] open("./file0", O_RDONLY) = 5 [pid 12011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12011] ioctl(4, LOOP_SET_FD, 3 [pid 12084] symlink("/dev/binderfs", "./binderfs" [pid 12011] <... ioctl resumed>) = 0 [pid 11990] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 210.483719][T12002] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 210.500356][T12011] loop0: detected capacity change from 0 to 32768 [ 210.514631][T12000] BTRFS info (device loop4): rebuilding free space tree [ 210.523975][T12002] BTRFS info (device loop3): checking UUID tree [pid 12011] close(3 [pid 12084] <... symlink resumed>) = 0 [pid 11990] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12084] memfd_create("syzkaller", 0 [pid 11990] exit_group(0 [pid 12011] <... close resumed>) = 0 [pid 12011] mkdir("./file0", 0777) = 0 [pid 12011] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12084] <... memfd_create resumed>) = 3 [pid 11990] <... exit_group resumed>) = ? [ 210.525684][ T2497] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 210.538586][T12011] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12011) [pid 12084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11990] +++ exited with 0 +++ [pid 12084] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11990, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5065] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./64/binderfs") = 0 [pid 5065] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12002] <... mount resumed>) = 0 [pid 12002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12002] chdir("./file0") = 0 [pid 12002] ioctl(4, LOOP_CLR_FD) = 0 [pid 12002] close(4) = 0 [pid 12002] open("./file0", O_RDONLY) = 4 [pid 12002] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 210.613437][T12000] BTRFS info (device loop4): disabling free space tree [ 210.631585][T12000] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 210.653957][T12011] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 12002] open("./file0", O_RDONLY) = 5 [ 210.690161][T12011] BTRFS info (device loop0): force clearing of disk cache [ 210.697293][T12011] BTRFS info (device loop0): setting nodatasum [ 210.704742][T12000] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 210.728906][T12011] BTRFS info (device loop0): allowing degraded mounts [pid 12002] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./64/file0") = 0 [pid 12002] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./64") = 0 [pid 5065] mkdir("./65", 0777) = 0 [pid 12002] exit_group(0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12088 [pid 12002] <... exit_group resumed>) = ? [ 210.736134][T12011] BTRFS info (device loop0): enabling disk space caching [ 210.746518][T12011] BTRFS info (device loop0): disk space caching is enabled [ 210.749312][ T2497] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 12002] +++ exited with 0 +++ ./strace-static-x86_64: Process 12088 attached [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12002, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 12088] set_robust_list(0x555557145760, 24) = 0 [pid 5067] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12088] chdir("./65" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12088] <... chdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", [pid 12088] prctl(PR_SET_PDEATHSIG, SIGKILL [ 210.784362][T12000] BTRFS info (device loop4): checking UUID tree [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12088] <... prctl resumed>) = 0 [pid 5067] getdents64(3, [pid 12088] setpgid(0, 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12088] <... setpgid resumed>) = 0 [pid 12000] <... mount resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12000] chdir("./file0" [pid 5067] newfstatat(AT_FDCWD, "./64/binderfs", [pid 12088] <... openat resumed>) = 3 [pid 12000] <... chdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12088] write(3, "1000", 4 [pid 12000] ioctl(4, LOOP_CLR_FD [pid 5067] unlink("./64/binderfs" [pid 12088] <... write resumed>) = 4 [pid 12000] <... ioctl resumed>) = 0 [pid 12088] close(3 [pid 12000] close(4 [pid 12088] <... close resumed>) = 0 [pid 12000] <... close resumed>) = 0 [pid 12088] symlink("/dev/binderfs", "./binderfs" [pid 12000] open("./file0", O_RDONLY [pid 12088] <... symlink resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 12000] <... open resumed>) = 4 [pid 12088] memfd_create("syzkaller", 0) = 3 [pid 12000] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12000] <... ioctl resumed>) = 0 [pid 12000] open("./file0", O_RDONLY) = 5 [pid 12000] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12000] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12000] exit_group(0) = ? [pid 12000] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12000, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5068] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./64/binderfs") = 0 [ 210.970393][T12011] BTRFS info (device loop0): enabling ssd optimizations [ 210.982952][T12011] BTRFS info (device loop0): auto enabling async discard [ 211.003746][T12011] BTRFS info (device loop0): rebuilding free space tree [ 211.024246][ T2497] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./64/file0") = 0 [pid 5067] getdents64(3, [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 12080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./64") = 0 [pid 5068] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] mkdir("./65", 0777 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... mkdir resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./64/file0", [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5068] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... ioctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] close(3 [pid 5068] <... openat resumed>) = 4 [pid 5067] <... close resumed>) = 0 [pid 5068] newfstatat(4, "", [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 12108 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4./strace-static-x86_64: Process 12108 attached ) = 0 [pid 12108] set_robust_list(0x555557145760, 24 [pid 5068] rmdir("./64/file0" [pid 12108] <... set_robust_list resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 12108] chdir("./65" [pid 5068] getdents64(3, [pid 12108] <... chdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12108] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] close(3 [pid 12108] <... prctl resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 12108] setpgid(0, 0 [pid 5068] rmdir("./64" [pid 12108] <... setpgid resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 12108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] mkdir("./65", 0777 [pid 12108] <... openat resumed>) = 3 [pid 5068] <... mkdir resumed>) = 0 [ 211.112477][T12011] BTRFS info (device loop0): disabling free space tree [ 211.152387][T12011] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12108] write(3, "1000", 4 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12108] <... write resumed>) = 4 [pid 12108] close(3) = 0 [pid 12108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] <... openat resumed>) = 3 [pid 12108] memfd_create("syzkaller", 0 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12108] <... memfd_create resumed>) = 3 [pid 12108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12109 ./strace-static-x86_64: Process 12109 attached [pid 12109] set_robust_list(0x555557145760, 24) = 0 [pid 12109] chdir("./65") = 0 [pid 12109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12109] setpgid(0, 0) = 0 [pid 12109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12109] write(3, "1000", 4) = 4 [pid 12109] close(3) = 0 [pid 12109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12109] memfd_create("syzkaller", 0) = 3 [pid 12109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 211.218763][T12011] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 211.304202][T12011] BTRFS info (device loop0): checking UUID tree [pid 12011] <... mount resumed>) = 0 [pid 12011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12011] chdir("./file0") = 0 [pid 12011] ioctl(4, LOOP_CLR_FD) = 0 [pid 12011] close(4) = 0 [pid 12011] open("./file0", O_RDONLY) = 4 [pid 12011] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12011] <... ioctl resumed>) = 0 [pid 12011] open("./file0", O_RDONLY) = 5 [pid 12011] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12011] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12011] exit_group(0) = ? [pid 12011] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12011, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [ 211.537108][ T2497] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12080] <... write resumed>) = 16777216 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./63/binderfs", [pid 12080] munmap(0x7fda9371b000, 138412032 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./63/binderfs") = 0 [pid 5064] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12084] <... write resumed>) = 16777216 [pid 12084] munmap(0x7fda9371b000, 138412032) = 0 [pid 12080] <... munmap resumed>) = 0 [pid 12084] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 12084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12080] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12084] close(3) = 0 [pid 12084] mkdir("./file0", 0777) = 0 [pid 12084] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12080] <... openat resumed>) = 4 [pid 12080] ioctl(4, LOOP_SET_FD, 3 [pid 12108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12080] <... ioctl resumed>) = 0 [pid 12080] close(3) = 0 [pid 12109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12080] mkdir("./file0", 0777) = 0 [ 211.691069][T12084] loop5: detected capacity change from 0 to 32768 [ 211.705992][T12080] loop2: detected capacity change from 0 to 32768 [ 211.706313][T12084] BTRFS: device /dev/loop5 using temp-fsid dd82b767-a30d-4981-ba4f-6f767f82361a [ 211.809583][T12084] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12084) [ 211.873888][T12080] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12080) [ 211.890406][T12084] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 211.938862][T12080] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 211.948197][T12080] BTRFS info (device loop2): force clearing of disk cache [ 211.949125][T12084] BTRFS info (device loop5): force clearing of disk cache [pid 12080] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 211.996298][T12080] BTRFS info (device loop2): setting nodatasum [ 212.005178][T12084] BTRFS info (device loop5): setting nodatasum [ 212.023381][T12080] BTRFS info (device loop2): allowing degraded mounts [ 212.024143][T12084] BTRFS info (device loop5): allowing degraded mounts [pid 5064] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./63/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [ 212.054199][T12080] BTRFS info (device loop2): enabling disk space caching [ 212.090740][T12084] BTRFS info (device loop5): enabling disk space caching [pid 5064] rmdir("./63" [pid 12088] <... write resumed>) = 16777216 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./64", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12112 attached , child_tidptr=0x555557145750) = 12112 [pid 12112] set_robust_list(0x555557145760, 24) = 0 [ 212.091007][T12080] BTRFS info (device loop2): disk space caching is enabled [pid 12112] chdir("./64") = 0 [pid 12112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12112] setpgid(0, 0) = 0 [pid 12112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12088] munmap(0x7fda9371b000, 138412032 [pid 12112] <... openat resumed>) = 3 [pid 12112] write(3, "1000", 4) = 4 [pid 12088] <... munmap resumed>) = 0 [pid 12112] close(3) = 0 [pid 12088] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 12112] symlink("/dev/binderfs", "./binderfs" [pid 12088] <... openat resumed>) = 4 [pid 12112] <... symlink resumed>) = 0 [pid 12112] memfd_create("syzkaller", 0) = 3 [ 212.139157][T12084] BTRFS info (device loop5): disk space caching is enabled [pid 12088] ioctl(4, LOOP_SET_FD, 3 [pid 12112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12088] <... ioctl resumed>) = 0 [pid 12088] close(3) = 0 [pid 12088] mkdir("./file0", 0777) = 0 [ 212.197489][T12088] loop1: detected capacity change from 0 to 32768 [ 212.243996][T12088] BTRFS: device /dev/loop1 using temp-fsid c57f64b0-1b5a-4dce-b580-5d908f77510a [pid 12088] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12109] <... write resumed>) = 16777216 [pid 12109] munmap(0x7fda9371b000, 138412032 [pid 12108] <... write resumed>) = 16777216 [pid 12109] <... munmap resumed>) = 0 [ 212.283009][T12088] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12088) [ 212.307781][T12088] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 212.328767][T12088] BTRFS info (device loop1): force clearing of disk cache [ 212.336436][T12088] BTRFS info (device loop1): setting nodatasum [pid 12109] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12108] munmap(0x7fda9371b000, 138412032 [pid 12109] <... openat resumed>) = 4 [pid 12109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12108] <... munmap resumed>) = 0 [pid 12109] close(3) = 0 [pid 12109] mkdir("./file0", 0777) = 0 [pid 12109] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12108] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 212.349731][T12109] loop4: detected capacity change from 0 to 32768 [ 212.353675][T12088] BTRFS info (device loop1): allowing degraded mounts [ 212.356983][T12080] BTRFS info (device loop2): enabling ssd optimizations [ 212.370924][T12080] BTRFS info (device loop2): auto enabling async discard [ 212.372860][T12108] loop3: detected capacity change from 0 to 32768 [ 212.379691][T12080] BTRFS info (device loop2): rebuilding free space tree [ 212.393158][T12109] BTRFS: device /dev/loop4 using temp-fsid 5ca7ea46-5c96-43ec-bc63-457b522d7747 [ 212.398218][T12080] BTRFS info (device loop2): disabling free space tree [ 212.410571][T12080] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 212.418789][T12088] BTRFS info (device loop1): enabling disk space caching [ 212.421371][T12080] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 212.427266][T12084] BTRFS info (device loop5): enabling ssd optimizations [ 212.440803][T12080] BTRFS info (device loop2): checking UUID tree [pid 12108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12108] close(3 [pid 12080] <... mount resumed>) = 0 [pid 12080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12108] <... close resumed>) = 0 [pid 12108] mkdir("./file0", 0777) = 0 [pid 12080] <... openat resumed>) = 3 [pid 12108] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12080] chdir("./file0") = 0 [pid 12080] ioctl(4, LOOP_CLR_FD) = 0 [ 212.448761][T12088] BTRFS info (device loop1): disk space caching is enabled [ 212.452219][T12109] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12109) [ 212.479827][T12084] BTRFS info (device loop5): auto enabling async discard [ 212.480972][T12108] BTRFS: device /dev/loop3 using temp-fsid dbde56f3-6e3d-46df-b281-1a861252fde9 [pid 12080] close(4) = 0 [pid 12080] open("./file0", O_RDONLY) = 4 [ 212.509774][T12109] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 212.521102][T12084] BTRFS info (device loop5): rebuilding free space tree [ 212.522502][T12109] BTRFS info (device loop4): force clearing of disk cache [ 212.536520][T12109] BTRFS info (device loop4): setting nodatasum [ 212.536792][T12108] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12108) [pid 12112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12080] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12080] open("./file0", O_RDONLY) = 5 [pid 12080] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12080] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12080] exit_group(0) = ? [pid 12080] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12080, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- [pid 5066] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./65/binderfs") = 0 [ 212.543092][T12109] BTRFS info (device loop4): allowing degraded mounts [ 212.571104][T12108] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 212.576436][T12109] BTRFS info (device loop4): enabling disk space caching [ 212.587575][T12109] BTRFS info (device loop4): disk space caching is enabled [ 212.595763][T12084] BTRFS info (device loop5): disabling free space tree [ 212.601141][T12108] BTRFS info (device loop3): force clearing of disk cache [ 212.621271][T12108] BTRFS info (device loop3): setting nodatasum [ 212.632335][T12084] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 212.633468][T12108] BTRFS info (device loop3): allowing degraded mounts [ 212.656107][T12088] BTRFS info (device loop1): enabling ssd optimizations [ 212.659115][ T2497] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 212.676663][T12108] BTRFS info (device loop3): enabling disk space caching [ 212.679119][T12084] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 212.692393][T12088] BTRFS info (device loop1): auto enabling async discard [ 212.703839][T12088] BTRFS info (device loop1): rebuilding free space tree [ 212.724506][T12109] BTRFS info (device loop4): enabling ssd optimizations [ 212.732251][T12108] BTRFS info (device loop3): disk space caching is enabled [pid 5066] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5066] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 212.766462][T12088] BTRFS info (device loop1): disabling free space tree [ 212.773620][T12109] BTRFS info (device loop4): auto enabling async discard [ 212.799040][T12088] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 212.799614][T12084] BTRFS info (device loop5): checking UUID tree [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12112] <... write resumed>) = 16777216 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./65/file0" [pid 12112] munmap(0x7fda9371b000, 138412032 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [ 212.808903][T12088] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 212.832201][T12109] BTRFS info (device loop4): rebuilding free space tree [ 212.836040][T12088] BTRFS info (device loop1): checking UUID tree [pid 5066] close(3) = 0 [pid 12112] <... munmap resumed>) = 0 [pid 12088] <... mount resumed>) = 0 [pid 12084] <... mount resumed>) = 0 [pid 12112] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] rmdir("./65" [pid 12112] <... openat resumed>) = 4 [pid 12088] chdir("./file0") = 0 [pid 12088] ioctl(4, LOOP_CLR_FD [pid 12112] ioctl(4, LOOP_SET_FD, 3 [pid 12088] <... ioctl resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 12088] close(4 [pid 12084] <... openat resumed>) = 3 [pid 5066] mkdir("./66", 0777 [pid 12084] chdir("./file0" [pid 12088] <... close resumed>) = 0 [pid 12084] <... chdir resumed>) = 0 [pid 12088] open("./file0", O_RDONLY) = 4 [pid 12088] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 12084] close(4) = 0 [pid 12084] open("./file0", O_RDONLY [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12088] <... ioctl resumed>) = 0 [pid 12084] <... open resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 12088] open("./file0", O_RDONLY [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3 [pid 12088] <... open resumed>) = 5 [pid 12084] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12088] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12088] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12088] exit_group(0) = ? [ 212.862773][T12109] BTRFS info (device loop4): disabling free space tree [ 212.869922][T12109] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 212.881599][T12109] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 212.882011][T12112] loop0: detected capacity change from 0 to 32768 [ 212.909916][T12109] BTRFS info (device loop4): checking UUID tree ./strace-static-x86_64: Process 12192 attached [pid 12112] <... ioctl resumed>) = 0 [pid 12088] +++ exited with 0 +++ [pid 12192] set_robust_list(0x555557145760, 24 [pid 12112] close(3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12088, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 12192] <... set_robust_list resumed>) = 0 [pid 12112] <... close resumed>) = 0 [pid 12192] chdir("./66" [pid 12112] mkdir("./file0", 0777 [pid 12192] <... chdir resumed>) = 0 [pid 12192] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12112] <... mkdir resumed>) = 0 [pid 12192] <... prctl resumed>) = 0 [pid 12112] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12192] setpgid(0, 0) = 0 [pid 5065] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12084] <... ioctl resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 12192 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12192] <... openat resumed>) = 3 [pid 12192] write(3, "1000", 4) = 4 [pid 5065] <... openat resumed>) = 3 [pid 12192] close(3) = 0 [pid 12084] open("./file0", O_RDONLY [pid 5065] newfstatat(3, "", [pid 12192] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12192] <... symlink resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12192] memfd_create("syzkaller", 0) = 3 [pid 12084] <... open resumed>) = 5 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12084] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] newfstatat(AT_FDCWD, "./65/binderfs", [pid 12192] <... mmap resumed>) = 0x7fda9371b000 [pid 12084] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12084] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] unlink("./65/binderfs" [pid 12109] <... mount resumed>) = 0 [pid 12084] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] <... unlink resumed>) = 0 [pid 12109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12084] exit_group(0 [pid 5065] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12084] <... exit_group resumed>) = ? [pid 12109] chdir("./file0") = 0 [pid 12084] +++ exited with 0 +++ [pid 12109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12084, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 12109] close(4) = 0 [ 212.932844][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 212.933145][T12108] BTRFS info (device loop3): enabling ssd optimizations [ 212.962063][T12112] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12112) [pid 5069] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12109] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12109] <... open resumed>) = 4 [pid 5069] <... openat resumed>) = 3 [pid 12109] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12109] <... ioctl resumed>) = 0 [pid 5069] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./65/binderfs", [pid 12109] open("./file0", O_RDONLY [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12109] <... open resumed>) = 5 [pid 5069] unlink("./65/binderfs" [pid 12109] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... unlink resumed>) = 0 [pid 12109] <... ioctl resumed>) = 0 [pid 12109] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 213.001613][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 213.036155][T12108] BTRFS info (device loop3): auto enabling async discard [pid 5069] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12109] exit_group(0) = ? [pid 12109] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12109, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5068] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 213.041809][ T42] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./65/binderfs") = 0 [pid 5068] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./65/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./65") = 0 [pid 5065] mkdir("./66", 0777) = 0 [ 213.085606][T12108] BTRFS info (device loop3): rebuilding free space tree [ 213.097769][T12112] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12195 attached [pid 12195] set_robust_list(0x555557145760, 24) = 0 [pid 12195] chdir("./66") = 0 [pid 12195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 213.143254][T12112] BTRFS info (device loop0): force clearing of disk cache [ 213.160459][T12112] BTRFS info (device loop0): setting nodatasum [ 213.179316][T12108] BTRFS info (device loop3): disabling free space tree [pid 12195] setpgid(0, 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 12195 [pid 5069] <... umount2 resumed>) = 0 [pid 12195] <... setpgid resumed>) = 0 [pid 12195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12195] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./65/file0", [pid 12195] write(3, "1000", 4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12195] <... write resumed>) = 4 [pid 5069] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12195] close(3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12195] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12195] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... openat resumed>) = 4 [pid 12195] <... symlink resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 12195] memfd_create("syzkaller", 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 213.186226][T12108] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 213.189321][T12112] BTRFS info (device loop0): allowing degraded mounts [pid 5069] getdents64(4, [pid 12195] <... memfd_create resumed>) = 3 [pid 12195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12195] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./65/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [ 213.262864][T12112] BTRFS info (device loop0): enabling disk space caching [pid 5069] rmdir("./65" [pid 12108] <... mount resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 12108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... umount2 resumed>) = 0 [pid 12108] <... openat resumed>) = 3 [pid 12108] chdir("./file0" [pid 5068] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12108] <... chdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12108] ioctl(4, LOOP_CLR_FD [pid 5068] newfstatat(AT_FDCWD, "./65/file0", [pid 12108] <... ioctl resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12108] close(4 [pid 5068] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12108] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12108] open("./file0", O_RDONLY [pid 5068] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12108] <... open resumed>) = 4 [pid 5069] mkdir("./66", 0777 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 12108] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] rmdir("./65/file0" [pid 5069] <... openat resumed>) = 3 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./65") = 0 [pid 12108] <... ioctl resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 12108] open("./file0", O_RDONLY [pid 5069] <... ioctl resumed>) = 0 [pid 12192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12108] <... open resumed>) = 5 [pid 5069] close(3 [pid 5068] mkdir("./66", 0777 [pid 5069] <... close resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 12108] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 12108] <... ioctl resumed>) = 0 [pid 5068] close(3 [pid 12108] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... close resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12207 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12108] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 12207 attached [pid 12108] exit_group(0 [pid 12207] set_robust_list(0x555557145760, 24 [pid 12108] <... exit_group resumed>) = ? [pid 12207] <... set_robust_list resumed>) = 0 [pid 12108] +++ exited with 0 +++ [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12208 [pid 12207] chdir("./66" [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12108, si_uid=0, si_status=0, si_utime=0, si_stime=45 /* 0.45 s */} --- [pid 12207] <... chdir resumed>) = 0 [pid 12207] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 12208 attached ) = 0 [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 12208] set_robust_list(0x555557145760, 24 [pid 12207] setpgid(0, 0 [pid 12208] <... set_robust_list resumed>) = 0 [pid 12207] <... setpgid resumed>) = 0 [pid 5067] <... restart_syscall resumed>) = 0 [pid 12207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12208] chdir("./66" [pid 12207] <... openat resumed>) = 3 [pid 5067] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12208] <... chdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12208] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12207] write(3, "1000", 4 [pid 12208] <... prctl resumed>) = 0 [pid 12207] <... write resumed>) = 4 [pid 12208] setpgid(0, 0 [pid 12207] close(3 [pid 12208] <... setpgid resumed>) = 0 [pid 12207] <... close resumed>) = 0 [pid 12208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12207] symlink("/dev/binderfs", "./binderfs" [pid 12208] <... openat resumed>) = 3 [pid 12207] <... symlink resumed>) = 0 [pid 5067] getdents64(3, [pid 12208] write(3, "1000", 4 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12208] <... write resumed>) = 4 [pid 5067] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12208] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./65/binderfs", [pid 12208] <... close resumed>) = 0 [pid 12207] memfd_create("syzkaller", 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./65/binderfs" [pid 12208] symlink("/dev/binderfs", "./binderfs" [pid 12207] <... memfd_create resumed>) = 3 [pid 12208] <... symlink resumed>) = 0 [pid 12207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... unlink resumed>) = 0 [pid 12208] memfd_create("syzkaller", 0 [pid 12207] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12208] <... memfd_create resumed>) = 3 [pid 12208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12112] <... mount resumed>) = 0 [pid 12112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12112] chdir("./file0") = 0 [pid 12112] ioctl(4, LOOP_CLR_FD) = 0 [pid 12112] close(4) = 0 [pid 12112] open("./file0", O_RDONLY) = 4 [pid 12112] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12112] open("./file0", O_RDONLY) = 5 [pid 12112] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12112] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12112] exit_group(0) = ? [pid 12112] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12112, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- [pid 5064] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./64/binderfs") = 0 [pid 5064] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./65/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./65") = 0 [pid 5067] mkdir("./66", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12219 ./strace-static-x86_64: Process 12219 attached [pid 12219] set_robust_list(0x555557145760, 24) = 0 [pid 12219] chdir("./66") = 0 [pid 12219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12219] setpgid(0, 0) = 0 [pid 12219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12219] write(3, "1000", 4) = 4 [pid 12219] close(3) = 0 [pid 12219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12219] memfd_create("syzkaller", 0) = 3 [pid 12219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12219] <... mmap resumed>) = 0x7fda9371b000 [pid 12208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./64/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./64") = 0 [pid 5064] mkdir("./65", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12220 ./strace-static-x86_64: Process 12220 attached [pid 12220] set_robust_list(0x555557145760, 24) = 0 [pid 12220] chdir("./65" [pid 12192] <... write resumed>) = 16777216 [pid 12220] <... chdir resumed>) = 0 [pid 12192] munmap(0x7fda9371b000, 138412032 [pid 12220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12220] setpgid(0, 0) = 0 [pid 12220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12192] <... munmap resumed>) = 0 [pid 12220] <... openat resumed>) = 3 [pid 12220] write(3, "1000", 4) = 4 [pid 12220] close(3) = 0 [pid 12220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12192] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12220] memfd_create("syzkaller", 0 [pid 12192] ioctl(4, LOOP_SET_FD, 3 [pid 12220] <... memfd_create resumed>) = 3 [pid 12220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12192] <... ioctl resumed>) = 0 [pid 12192] close(3) = 0 [pid 12192] mkdir("./file0", 0777) = 0 [ 214.280375][T12192] loop2: detected capacity change from 0 to 32768 [pid 12192] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12195] <... write resumed>) = 16777216 [ 214.358447][T12192] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12192) [pid 12195] munmap(0x7fda9371b000, 138412032) = 0 [pid 12195] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12195] ioctl(4, LOOP_SET_FD, 3 [pid 12219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12195] <... ioctl resumed>) = 0 [pid 12195] close(3) = 0 [pid 12195] mkdir("./file0", 0777) = 0 [ 214.438475][T12195] loop1: detected capacity change from 0 to 32768 [ 214.494926][T12195] BTRFS: device /dev/loop1 using temp-fsid d682e19c-c186-45e5-91cb-efbe1cbc7358 [pid 12195] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12208] <... write resumed>) = 16777216 [pid 12208] munmap(0x7fda9371b000, 138412032) = 0 [pid 12208] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 214.553337][T12195] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12195) [pid 12208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12208] close(3) = 0 [pid 12208] mkdir("./file0", 0777) = 0 [pid 12208] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12207] <... write resumed>) = 16777216 [ 214.610271][T12208] loop4: detected capacity change from 0 to 32768 [pid 12207] munmap(0x7fda9371b000, 138412032 [pid 12219] <... write resumed>) = 16777216 [pid 12207] <... munmap resumed>) = 0 [pid 12219] munmap(0x7fda9371b000, 138412032) = 0 [ 214.691218][T12208] BTRFS: device /dev/loop4 using temp-fsid 6029b6d6-d76f-4730-baa8-4077022a2594 [pid 12207] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 12207] ioctl(4, LOOP_SET_FD, 3 [pid 12219] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12207] <... ioctl resumed>) = 0 [pid 12219] close(3 [pid 12207] close(3 [pid 12220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12219] <... close resumed>) = 0 [pid 12207] <... close resumed>) = 0 [pid 12207] mkdir("./file0", 0777 [pid 12219] mkdir("./file0", 0777) = 0 [pid 12219] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12207] <... mkdir resumed>) = 0 [pid 12207] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12192] <... mount resumed>) = 0 [pid 12192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12192] chdir("./file0") = 0 [pid 12192] ioctl(4, LOOP_CLR_FD) = 0 [pid 12192] close(4) = 0 [pid 12192] open("./file0", O_RDONLY) = 4 [pid 12192] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12192] open("./file0", O_RDONLY) = 5 [ 214.741311][T12207] loop5: detected capacity change from 0 to 32768 [ 214.756843][T12219] loop3: detected capacity change from 0 to 32768 [ 214.771379][T12208] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12208) [pid 12192] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12192] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12192] exit_group(0) = ? [pid 12192] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12192, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./66/binderfs") = 0 [ 214.861010][T12219] BTRFS: device /dev/loop3 using temp-fsid bc7111c0-92ad-4050-90e1-923d1fdec9e7 [ 214.899702][T12219] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12219) [pid 5066] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12195] <... mount resumed>) = 0 [pid 12195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12195] chdir("./file0") = 0 [pid 12195] ioctl(4, LOOP_CLR_FD) = 0 [pid 12195] close(4) = 0 [pid 12195] open("./file0", O_RDONLY) = 4 [pid 12195] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12195] open("./file0", O_RDONLY) = 5 [pid 12195] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12195] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... umount2 resumed>) = 0 [pid 12195] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12195] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12195] <... exit_group resumed>) = ? [pid 5066] newfstatat(AT_FDCWD, "./66/file0", [pid 12195] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 214.938912][T12207] BTRFS: device /dev/loop5 using temp-fsid ce99495b-e174-4965-ab96-a446b4921b17 [ 214.954895][T12207] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12207) [pid 5066] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12195, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [pid 5066] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5066] getdents64(4, [pid 5065] newfstatat(3, "", [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5065] getdents64(3, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./66/file0" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./66/binderfs" [pid 5066] getdents64(3, [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./66") = 0 [pid 5066] mkdir("./67", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12290 attached , child_tidptr=0x555557145750) = 12290 [pid 12290] set_robust_list(0x555557145760, 24) = 0 [pid 12290] chdir("./67") = 0 [pid 12290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12290] setpgid(0, 0) = 0 [pid 12290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12208] <... mount resumed>) = 0 [pid 12290] write(3, "1000", 4 [pid 12208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12290] <... write resumed>) = 4 [pid 12208] <... openat resumed>) = 3 [pid 12290] close(3) = 0 [pid 12208] chdir("./file0") = 0 [pid 12208] ioctl(4, LOOP_CLR_FD [pid 12290] symlink("/dev/binderfs", "./binderfs" [pid 12208] <... ioctl resumed>) = 0 [pid 12290] <... symlink resumed>) = 0 [pid 12208] close(4 [pid 12290] memfd_create("syzkaller", 0 [pid 12208] <... close resumed>) = 0 [pid 12290] <... memfd_create resumed>) = 3 [pid 12208] open("./file0", O_RDONLY [pid 12290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12208] <... open resumed>) = 4 [pid 12290] <... mmap resumed>) = 0x7fda9371b000 [pid 12208] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12219] <... mount resumed>) = 0 [pid 12219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12219] chdir("./file0") = 0 [pid 12208] <... ioctl resumed>) = 0 [pid 12208] open("./file0", O_RDONLY) = 5 [pid 12208] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12208] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12219] ioctl(4, LOOP_CLR_FD) = 0 [pid 12208] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12208] exit_group(0) = ? [pid 12219] close(4) = 0 [pid 12219] open("./file0", O_RDONLY) = 4 [pid 12219] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12208] +++ exited with 0 +++ [pid 12219] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 12219] open("./file0", O_RDONLY) = 5 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12208, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- [pid 5068] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12219] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./66/binderfs") = 0 [pid 5068] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12219] <... ioctl resumed>) = 0 [pid 5065] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12219] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12219] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 12219] exit_group(0 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 12219] <... exit_group resumed>) = ? [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 12219] +++ exited with 0 +++ [pid 12207] <... mount resumed>) = 0 [pid 5065] close(4 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12219, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- [pid 12207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12207] chdir("./file0" [pid 5067] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 12207] <... chdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rmdir("./66/file0" [pid 12207] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 12207] close(4 [pid 5067] <... openat resumed>) = 3 [pid 5065] getdents64(3, [pid 12207] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12220] <... write resumed>) = 16777216 [pid 12207] open("./file0", O_RDONLY [pid 5065] close(3 [pid 12207] <... open resumed>) = 4 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./66" [pid 5067] newfstatat(3, "", [pid 12207] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... rmdir resumed>) = 0 [pid 12207] <... ioctl resumed>) = 0 [pid 5067] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] mkdir("./67", 0777 [pid 12207] open("./file0", O_RDONLY) = 5 [pid 12207] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... mkdir resumed>) = 0 [pid 12220] munmap(0x7fda9371b000, 138412032 [pid 12207] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 12207] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 3 [pid 12207] exit_group(0 [pid 5067] unlink("./66/binderfs" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 12207] <... exit_group resumed>) = ? [pid 12207] +++ exited with 0 +++ [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5067] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12207, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 5068] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] newfstatat(AT_FDCWD, "./66/file0", [pid 5069] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] newfstatat(3, "", [pid 5068] <... openat resumed>) = 4 ./strace-static-x86_64: Process 12306 attached [pid 12220] <... munmap resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(4, "", [pid 5069] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] getdents64(4, [pid 5069] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] getdents64(4, [pid 5069] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] close(4 [pid 5069] unlink("./66/binderfs" [pid 5068] <... close resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5068] rmdir("./66/file0" [pid 5069] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... rmdir resumed>) = 0 [pid 12306] set_robust_list(0x555557145760, 24 [pid 5068] getdents64(3, [pid 12306] <... set_robust_list resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12220] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5068] close(3) = 0 [pid 5068] rmdir("./66") = 0 [pid 5068] mkdir("./67", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12306] chdir("./67" [pid 12220] <... openat resumed>) = 4 [pid 5068] <... openat resumed>) = 3 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 12306 [pid 12306] <... chdir resumed>) = 0 [pid 12306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12220] ioctl(4, LOOP_SET_FD, 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 12306] <... prctl resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 12306] setpgid(0, 0) = 0 [pid 12306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12307 attached [pid 12306] write(3, "1000", 4 [pid 12307] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12307 [pid 12220] <... ioctl resumed>) = 0 [pid 12306] <... write resumed>) = 4 [pid 12306] close(3) = 0 [pid 12307] <... set_robust_list resumed>) = 0 [pid 12306] symlink("/dev/binderfs", "./binderfs" [pid 12220] close(3 [pid 12307] chdir("./67" [pid 12306] <... symlink resumed>) = 0 [pid 12220] <... close resumed>) = 0 [pid 12220] mkdir("./file0", 0777 [pid 12307] <... chdir resumed>) = 0 [pid 12307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12306] memfd_create("syzkaller", 0 [pid 12220] <... mkdir resumed>) = 0 [pid 12307] <... prctl resumed>) = 0 [pid 12220] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12307] setpgid(0, 0) = 0 [pid 12306] <... memfd_create resumed>) = 3 [pid 12307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12307] <... openat resumed>) = 3 [pid 12306] <... mmap resumed>) = 0x7fda9371b000 [ 215.431160][T12220] loop0: detected capacity change from 0 to 32768 [pid 12307] write(3, "1000", 4) = 4 [pid 12307] close(3) = 0 [ 215.485436][T12220] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12220) [pid 12307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12307] memfd_create("syzkaller", 0) = 3 [pid 12307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 215.551699][T12220] _btrfs_printk: 82 callbacks suppressed [ 215.551712][T12220] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5069] <... umount2 resumed>) = 0 [ 215.688792][T12220] BTRFS info (device loop0): force clearing of disk cache [ 215.695940][T12220] BTRFS info (device loop0): setting nodatasum [pid 5069] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 215.753740][T12220] BTRFS info (device loop0): allowing degraded mounts [ 215.786536][T12220] BTRFS info (device loop0): enabling disk space caching [pid 5067] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... openat resumed>) = 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(4, "", [pid 5067] newfstatat(AT_FDCWD, "./66/file0", [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] getdents64(4, [pid 5067] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] getdents64(4, [pid 5067] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5069] close(4 [pid 5067] newfstatat(4, "", [pid 5069] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] rmdir("./66/file0" [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... rmdir resumed>) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5069] getdents64(3, [pid 5067] rmdir("./66/file0" [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... rmdir resumed>) = 0 [ 215.832240][T12220] BTRFS info (device loop0): disk space caching is enabled [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5067] close(3 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./66" [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./66") = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5067] mkdir("./67", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5069] mkdir("./67", 0777 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5069] <... mkdir resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] close(3 [pid 5069] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12318 attached [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12318] set_robust_list(0x555557145760, 24 [pid 5069] close(3 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 12318 [pid 12318] <... set_robust_list resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 12318] chdir("./67" [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12319 attached [pid 12318] <... chdir resumed>) = 0 [pid 12319] set_robust_list(0x555557145760, 24 [pid 12318] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12319 [pid 12319] <... set_robust_list resumed>) = 0 [pid 12318] <... prctl resumed>) = 0 [pid 12319] chdir("./67" [pid 12318] setpgid(0, 0 [pid 12319] <... chdir resumed>) = 0 [pid 12318] <... setpgid resumed>) = 0 [pid 12319] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12319] <... prctl resumed>) = 0 [pid 12318] <... openat resumed>) = 3 [pid 12319] setpgid(0, 0 [pid 12318] write(3, "1000", 4 [pid 12319] <... setpgid resumed>) = 0 [pid 12318] <... write resumed>) = 4 [pid 12319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12318] close(3 [pid 12319] <... openat resumed>) = 3 [pid 12318] <... close resumed>) = 0 [pid 12319] write(3, "1000", 4 [pid 12318] symlink("/dev/binderfs", "./binderfs" [pid 12319] <... write resumed>) = 4 [pid 12318] <... symlink resumed>) = 0 [pid 12319] close(3 [pid 12318] memfd_create("syzkaller", 0 [pid 12319] <... close resumed>) = 0 [pid 12318] <... memfd_create resumed>) = 3 [pid 12319] symlink("/dev/binderfs", "./binderfs" [pid 12318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12319] <... symlink resumed>) = 0 [pid 12318] <... mmap resumed>) = 0x7fda9371b000 [pid 12319] memfd_create("syzkaller", 0) = 3 [pid 12319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 216.125723][T12220] BTRFS info (device loop0): enabling ssd optimizations [ 216.150727][T12220] BTRFS info (device loop0): auto enabling async discard [ 216.199280][T12220] BTRFS info (device loop0): rebuilding free space tree [ 216.258911][T12220] BTRFS info (device loop0): disabling free space tree [ 216.265820][T12220] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 216.338797][T12220] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 216.406658][T12220] BTRFS info (device loop0): checking UUID tree [pid 12318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12290] <... write resumed>) = 16777216 [pid 12220] <... mount resumed>) = 0 [pid 12220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12220] chdir("./file0") = 0 [pid 12220] ioctl(4, LOOP_CLR_FD) = 0 [pid 12220] close(4) = 0 [pid 12220] open("./file0", O_RDONLY) = 4 [pid 12220] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12290] munmap(0x7fda9371b000, 138412032 [pid 12220] <... ioctl resumed>) = 0 [pid 12220] open("./file0", O_RDONLY) = 5 [pid 12290] <... munmap resumed>) = 0 [pid 12220] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12220] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12220] exit_group(0) = ? [pid 12220] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12220, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 12290] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12290] ioctl(4, LOOP_SET_FD, 3 [pid 5064] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 216.559589][ T2497] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 216.575109][T12290] loop2: detected capacity change from 0 to 32768 [pid 12290] <... ioctl resumed>) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12290] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12290] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./65/binderfs", [pid 12290] mkdir("./file0", 0777) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12290] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] unlink("./65/binderfs") = 0 [ 216.642591][T12290] BTRFS: device /dev/loop2 using temp-fsid 67a3e93f-4f71-49d7-885c-12dd19a335d0 [ 216.681099][T12290] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12290) [pid 5064] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12307] <... write resumed>) = 16777216 [pid 12306] <... write resumed>) = 16777216 [pid 12307] munmap(0x7fda9371b000, 138412032 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12306] munmap(0x7fda9371b000, 138412032 [pid 5064] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12307] <... munmap resumed>) = 0 [pid 12306] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 12307] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 12307] <... openat resumed>) = 4 [pid 5064] close(4) = 0 [pid 5064] rmdir("./65/file0" [pid 12306] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [ 216.754392][T12290] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 12307] ioctl(4, LOOP_SET_FD, 3 [pid 12306] <... openat resumed>) = 4 [pid 5064] getdents64(3, [pid 12306] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./65") = 0 [pid 5064] mkdir("./66", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12328 ./strace-static-x86_64: Process 12328 attached [pid 12328] set_robust_list(0x555557145760, 24) = 0 [pid 12307] <... ioctl resumed>) = 0 [pid 12306] <... ioctl resumed>) = 0 [pid 12328] chdir("./66" [pid 12307] close(3 [pid 12328] <... chdir resumed>) = 0 [pid 12307] <... close resumed>) = 0 [pid 12328] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12307] mkdir("./file0", 0777 [pid 12328] <... prctl resumed>) = 0 [pid 12307] <... mkdir resumed>) = 0 [pid 12328] setpgid(0, 0 [pid 12307] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12306] close(3) = 0 [pid 12306] mkdir("./file0", 0777) = 0 [pid 12306] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12328] <... setpgid resumed>) = 0 [ 216.795777][T12307] loop4: detected capacity change from 0 to 32768 [ 216.795829][T12306] loop1: detected capacity change from 0 to 32768 [ 216.808988][T12290] BTRFS info (device loop2): force clearing of disk cache [ 216.826127][T12290] BTRFS info (device loop2): setting nodatasum [ 216.833439][T12306] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12306) [pid 12328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12319] <... write resumed>) = 16777216 [pid 12319] munmap(0x7fda9371b000, 138412032) = 0 [pid 12328] <... openat resumed>) = 3 [pid 12328] write(3, "1000", 4) = 4 [pid 12328] close(3) = 0 [pid 12328] symlink("/dev/binderfs", "./binderfs" [pid 12319] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 12328] <... symlink resumed>) = 0 [pid 12319] <... openat resumed>) = 4 [pid 12328] memfd_create("syzkaller", 0 [pid 12319] ioctl(4, LOOP_SET_FD, 3 [pid 12328] <... memfd_create resumed>) = 3 [pid 12319] <... ioctl resumed>) = 0 [ 216.858965][T12290] BTRFS info (device loop2): allowing degraded mounts [ 216.876122][T12290] BTRFS info (device loop2): enabling disk space caching [ 216.890730][T12319] loop5: detected capacity change from 0 to 32768 [pid 12328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12319] close(3) = 0 [pid 12319] mkdir("./file0", 0777) = 0 [ 216.903172][T12307] BTRFS: device /dev/loop4 using temp-fsid db8b14d7-e7bb-4077-85bd-0bb8d37fb92e [ 216.911735][T12290] BTRFS info (device loop2): disk space caching is enabled [ 216.919969][T12306] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 216.941495][T12307] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12307) [pid 12319] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12318] <... write resumed>) = 16777216 [pid 12318] munmap(0x7fda9371b000, 138412032) = 0 [ 216.957235][T12306] BTRFS info (device loop1): force clearing of disk cache [ 216.976639][T12306] BTRFS info (device loop1): setting nodatasum [pid 12318] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 217.001207][T12319] BTRFS: device /dev/loop5 using temp-fsid 81810bd0-4bc9-4e0c-bba4-5842f30c1661 [ 217.010459][T12306] BTRFS info (device loop1): allowing degraded mounts [ 217.010651][T12307] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 217.018204][T12306] BTRFS info (device loop1): enabling disk space caching [ 217.034551][T12319] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12319) [pid 12318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12318] close(3) = 0 [pid 12318] mkdir("./file0", 0777) = 0 [ 217.035359][T12306] BTRFS info (device loop1): disk space caching is enabled [ 217.057975][T12318] loop3: detected capacity change from 0 to 32768 [ 217.066011][T12307] BTRFS info (device loop4): force clearing of disk cache [ 217.069411][T12319] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 217.093398][T12307] BTRFS info (device loop4): setting nodatasum [ 217.099700][T12307] BTRFS info (device loop4): allowing degraded mounts [ 217.107052][T12307] BTRFS info (device loop4): enabling disk space caching [ 217.107527][T12318] BTRFS: device /dev/loop3 using temp-fsid a7e84dd6-eab0-4fd7-b0af-937d5709aeaa [ 217.114160][T12307] BTRFS info (device loop4): disk space caching is enabled [ 217.145561][T12319] BTRFS info (device loop5): force clearing of disk cache [ 217.153517][T12319] BTRFS info (device loop5): setting nodatasum [ 217.160496][T12319] BTRFS info (device loop5): allowing degraded mounts [ 217.165468][T12290] BTRFS info (device loop2): enabling ssd optimizations [ 217.167760][T12319] BTRFS info (device loop5): enabling disk space caching [ 217.182389][T12319] BTRFS info (device loop5): disk space caching is enabled [pid 12318] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 217.190667][T12318] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12318) [ 217.196797][T12290] BTRFS info (device loop2): auto enabling async discard [ 217.218837][T12318] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 217.229343][T12318] BTRFS info (device loop3): force clearing of disk cache [ 217.230912][T12290] BTRFS info (device loop2): rebuilding free space tree [ 217.238786][T12318] BTRFS info (device loop3): setting nodatasum [ 217.263351][T12318] BTRFS info (device loop3): allowing degraded mounts [ 217.283334][T12318] BTRFS info (device loop3): enabling disk space caching [ 217.291488][T12306] BTRFS info (device loop1): enabling ssd optimizations [ 217.294089][T12307] BTRFS info (device loop4): enabling ssd optimizations [ 217.306177][T12306] BTRFS info (device loop1): auto enabling async discard [ 217.306777][T12318] BTRFS info (device loop3): disk space caching is enabled [ 217.320545][T12307] BTRFS info (device loop4): auto enabling async discard [ 217.321278][T12290] BTRFS info (device loop2): disabling free space tree [ 217.328368][T12307] BTRFS info (device loop4): rebuilding free space tree [ 217.344243][T12290] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 217.356131][T12319] BTRFS info (device loop5): enabling ssd optimizations [ 217.363354][T12307] BTRFS info (device loop4): disabling free space tree [ 217.368777][T12290] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 217.370953][T12306] BTRFS info (device loop1): rebuilding free space tree [ 217.383361][T12290] BTRFS info (device loop2): checking UUID tree [ 217.387331][T12319] BTRFS info (device loop5): auto enabling async discard [ 217.402068][T12307] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12290] <... mount resumed>) = 0 [pid 12290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12290] chdir("./file0") = 0 [pid 12290] ioctl(4, LOOP_CLR_FD) = 0 [pid 12290] close(4) = 0 [pid 12290] open("./file0", O_RDONLY) = 4 [pid 12290] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12290] open("./file0", O_RDONLY) = 5 [pid 12290] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 217.411919][T12307] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 217.419429][T12319] BTRFS info (device loop5): rebuilding free space tree [ 217.433366][T12307] BTRFS info (device loop4): checking UUID tree [pid 12290] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12290] exit_group(0) = ? [pid 12290] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12290, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [pid 12307] <... mount resumed>) = 0 [pid 12307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12307] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12307] chdir("./file0" [pid 5066] <... openat resumed>) = 3 [pid 12307] <... chdir resumed>) = 0 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12307] ioctl(4, LOOP_CLR_FD [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./67/binderfs") = 0 [pid 5066] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12307] <... ioctl resumed>) = 0 [pid 12307] close(4) = 0 [pid 12307] open("./file0", O_RDONLY) = 4 [ 217.477249][T12306] BTRFS info (device loop1): disabling free space tree [ 217.501736][T12306] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12307] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12307] open("./file0", O_RDONLY) = 5 [pid 12307] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12307] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12307] exit_group(0) = ? [ 217.529537][T12306] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 217.542633][T12319] BTRFS info (device loop5): disabling free space tree [ 217.552400][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 217.569467][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 12307] +++ exited with 0 +++ [pid 12328] <... write resumed>) = 16777216 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12307, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 12328] munmap(0x7fda9371b000, 138412032 [pid 5068] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12328] <... munmap resumed>) = 0 [pid 5068] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12328] ioctl(4, LOOP_SET_FD, 3 [pid 5068] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./67/binderfs") = 0 [ 217.581298][T12319] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 217.609784][T12328] loop0: detected capacity change from 0 to 32768 [ 217.616361][T12306] BTRFS info (device loop1): checking UUID tree [pid 5068] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12306] <... mount resumed>) = 0 [pid 12306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12306] chdir("./file0") = 0 [pid 12306] ioctl(4, LOOP_CLR_FD) = 0 [pid 12306] close(4) = 0 [pid 12306] open("./file0", O_RDONLY) = 4 [pid 12306] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12306] open("./file0", O_RDONLY) = 5 [ 217.616428][T12319] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 217.621378][T12319] BTRFS info (device loop5): checking UUID tree [ 217.639313][T12318] BTRFS info (device loop3): enabling ssd optimizations [pid 12319] <... mount resumed>) = 0 [pid 12306] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12306] <... ioctl resumed>) = 0 [pid 12328] <... ioctl resumed>) = 0 [pid 12319] <... openat resumed>) = 3 [pid 12306] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12319] chdir("./file0" [pid 12306] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12306] exit_group(0) = ? [pid 12319] <... chdir resumed>) = 0 [pid 12306] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12306, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=36 /* 0.36 s */} --- [pid 5065] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./67/binderfs") = 0 [pid 5065] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12328] close(3 [pid 12319] ioctl(4, LOOP_CLR_FD [pid 12328] <... close resumed>) = 0 [pid 12319] <... ioctl resumed>) = 0 [ 217.674517][T12318] BTRFS info (device loop3): auto enabling async discard [ 217.681923][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 12328] mkdir("./file0", 0777 [pid 12319] close(4 [pid 12328] <... mkdir resumed>) = 0 [pid 12319] <... close resumed>) = 0 [pid 12328] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12319] open("./file0", O_RDONLY) = 4 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12319] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./67/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./67") = 0 [pid 5066] mkdir("./68", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12410 attached , child_tidptr=0x555557145750) = 12410 [pid 12410] set_robust_list(0x555557145760, 24) = 0 [pid 12410] chdir("./68") = 0 [pid 12410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12410] setpgid(0, 0) = 0 [pid 12410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12319] <... ioctl resumed>) = 0 [pid 12319] open("./file0", O_RDONLY) = 5 [ 217.745870][T12328] BTRFS: device /dev/loop0 using temp-fsid 87db640f-baad-44a0-b740-7a46e44ddf7c [ 217.762243][T12328] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12328) [ 217.768646][T12318] BTRFS info (device loop3): rebuilding free space tree [pid 12319] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12410] <... openat resumed>) = 3 [pid 12319] <... ioctl resumed>) = 0 [pid 12319] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12319] exit_group(0) = ? [pid 12410] write(3, "1000", 4 [pid 12319] +++ exited with 0 +++ [pid 12410] <... write resumed>) = 4 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12319, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [ 217.817196][T12328] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 217.843369][T12318] BTRFS info (device loop3): disabling free space tree [pid 12410] close(3) = 0 [pid 5069] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12410] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12410] <... symlink resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./67/binderfs", [pid 5068] <... umount2 resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12410] memfd_create("syzkaller", 0 [pid 5069] unlink("./67/binderfs" [pid 12410] <... memfd_create resumed>) = 3 [pid 5069] <... unlink resumed>) = 0 [pid 5068] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 12410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [ 217.860930][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 217.868802][T12318] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 217.883280][T12328] BTRFS info (device loop0): force clearing of disk cache [ 217.900566][T12318] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5065] rmdir("./67/file0" [pid 12410] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] newfstatat(AT_FDCWD, "./67/file0", [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] close(3 [pid 5068] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./67") = 0 [pid 5065] mkdir("./68", 0777 [pid 5068] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] <... openat resumed>) = 4 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] newfstatat(4, "", [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 12412 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 12412 attached [pid 5068] close(4) = 0 [pid 12412] set_robust_list(0x555557145760, 24 [pid 5068] rmdir("./67/file0" [pid 12412] <... set_robust_list resumed>) = 0 [pid 12412] chdir("./68" [pid 5068] <... rmdir resumed>) = 0 [pid 12412] <... chdir resumed>) = 0 [pid 5068] getdents64(3, [pid 12412] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12412] <... prctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 12412] setpgid(0, 0 [ 217.940016][T12328] BTRFS info (device loop0): setting nodatasum [ 217.961194][T12328] BTRFS info (device loop0): allowing degraded mounts [ 217.979978][T12328] BTRFS info (device loop0): enabling disk space caching [pid 5068] rmdir("./67") = 0 [pid 12412] <... setpgid resumed>) = 0 [pid 5068] mkdir("./68", 0777 [pid 12412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... mkdir resumed>) = 0 [pid 12412] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12412] write(3, "1000", 4 [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 12412] <... write resumed>) = 4 [pid 5068] <... ioctl resumed>) = 0 [pid 12412] close(3 [pid 5068] close(3 [ 218.002238][T12318] BTRFS info (device loop3): checking UUID tree [ 218.007890][T12328] BTRFS info (device loop0): disk space caching is enabled [pid 12412] <... close resumed>) = 0 [pid 12412] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... close resumed>) = 0 [pid 12412] <... symlink resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12412] memfd_create("syzkaller", 0./strace-static-x86_64: Process 12417 attached ) = 3 [pid 12318] <... mount resumed>) = 0 [pid 12318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12417] set_robust_list(0x555557145760, 24 [pid 12412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12318] <... openat resumed>) = 3 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12417 [pid 12318] chdir("./file0" [pid 12417] <... set_robust_list resumed>) = 0 [pid 12412] <... mmap resumed>) = 0x7fda9371b000 [pid 12417] chdir("./68") = 0 [pid 12417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12417] setpgid(0, 0) = 0 [pid 12417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12417] write(3, "1000", 4 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12417] <... write resumed>) = 4 [pid 12318] <... chdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./67/file0", [pid 12417] close(3 [pid 12318] ioctl(4, LOOP_CLR_FD [pid 12417] <... close resumed>) = 0 [pid 12318] <... ioctl resumed>) = 0 [pid 12417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12318] close(4 [pid 12417] memfd_create("syzkaller", 0 [pid 12318] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12417] <... memfd_create resumed>) = 3 [pid 12318] open("./file0", O_RDONLY [pid 5069] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12318] <... open resumed>) = 4 [pid 12417] <... mmap resumed>) = 0x7fda9371b000 [pid 12318] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12318] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12318] open("./file0", O_RDONLY [pid 5069] <... openat resumed>) = 4 [pid 12318] <... open resumed>) = 5 [pid 5069] newfstatat(4, "", [pid 12318] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 12318] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12318] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] getdents64(4, [pid 12318] exit_group(0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 12318] <... exit_group resumed>) = ? [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./67/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 12318] +++ exited with 0 +++ [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./67") = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12318, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=42 /* 0.42 s */} --- [pid 12410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] mkdir("./68", 0777) = 0 [pid 5067] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5067] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 5069] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] close(3 [pid 5067] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 218.283709][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] newfstatat(AT_FDCWD, "./67/binderfs", [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./67/binderfs") = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12432 [pid 5067] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 12432 attached [pid 12432] set_robust_list(0x555557145760, 24) = 0 [ 218.329231][T12328] BTRFS info (device loop0): enabling ssd optimizations [pid 12432] chdir("./68") = 0 [pid 12432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12432] setpgid(0, 0) = 0 [pid 12432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12432] write(3, "1000", 4) = 4 [pid 12432] close(3) = 0 [pid 12432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12432] memfd_create("syzkaller", 0) = 3 [pid 12432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 218.370324][T12328] BTRFS info (device loop0): auto enabling async discard [ 218.426797][T12328] BTRFS info (device loop0): rebuilding free space tree [ 218.480175][T12328] BTRFS info (device loop0): disabling free space tree [ 218.487087][T12328] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./67/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [ 218.618790][T12328] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] rmdir("./67") = 0 [pid 5067] mkdir("./68", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 12412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12433 attached [pid 12433] set_robust_list(0x555557145760, 24) = 0 [pid 12433] chdir("./68" [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 12433 [pid 12433] <... chdir resumed>) = 0 [pid 12433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12433] setpgid(0, 0) = 0 [pid 12433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12433] write(3, "1000", 4) = 4 [pid 12433] close(3) = 0 [pid 12433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12433] memfd_create("syzkaller", 0) = 3 [pid 12433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 218.721019][T12328] BTRFS info (device loop0): checking UUID tree [pid 12432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12328] <... mount resumed>) = 0 [pid 12328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12328] chdir("./file0") = 0 [pid 12410] <... write resumed>) = 16777216 [pid 12328] ioctl(4, LOOP_CLR_FD [pid 12410] munmap(0x7fda9371b000, 138412032 [pid 12328] <... ioctl resumed>) = 0 [pid 12328] close(4 [pid 12410] <... munmap resumed>) = 0 [pid 12328] <... close resumed>) = 0 [pid 12328] open("./file0", O_RDONLY [pid 12410] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12328] <... open resumed>) = 4 [pid 12410] <... openat resumed>) = 4 [pid 12328] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12410] ioctl(4, LOOP_SET_FD, 3 [pid 12328] <... ioctl resumed>) = 0 [pid 12328] open("./file0", O_RDONLY) = 5 [pid 12328] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12410] <... ioctl resumed>) = 0 [pid 12328] <... ioctl resumed>) = 0 [pid 12410] close(3 [pid 12328] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12410] <... close resumed>) = 0 [pid 12328] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12410] mkdir("./file0", 0777 [pid 12328] exit_group(0 [pid 12410] <... mkdir resumed>) = 0 [pid 12328] <... exit_group resumed>) = ? [pid 12328] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12328, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5064] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12410] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 218.913612][T12410] loop2: detected capacity change from 0 to 32768 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./66/binderfs") = 0 [ 218.967183][T12410] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12410) [ 218.979784][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 219.073953][T12410] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5064] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 219.129224][T12410] BTRFS info (device loop2): force clearing of disk cache [pid 5064] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./66/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./66") = 0 [pid 5064] mkdir("./67", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12450 ./strace-static-x86_64: Process 12450 attached [pid 12450] set_robust_list(0x555557145760, 24 [pid 12433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12432] <... write resumed>) = 16777216 [pid 12450] <... set_robust_list resumed>) = 0 [pid 12450] chdir("./67" [pid 12432] munmap(0x7fda9371b000, 138412032 [pid 12412] <... write resumed>) = 16777216 [pid 12450] <... chdir resumed>) = 0 [pid 12450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12450] setpgid(0, 0) = 0 [pid 12450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12450] write(3, "1000", 4) = 4 [pid 12450] close(3) = 0 [pid 12450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12432] <... munmap resumed>) = 0 [pid 12412] munmap(0x7fda9371b000, 138412032 [pid 12450] memfd_create("syzkaller", 0) = 3 [pid 12450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12412] <... munmap resumed>) = 0 [pid 12412] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12432] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 12412] ioctl(4, LOOP_SET_FD, 3 [pid 12410] <... mount resumed>) = 0 [pid 12410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12410] chdir("./file0") = 0 [pid 12410] ioctl(4, LOOP_CLR_FD) = 0 [pid 12410] close(4) = 0 [pid 12410] open("./file0", O_RDONLY) = 4 [pid 12410] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12432] <... openat resumed>) = 4 [pid 12412] <... ioctl resumed>) = 0 [pid 12412] close(3 [pid 12432] ioctl(4, LOOP_SET_FD, 3 [pid 12412] <... close resumed>) = 0 [pid 12432] <... ioctl resumed>) = 0 [pid 12412] mkdir("./file0", 0777 [pid 12432] close(3) = 0 [pid 12412] <... mkdir resumed>) = 0 [pid 12432] mkdir("./file0", 0777 [pid 12412] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12432] <... mkdir resumed>) = 0 [ 219.407178][T12412] loop1: detected capacity change from 0 to 32768 [ 219.429839][T12432] loop5: detected capacity change from 0 to 32768 [pid 12432] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12410] <... ioctl resumed>) = 0 [pid 12410] open("./file0", O_RDONLY) = 5 [pid 12410] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12410] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 219.452775][T12412] BTRFS: device /dev/loop1 using temp-fsid ec950ee1-5071-461c-a9ce-7c6fb4aa5a59 [pid 12410] exit_group(0) = ? [pid 12410] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12410, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=23 /* 0.23 s */} --- [pid 5066] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12417] <... write resumed>) = 16777216 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 219.492063][T12412] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12412) [pid 12417] munmap(0x7fda9371b000, 138412032) = 0 [pid 5066] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12417] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./68/binderfs", [pid 12417] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./68/binderfs" [pid 12417] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12417] <... ioctl resumed>) = 0 [ 219.553936][T12432] BTRFS: device /dev/loop5 using temp-fsid 431d6cf6-eafc-4b57-a454-067541f1dc16 [ 219.565938][T12417] loop4: detected capacity change from 0 to 32768 [pid 12417] close(3) = 0 [pid 12417] mkdir("./file0", 0777) = 0 [ 219.594056][T12432] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12432) [pid 12417] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 219.753358][T12417] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12417) [pid 12450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12433] <... write resumed>) = 16777216 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12433] munmap(0x7fda9371b000, 138412032 [pid 12432] <... mount resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12433] <... munmap resumed>) = 0 [pid 12432] <... openat resumed>) = 3 [pid 5066] <... openat resumed>) = 4 [pid 12432] chdir("./file0") = 0 [pid 12432] ioctl(4, LOOP_CLR_FD) = 0 [pid 12432] close(4) = 0 [pid 12432] open("./file0", O_RDONLY) = 4 [pid 12432] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12412] <... mount resumed>) = 0 [pid 12412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12412] chdir("./file0") = 0 [pid 5066] newfstatat(4, "", [pid 12412] ioctl(4, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12433] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12412] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, [pid 12433] <... openat resumed>) = 4 [pid 12412] close(4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12433] ioctl(4, LOOP_SET_FD, 3 [pid 5066] getdents64(4, [pid 12412] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 12412] open("./file0", O_RDONLY [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./68/file0" [pid 12433] <... ioctl resumed>) = 0 [pid 12432] <... ioctl resumed>) = 0 [pid 12412] <... open resumed>) = 4 [pid 12432] open("./file0", O_RDONLY [pid 12412] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12432] <... open resumed>) = 5 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 12432] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12433] close(3 [pid 12432] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12433] <... close resumed>) = 0 [pid 12432] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] close(3 [pid 12433] mkdir("./file0", 0777 [pid 12432] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... close resumed>) = 0 [pid 12432] exit_group(0 [pid 5066] rmdir("./68" [pid 12433] <... mkdir resumed>) = 0 [pid 12432] <... exit_group resumed>) = ? [pid 5066] <... rmdir resumed>) = 0 [pid 12433] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12432] +++ exited with 0 +++ [pid 12412] <... ioctl resumed>) = 0 [pid 5066] mkdir("./69", 0777 [pid 12412] open("./file0", O_RDONLY) = 5 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12432, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- [pid 5066] <... mkdir resumed>) = 0 [pid 12412] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12412] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12412] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12412] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... openat resumed>) = 3 [pid 5066] <... openat resumed>) = 3 [pid 12412] exit_group(0 [pid 5069] newfstatat(3, "", [pid 12412] <... exit_group resumed>) = ? [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12412] +++ exited with 0 +++ [pid 5069] getdents64(3, [pid 12417] <... mount resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12417] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12417] chdir("./file0" [pid 5069] newfstatat(AT_FDCWD, "./68/binderfs", [pid 12417] <... chdir resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12412, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [pid 12417] ioctl(4, LOOP_CLR_FD [pid 5069] unlink("./68/binderfs" [pid 5066] ioctl(3, LOOP_CLR_FD [pid 12417] <... ioctl resumed>) = 0 [pid 12417] close(4) = 0 [pid 12417] open("./file0", O_RDONLY) = 4 [pid 12417] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... unlink resumed>) = 0 [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5069] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 219.989966][T12433] loop3: detected capacity change from 0 to 32768 [ 220.029512][T12433] BTRFS: device /dev/loop3 using temp-fsid 87e3f3ad-2fcb-4f3d-a502-96c37c836d49 [pid 5066] close(3) = 0 [pid 5065] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", ./strace-static-x86_64: Process 12505 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12505] set_robust_list(0x555557145760, 24 [pid 12417] <... ioctl resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 12505 [pid 5065] getdents64(3, [pid 12505] <... set_robust_list resumed>) = 0 [pid 12417] open("./file0", O_RDONLY [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12505] chdir("./69" [pid 12417] <... open resumed>) = 5 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12505] <... chdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./68/binderfs", [pid 12505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12417] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12505] setpgid(0, 0 [pid 5065] unlink("./68/binderfs" [pid 12505] <... setpgid resumed>) = 0 [pid 12505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12417] <... ioctl resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 12505] <... openat resumed>) = 3 [pid 12417] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 220.053858][T12433] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12433) [pid 12505] write(3, "1000", 4) = 4 [pid 12450] <... write resumed>) = 16777216 [pid 12417] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12505] close(3) = 0 [pid 12417] exit_group(0 [pid 12505] symlink("/dev/binderfs", "./binderfs" [pid 12417] <... exit_group resumed>) = ? [pid 12505] <... symlink resumed>) = 0 [pid 12417] +++ exited with 0 +++ [pid 12505] memfd_create("syzkaller", 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12417, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 12450] munmap(0x7fda9371b000, 138412032 [pid 5068] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12505] <... memfd_create resumed>) = 3 [pid 5068] <... openat resumed>) = 3 [pid 12505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./68/binderfs" [pid 12450] <... munmap resumed>) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 12450] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5068] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12450] <... openat resumed>) = 4 [pid 12450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12450] close(3) = 0 [pid 12450] mkdir("./file0", 0777) = 0 [ 220.196680][T12450] loop0: detected capacity change from 0 to 32768 [pid 12450] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5069] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 220.237427][T12450] BTRFS: device /dev/loop0 using temp-fsid a10f6610-eb35-493d-8c3c-a9feae568c25 [pid 5069] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... openat resumed>) = 4 [pid 5065] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] newfstatat(4, "", [pid 5065] <... openat resumed>) = 4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 5065] getdents64(4, [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5065] getdents64(4, [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5069] close(4 [pid 5065] rmdir("./68/file0" [pid 5069] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5069] rmdir("./68/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(3, [pid 5065] close(3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 5069] close(3 [pid 5065] rmdir("./68" [pid 5069] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5069] rmdir("./68" [ 220.295175][T12450] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12450) [pid 5065] mkdir("./69", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5065] close(3) = 0 [pid 5069] mkdir("./69", 0777 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... mkdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 12526 ./strace-static-x86_64: Process 12526 attached [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 12526] set_robust_list(0x555557145760, 24 [pid 5069] <... openat resumed>) = 3 [pid 12526] <... set_robust_list resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 12526] chdir("./69" [pid 5069] close(3 [pid 12526] <... chdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12528 attached [pid 12526] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12528] set_robust_list(0x555557145760, 24 [pid 12526] <... prctl resumed>) = 0 [pid 12528] <... set_robust_list resumed>) = 0 [pid 12526] setpgid(0, 0 [pid 12528] chdir("./69" [pid 12526] <... setpgid resumed>) = 0 [pid 12526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12433] <... mount resumed>) = 0 [pid 12528] <... chdir resumed>) = 0 [pid 12526] <... openat resumed>) = 3 [pid 12433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12528 [pid 12528] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12526] write(3, "1000", 4 [pid 12433] <... openat resumed>) = 3 [pid 12528] <... prctl resumed>) = 0 [pid 12526] <... write resumed>) = 4 [pid 12528] setpgid(0, 0 [pid 12526] close(3 [pid 12528] <... setpgid resumed>) = 0 [pid 12526] <... close resumed>) = 0 [pid 12528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12526] symlink("/dev/binderfs", "./binderfs" [pid 12433] chdir("./file0" [pid 12528] write(3, "1000", 4 [pid 12433] <... chdir resumed>) = 0 [pid 12528] <... write resumed>) = 4 [pid 12433] ioctl(4, LOOP_CLR_FD [pid 12528] close(3 [pid 12433] <... ioctl resumed>) = 0 [pid 12528] <... close resumed>) = 0 [pid 12433] close(4 [pid 12528] symlink("/dev/binderfs", "./binderfs" [pid 12433] <... close resumed>) = 0 [pid 12528] <... symlink resumed>) = 0 [pid 12526] <... symlink resumed>) = 0 [pid 12433] open("./file0", O_RDONLY [pid 12528] memfd_create("syzkaller", 0 [pid 12433] <... open resumed>) = 4 [pid 12528] <... memfd_create resumed>) = 3 [pid 12526] memfd_create("syzkaller", 0 [pid 12433] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12526] <... memfd_create resumed>) = 3 [pid 12526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./68/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./68") = 0 [pid 5068] mkdir("./69", 0777) = 0 [pid 12433] <... ioctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12433] open("./file0", O_RDONLY [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 12433] <... open resumed>) = 5 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 12433] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12532 ./strace-static-x86_64: Process 12532 attached [pid 12433] <... ioctl resumed>) = 0 [pid 12532] set_robust_list(0x555557145760, 24 [pid 12433] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12532] <... set_robust_list resumed>) = 0 [pid 12433] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12532] chdir("./69" [pid 12433] exit_group(0) = ? [pid 12532] <... chdir resumed>) = 0 [pid 12433] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12433, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 12532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12532] setpgid(0, 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12532] <... setpgid resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", [pid 12532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 12532] <... openat resumed>) = 3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12532] write(3, "1000", 4 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12532] <... write resumed>) = 4 [pid 5067] newfstatat(AT_FDCWD, "./68/binderfs", [pid 12532] close(3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12532] <... close resumed>) = 0 [pid 5067] unlink("./68/binderfs" [pid 12532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] <... unlink resumed>) = 0 [pid 12532] memfd_create("syzkaller", 0 [pid 5067] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12532] <... memfd_create resumed>) = 3 [pid 12532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 220.749022][T12450] _btrfs_printk: 74 callbacks suppressed [ 220.749035][T12450] BTRFS info (device loop0): enabling ssd optimizations [ 220.823199][T12450] BTRFS info (device loop0): auto enabling async discard [pid 12505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 220.881076][T12450] BTRFS info (device loop0): rebuilding free space tree [pid 12528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 220.959175][T12450] BTRFS info (device loop0): disabling free space tree [ 220.966091][T12450] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 221.030818][T12450] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 221.100836][T12450] BTRFS info (device loop0): checking UUID tree [pid 12532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12450] <... mount resumed>) = 0 [pid 12450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12450] chdir("./file0") = 0 [pid 12450] ioctl(4, LOOP_CLR_FD) = 0 [pid 12450] close(4) = 0 [pid 12450] open("./file0", O_RDONLY) = 4 [pid 12450] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12450] open("./file0", O_RDONLY) = 5 [pid 12450] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12450] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12450] exit_group(0) = ? [pid 12450] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12450, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=23 /* 0.23 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./67/binderfs") = 0 [ 221.263349][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12505] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12505] munmap(0x7fda9371b000, 138412032 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... umount2 resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12505] <... munmap resumed>) = 0 [pid 5067] getdents64(4, [pid 5064] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... close resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./67/file0", [pid 5067] rmdir("./68/file0") = 0 [pid 5067] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] close(3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] rmdir("./68" [pid 5064] <... openat resumed>) = 4 [pid 12505] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] <... rmdir resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 5067] mkdir("./69", 0777 [pid 12505] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12505] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... mkdir resumed>) = 0 [pid 5064] getdents64(4, [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5064] getdents64(4, [pid 12526] <... write resumed>) = 16777216 [pid 12505] <... ioctl resumed>) = 0 [pid 5067] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 12526] munmap(0x7fda9371b000, 138412032 [pid 5067] close(3 [pid 5064] close(4) = 0 [pid 12505] close(3 [pid 5064] rmdir("./67/file0" [pid 12505] <... close resumed>) = 0 [pid 12505] mkdir("./file0", 0777) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 12505] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12526] <... munmap resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5064] getdents64(3, [pid 12526] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12526] <... openat resumed>) = 4 [pid 5064] close(3 [pid 12526] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... close resumed>) = 0 [ 221.402054][T12505] loop2: detected capacity change from 0 to 32768 [ 221.426040][T12505] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12505) [pid 5064] rmdir("./67") = 0 [pid 12526] <... ioctl resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] mkdir("./68", 0777 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 12549 [pid 5064] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 12549 attached [pid 12526] close(3 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12549] set_robust_list(0x555557145760, 24 [pid 12526] <... close resumed>) = 0 [pid 12549] <... set_robust_list resumed>) = 0 [pid 12528] <... write resumed>) = 16777216 [pid 12526] mkdir("./file0", 0777 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 12549] chdir("./69" [pid 12528] munmap(0x7fda9371b000, 138412032 [pid 5064] <... ioctl resumed>) = 0 [pid 12549] <... chdir resumed>) = 0 [pid 5064] close(3 [pid 12549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12549] setpgid(0, 0./strace-static-x86_64: Process 12550 attached ) = 0 [pid 12526] <... mkdir resumed>) = 0 [pid 12550] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 12550 [pid 12550] chdir("./68" [pid 12549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12528] <... munmap resumed>) = 0 [pid 12526] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12550] <... chdir resumed>) = 0 [ 221.470091][T12526] loop1: detected capacity change from 0 to 32768 [ 221.500177][T12505] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 12528] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 12528] ioctl(4, LOOP_SET_FD, 3 [pid 12550] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12549] <... openat resumed>) = 3 [pid 12550] <... prctl resumed>) = 0 [pid 12549] write(3, "1000", 4 [pid 12550] setpgid(0, 0 [pid 12549] <... write resumed>) = 4 [pid 12550] <... setpgid resumed>) = 0 [pid 12549] close(3 [pid 12550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12549] <... close resumed>) = 0 [pid 12549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12550] <... openat resumed>) = 3 [pid 12549] memfd_create("syzkaller", 0 [pid 12550] write(3, "1000", 4) = 4 [pid 12549] <... memfd_create resumed>) = 3 [pid 12550] close(3) = 0 [pid 12549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12528] <... ioctl resumed>) = 0 [pid 12528] close(3) = 0 [pid 12528] mkdir("./file0", 0777) = 0 [ 221.526818][T12526] BTRFS: device /dev/loop1 using temp-fsid 2b70d911-168b-4d22-bf39-ddb32382f6ef [ 221.529901][T12528] loop5: detected capacity change from 0 to 32768 [ 221.542813][T12526] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12526) [ 221.549035][T12505] BTRFS info (device loop2): force clearing of disk cache [pid 12528] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12550] symlink("/dev/binderfs", "./binderfs" [pid 12532] <... write resumed>) = 16777216 [pid 12550] <... symlink resumed>) = 0 [pid 12550] memfd_create("syzkaller", 0) = 3 [pid 12532] munmap(0x7fda9371b000, 138412032 [pid 12550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 221.584768][T12505] BTRFS info (device loop2): setting nodatasum [ 221.585691][T12526] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 221.591105][T12528] BTRFS: device /dev/loop5 using temp-fsid 6392875d-fa6c-4ad6-a817-4b87e71bd042 [ 221.617264][T12505] BTRFS info (device loop2): allowing degraded mounts [pid 12532] <... munmap resumed>) = 0 [pid 12532] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12532] close(3) = 0 [pid 12532] mkdir("./file0", 0777) = 0 [ 221.631400][T12526] BTRFS info (device loop1): force clearing of disk cache [ 221.633055][T12505] BTRFS info (device loop2): enabling disk space caching [ 221.638565][T12526] BTRFS info (device loop1): setting nodatasum [ 221.646474][T12528] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12528) [ 221.666607][T12532] loop4: detected capacity change from 0 to 32768 [ 221.674249][T12505] BTRFS info (device loop2): disk space caching is enabled [ 221.690980][T12526] BTRFS info (device loop1): allowing degraded mounts [ 221.700811][T12532] BTRFS: device /dev/loop4 using temp-fsid ae8674f9-5830-464f-b332-0402115ae987 [ 221.720320][T12528] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 221.730064][T12526] BTRFS info (device loop1): enabling disk space caching [ 221.757262][T12532] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12532) [ 221.774044][T12526] BTRFS info (device loop1): disk space caching is enabled [ 221.783037][T12528] BTRFS info (device loop5): force clearing of disk cache [ 221.790423][T12528] BTRFS info (device loop5): setting nodatasum [ 221.796593][T12528] BTRFS info (device loop5): allowing degraded mounts [ 221.803544][T12528] BTRFS info (device loop5): enabling disk space caching [ 221.815068][T12532] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 221.824884][T12532] BTRFS info (device loop4): force clearing of disk cache [ 221.832797][T12532] BTRFS info (device loop4): setting nodatasum [ 221.839592][T12532] BTRFS info (device loop4): allowing degraded mounts [ 221.846446][T12532] BTRFS info (device loop4): enabling disk space caching [pid 12532] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 221.850584][T12528] BTRFS info (device loop5): disk space caching is enabled [ 221.861564][T12532] BTRFS info (device loop4): disk space caching is enabled [ 221.890991][T12505] BTRFS info (device loop2): enabling ssd optimizations [pid 12549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 221.913502][T12505] BTRFS info (device loop2): auto enabling async discard [ 221.938290][T12505] BTRFS info (device loop2): rebuilding free space tree [ 221.980235][T12526] BTRFS info (device loop1): enabling ssd optimizations [ 222.006064][T12505] BTRFS info (device loop2): disabling free space tree [ 222.014116][T12526] BTRFS info (device loop1): auto enabling async discard [ 222.025498][T12505] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 222.036167][T12505] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 222.051129][T12505] BTRFS info (device loop2): checking UUID tree [ 222.069506][T12526] BTRFS info (device loop1): rebuilding free space tree [pid 12550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12505] <... mount resumed>) = 0 [pid 12505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12505] chdir("./file0") = 0 [pid 12505] ioctl(4, LOOP_CLR_FD) = 0 [pid 12505] close(4) = 0 [pid 12505] open("./file0", O_RDONLY) = 4 [pid 12505] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 222.080269][T12532] BTRFS info (device loop4): enabling ssd optimizations [ 222.089339][T12528] BTRFS info (device loop5): enabling ssd optimizations [ 222.117495][T12532] BTRFS info (device loop4): auto enabling async discard [pid 12505] open("./file0", O_RDONLY) = 5 [pid 12505] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12505] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12505] exit_group(0) = ? [pid 12505] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12505, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5066] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./69/binderfs") = 0 [ 222.137865][T12526] BTRFS info (device loop1): disabling free space tree [ 222.142427][T12528] BTRFS info (device loop5): auto enabling async discard [ 222.149403][T12526] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 222.164673][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 222.179824][T12532] BTRFS info (device loop4): rebuilding free space tree [pid 5066] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12550] <... write resumed>) = 16777216 [pid 12550] munmap(0x7fda9371b000, 138412032) = 0 [ 222.185382][T12528] BTRFS info (device loop5): rebuilding free space tree [ 222.223211][T12526] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 12550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 12550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12550] close(3) = 0 [pid 12550] mkdir("./file0", 0777) = 0 [ 222.237460][T12532] BTRFS info (device loop4): disabling free space tree [ 222.245257][T12550] loop0: detected capacity change from 0 to 32768 [ 222.264744][T12532] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12550] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12549] <... write resumed>) = 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./69/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./69") = 0 [pid 5066] mkdir("./70", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12613 attached [pid 12613] set_robust_list(0x555557145760, 24) = 0 [ 222.285851][T12528] BTRFS info (device loop5): disabling free space tree [ 222.295200][T12526] BTRFS info (device loop1): checking UUID tree [ 222.310222][T12532] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 222.324246][T12550] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12550) [pid 12613] chdir("./70" [pid 12549] munmap(0x7fda9371b000, 138412032 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 12613 [pid 12613] <... chdir resumed>) = 0 [pid 12613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12613] setpgid(0, 0) = 0 [pid 12613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12613] write(3, "1000", 4 [pid 12549] <... munmap resumed>) = 0 [pid 12613] <... write resumed>) = 4 [pid 12549] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12613] close(3 [pid 12549] <... openat resumed>) = 4 [pid 12613] <... close resumed>) = 0 [pid 12613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12549] ioctl(4, LOOP_SET_FD, 3 [pid 12613] memfd_create("syzkaller", 0) = 3 [pid 12613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12526] <... mount resumed>) = 0 [pid 12526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12526] chdir("./file0") = 0 [pid 12526] ioctl(4, LOOP_CLR_FD) = 0 [pid 12526] close(4) = 0 [pid 12526] open("./file0", O_RDONLY) = 4 [ 222.328283][T12528] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 222.356040][T12549] loop3: detected capacity change from 0 to 32768 [ 222.371494][T12532] BTRFS info (device loop4): checking UUID tree [pid 12526] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12549] <... ioctl resumed>) = 0 [pid 12549] close(3) = 0 [pid 12526] <... ioctl resumed>) = 0 [pid 12526] open("./file0", O_RDONLY) = 5 [ 222.384523][T12550] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 12526] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12549] mkdir("./file0", 0777 [pid 12526] <... ioctl resumed>) = 0 [pid 12526] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12526] exit_group(0 [pid 12549] <... mkdir resumed>) = 0 [pid 12549] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12526] <... exit_group resumed>) = ? [pid 12526] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12526, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5065] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./69/binderfs") = 0 [ 222.410570][T12550] BTRFS info (device loop0): force clearing of disk cache [ 222.415333][T12528] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 222.423414][T12550] BTRFS info (device loop0): setting nodatasum [ 222.435565][T12549] BTRFS: device /dev/loop3 using temp-fsid 6e2359e5-549b-4b72-a02f-2f9233e22445 [ 222.449960][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12532] <... mount resumed>) = 0 [pid 12532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12532] chdir("./file0") = 0 [pid 12532] ioctl(4, LOOP_CLR_FD) = 0 [pid 12532] close(4) = 0 [ 222.461395][T12549] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12549) [ 222.477420][T12550] BTRFS info (device loop0): allowing degraded mounts [pid 12532] open("./file0", O_RDONLY) = 4 [pid 12532] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12528] <... mount resumed>) = 0 [ 222.502249][T12528] BTRFS info (device loop5): checking UUID tree [ 222.506017][T12550] BTRFS info (device loop0): enabling disk space caching [pid 12532] <... ioctl resumed>) = 0 [pid 12528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12532] open("./file0", O_RDONLY [pid 12528] <... openat resumed>) = 3 [pid 12528] chdir("./file0") = 0 [pid 12532] <... open resumed>) = 5 [pid 12528] ioctl(4, LOOP_CLR_FD) = 0 [pid 12528] close(4) = 0 [pid 12528] open("./file0", O_RDONLY) = 4 [pid 12528] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 222.548985][T12550] BTRFS info (device loop0): disk space caching is enabled [ 222.556344][T12549] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 222.560879][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 222.567693][T12549] BTRFS info (device loop3): force clearing of disk cache [pid 12532] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12532] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 222.593871][T12549] BTRFS info (device loop3): setting nodatasum [pid 12532] exit_group(0 [pid 12528] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 12532] <... exit_group resumed>) = ? [pid 5065] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12532] +++ exited with 0 +++ [pid 5065] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12528] open("./file0", O_RDONLY [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12532, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=42 /* 0.42 s */} --- [pid 5065] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12528] <... open resumed>) = 5 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... openat resumed>) = 4 [pid 12528] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(4, "", [pid 12528] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 12528] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 222.628790][T12549] BTRFS info (device loop3): allowing degraded mounts [ 222.635692][T12549] BTRFS info (device loop3): enabling disk space caching [pid 5065] getdents64(4, [pid 12528] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] getdents64(3, [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 12528] exit_group(0) = ? [pid 12528] +++ exited with 0 +++ [pid 5065] <... close resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12528, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./69/binderfs") = 0 [pid 5069] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./69/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5068] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./69/binderfs") = 0 [pid 5065] rmdir("./69" [pid 5068] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./70", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12631 attached [pid 12631] set_robust_list(0x555557145760, 24) = 0 [ 222.678830][T12549] BTRFS info (device loop3): disk space caching is enabled [ 222.699646][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 12631] chdir("./70" [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 12631 [pid 12631] <... chdir resumed>) = 0 [pid 12631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12631] setpgid(0, 0) = 0 [pid 12631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12631] write(3, "1000", 4) = 4 [pid 12631] close(3) = 0 [pid 12631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12631] memfd_create("syzkaller", 0) = 3 [pid 12631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 222.838957][T12550] BTRFS info (device loop0): enabling ssd optimizations [ 222.845930][T12550] BTRFS info (device loop0): auto enabling async discard [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 12613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5068] <... umount2 resumed>) = 0 [ 222.899183][T12549] BTRFS info (device loop3): enabling ssd optimizations [ 222.906138][T12549] BTRFS info (device loop3): auto enabling async discard [ 222.934751][T12550] BTRFS info (device loop0): rebuilding free space tree [pid 5069] rmdir("./69/file0" [pid 5068] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] getdents64(3, [pid 5068] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./69/file0" [pid 5069] close(3 [pid 5068] <... rmdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5068] getdents64(3, [pid 5069] rmdir("./69" [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5068] close(3 [pid 5069] mkdir("./70", 0777 [pid 5068] <... close resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5068] rmdir("./69") = 0 [pid 5068] mkdir("./70", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5069] <... openat resumed>) = 3 [pid 5068] <... ioctl resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] close(3 [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5068] <... close resumed>) = 0 [pid 5069] close(3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... close resumed>) = 0 ./strace-static-x86_64: Process 12651 attached [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12651 [pid 12651] set_robust_list(0x555557145760, 24) = 0 [pid 12651] chdir("./70"./strace-static-x86_64: Process 12652 attached ) = 0 [pid 12652] set_robust_list(0x555557145760, 24 [pid 12651] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12652] <... set_robust_list resumed>) = 0 [pid 12651] <... prctl resumed>) = 0 [pid 12652] chdir("./70" [pid 12651] setpgid(0, 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12652 [pid 12651] <... setpgid resumed>) = 0 [pid 12651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12651] write(3, "1000", 4) = 4 [pid 12651] close(3) = 0 [ 222.979823][T12549] BTRFS info (device loop3): rebuilding free space tree [ 222.989333][T12550] BTRFS info (device loop0): disabling free space tree [ 222.996666][T12550] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12651] symlink("/dev/binderfs", "./binderfs" [pid 12652] <... chdir resumed>) = 0 [pid 12651] <... symlink resumed>) = 0 [pid 12652] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12651] memfd_create("syzkaller", 0 [pid 12652] <... prctl resumed>) = 0 [pid 12651] <... memfd_create resumed>) = 3 [pid 12652] setpgid(0, 0 [pid 12651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12652] <... setpgid resumed>) = 0 [pid 12651] <... mmap resumed>) = 0x7fda9371b000 [pid 12652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12652] write(3, "1000", 4) = 4 [pid 12652] close(3) = 0 [pid 12652] symlink("/dev/binderfs", "./binderfs") = 0 [ 223.038990][T12549] BTRFS info (device loop3): disabling free space tree [ 223.045900][T12549] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12652] memfd_create("syzkaller", 0) = 3 [pid 12652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 223.079598][T12550] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 223.139460][T12549] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 223.191227][T12550] BTRFS info (device loop0): checking UUID tree [ 223.200819][T12549] BTRFS info (device loop3): checking UUID tree [pid 12550] <... mount resumed>) = 0 [pid 12550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12550] chdir("./file0" [pid 12549] <... mount resumed>) = 0 [pid 12550] <... chdir resumed>) = 0 [pid 12549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12550] ioctl(4, LOOP_CLR_FD [pid 12549] <... openat resumed>) = 3 [pid 12550] <... ioctl resumed>) = 0 [pid 12549] chdir("./file0" [pid 12550] close(4) = 0 [pid 12550] open("./file0", O_RDONLY) = 4 [pid 12550] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12549] <... chdir resumed>) = 0 [pid 12549] ioctl(4, LOOP_CLR_FD) = 0 [pid 12549] close(4) = 0 [pid 12549] open("./file0", O_RDONLY) = 4 [pid 12549] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12550] <... ioctl resumed>) = 0 [pid 12550] open("./file0", O_RDONLY) = 5 [pid 12550] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12550] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12550] exit_group(0) = ? [pid 12550] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12550, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5064] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 12631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12549] <... ioctl resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./68/binderfs") = 0 [pid 5064] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12549] open("./file0", O_RDONLY) = 5 [pid 12549] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 223.370808][ T2497] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 12549] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12549] exit_group(0) = ? [pid 12549] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12549, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 223.416885][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] unlink("./69/binderfs") = 0 [pid 5067] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./68/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./68") = 0 [pid 5064] mkdir("./69", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12657 ./strace-static-x86_64: Process 12657 attached [pid 12657] set_robust_list(0x555557145760, 24) = 0 [pid 12657] chdir("./69") = 0 [pid 12657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12657] setpgid(0, 0) = 0 [pid 12657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12657] write(3, "1000", 4) = 4 [pid 12657] close(3) = 0 [pid 12657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12657] memfd_create("syzkaller", 0) = 3 [pid 12613] <... write resumed>) = 16777216 [pid 12657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12613] munmap(0x7fda9371b000, 138412032) = 0 [pid 12613] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12613] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 12613] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 223.820266][T12613] loop2: detected capacity change from 0 to 32768 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 12613] close(3 [pid 5067] close(4 [pid 12613] <... close resumed>) = 0 [pid 12613] mkdir("./file0", 0777 [pid 5067] <... close resumed>) = 0 [pid 12613] <... mkdir resumed>) = 0 [pid 5067] rmdir("./69/file0") = 0 [pid 12613] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./69") = 0 [pid 5067] mkdir("./70", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12658 attached [pid 12658] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 12658 [pid 12658] <... set_robust_list resumed>) = 0 [pid 12658] chdir("./70") = 0 [pid 12658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12658] setpgid(0, 0) = 0 [pid 12658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12658] write(3, "1000", 4) = 4 [pid 12658] close(3) = 0 [pid 12658] symlink("/dev/binderfs", "./binderfs") = 0 [ 223.921180][T12613] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12613) [pid 12658] memfd_create("syzkaller", 0) = 3 [pid 12658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12631] <... write resumed>) = 16777216 [ 224.004931][T12613] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 12631] munmap(0x7fda9371b000, 138412032) = 0 [ 224.049527][T12613] BTRFS info (device loop2): force clearing of disk cache [ 224.088773][T12613] BTRFS info (device loop2): setting nodatasum [pid 12631] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12631] close(3) = 0 [ 224.095049][T12613] BTRFS info (device loop2): allowing degraded mounts [ 224.112493][T12631] loop1: detected capacity change from 0 to 32768 [ 224.124097][T12613] BTRFS info (device loop2): enabling disk space caching [pid 12651] <... write resumed>) = 16777216 [pid 12631] mkdir("./file0", 0777) = 0 [pid 12651] munmap(0x7fda9371b000, 138412032 [pid 12631] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12651] <... munmap resumed>) = 0 [ 224.152353][T12613] BTRFS info (device loop2): disk space caching is enabled [ 224.185137][T12631] BTRFS: device /dev/loop1 using temp-fsid 3be7a453-c28d-4a24-8e87-a732a9df7aaa [pid 12651] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12651] close(3) = 0 [pid 12651] mkdir("./file0", 0777) = 0 [ 224.207321][T12651] loop4: detected capacity change from 0 to 32768 [ 224.218815][T12631] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12631) [pid 12651] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12652] <... write resumed>) = 16777216 [pid 12652] munmap(0x7fda9371b000, 138412032) = 0 [pid 12652] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 12652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12652] close(3) = 0 [pid 12652] mkdir("./file0", 0777) = 0 [ 224.313702][T12651] BTRFS: device /dev/loop4 using temp-fsid 307f673f-2362-4135-90f9-5d13a62f9090 [ 224.324704][T12631] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 224.342835][T12652] loop5: detected capacity change from 0 to 32768 [ 224.358905][T12651] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12651) [ 224.374442][T12631] BTRFS info (device loop1): force clearing of disk cache [ 224.415819][T12652] BTRFS: device /dev/loop5 using temp-fsid 8258786f-9e7c-45ef-ad05-b4c1090f0924 [ 224.427333][T12652] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12652) [pid 12652] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12613] <... mount resumed>) = 0 [pid 12613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12613] chdir("./file0") = 0 [pid 12613] ioctl(4, LOOP_CLR_FD) = 0 [pid 12613] close(4) = 0 [pid 12613] open("./file0", O_RDONLY) = 4 [pid 12613] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12613] open("./file0", O_RDONLY) = 5 [pid 12613] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12613] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12613] exit_group(0) = ? [pid 12613] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12613, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 5066] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./70/binderfs") = 0 [pid 5066] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12631] <... mount resumed>) = 0 [pid 12631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12631] chdir("./file0") = 0 [pid 12631] ioctl(4, LOOP_CLR_FD) = 0 [pid 12631] close(4) = 0 [pid 12631] open("./file0", O_RDONLY) = 4 [pid 12631] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12631] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12631] open("./file0", O_RDONLY [pid 5066] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12631] <... open resumed>) = 5 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 12631] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12631] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 12631] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... close resumed>) = 0 [pid 12631] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] rmdir("./70/file0" [pid 12631] exit_group(0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./70" [pid 12631] <... exit_group resumed>) = ? [pid 5066] <... rmdir resumed>) = 0 [pid 12631] +++ exited with 0 +++ [pid 5066] mkdir("./71", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12631, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5066] <... openat resumed>) = 3 [pid 5065] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12658] <... write resumed>) = 16777216 [pid 12652] <... mount resumed>) = 0 [pid 12651] <... mount resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12658] munmap(0x7fda9371b000, 138412032 [pid 12652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] close(3 [pid 5065] <... openat resumed>) = 3 [pid 12652] <... openat resumed>) = 3 [pid 12651] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 12652] chdir("./file0" [pid 12651] chdir("./file0" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12658] <... munmap resumed>) = 0 [pid 12652] <... chdir resumed>) = 0 [pid 12651] <... chdir resumed>) = 0 [pid 5065] getdents64(3, [pid 12652] ioctl(4, LOOP_CLR_FD [pid 12651] ioctl(4, LOOP_CLR_FD [pid 12652] <... ioctl resumed>) = 0 [pid 12651] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 12724 attached [pid 12652] close(4 [pid 12651] close(4 [pid 5065] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12724] set_robust_list(0x555557145760, 24 [pid 12658] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12652] <... close resumed>) = 0 [pid 12651] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 12724 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12724] <... set_robust_list resumed>) = 0 [pid 12658] <... openat resumed>) = 4 [pid 12652] open("./file0", O_RDONLY [pid 12651] open("./file0", O_RDONLY [pid 5065] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./70/binderfs") = 0 [pid 12652] <... open resumed>) = 4 [pid 12651] <... open resumed>) = 4 [pid 12651] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12658] ioctl(4, LOOP_SET_FD, 3 [pid 12652] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12724] chdir("./71") = 0 [pid 12724] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12651] <... ioctl resumed>) = 0 [pid 12724] <... prctl resumed>) = 0 [pid 12651] open("./file0", O_RDONLY [pid 12724] setpgid(0, 0 [pid 12651] <... open resumed>) = 5 [pid 12724] <... setpgid resumed>) = 0 [pid 12651] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12658] <... ioctl resumed>) = 0 [pid 12724] <... openat resumed>) = 3 [pid 12658] close(3 [pid 12724] write(3, "1000", 4 [pid 12658] <... close resumed>) = 0 [pid 12724] <... write resumed>) = 4 [pid 12724] close(3) = 0 [pid 12658] mkdir("./file0", 0777 [pid 12724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12658] <... mkdir resumed>) = 0 [pid 12652] <... ioctl resumed>) = 0 [pid 12724] memfd_create("syzkaller", 0 [pid 12652] open("./file0", O_RDONLY [pid 12724] <... memfd_create resumed>) = 3 [pid 12652] <... open resumed>) = 5 [pid 12724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12652] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12724] <... mmap resumed>) = 0x7fda9371b000 [pid 12658] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12652] <... ioctl resumed>) = 0 [ 224.817066][T12658] loop3: detected capacity change from 0 to 32768 [pid 12651] <... ioctl resumed>) = 0 [pid 12657] <... write resumed>) = 16777216 [pid 12652] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12651] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12652] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12651] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12652] exit_group(0 [pid 12651] exit_group(0 [pid 12652] <... exit_group resumed>) = ? [pid 12651] <... exit_group resumed>) = ? [pid 12657] munmap(0x7fda9371b000, 138412032 [pid 12652] +++ exited with 0 +++ [pid 12651] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12651, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12652, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5069] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./70/binderfs", [pid 5069] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5068] unlink("./70/binderfs" [pid 12657] <... munmap resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5068] <... unlink resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12657] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] getdents64(3, [pid 5068] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12657] <... openat resumed>) = 4 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./70/binderfs", [pid 12657] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 224.858400][T12658] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12658) [pid 5069] unlink("./70/binderfs") = 0 [pid 5069] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12657] <... ioctl resumed>) = 0 [pid 12657] close(3) = 0 [pid 12657] mkdir("./file0", 0777) = 0 [ 224.902636][T12657] loop0: detected capacity change from 0 to 32768 [ 224.956376][T12657] BTRFS: device /dev/loop0 using temp-fsid 5f72aeba-d57f-4bb1-ba91-68b64317c311 [ 225.013557][T12657] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12657) [pid 12657] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... umount2 resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5069] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./70/file0", [pid 5065] newfstatat(AT_FDCWD, "./70/file0", [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] newfstatat(AT_FDCWD, "./70/file0", [pid 5065] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(4, "", [pid 5069] <... openat resumed>) = 4 [pid 5068] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] newfstatat(4, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5068] <... openat resumed>) = 4 [pid 5065] getdents64(4, [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] newfstatat(4, "", [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(4, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(4 [pid 5068] getdents64(4, [pid 5065] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] rmdir("./70/file0" [pid 5069] close(4) = 0 [pid 5069] rmdir("./70/file0") = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, [pid 5068] getdents64(4, [pid 5065] getdents64(3, [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5068] close(4 [pid 5065] close(3 [pid 5069] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5069] rmdir("./70" [pid 5068] rmdir("./70/file0" [pid 5065] <... close resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] rmdir("./70" [pid 5069] mkdir("./71", 0777 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5068] close(3 [pid 5065] mkdir("./71", 0777 [pid 12724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... close resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5068] rmdir("./70" [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] <... rmdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5069] <... openat resumed>) = 3 [pid 5065] <... ioctl resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] mkdir("./71", 0777 [pid 5065] close(3 [pid 5069] <... ioctl resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5069] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 12756 ./strace-static-x86_64: Process 12757 attached ./strace-static-x86_64: Process 12756 attached [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12756] set_robust_list(0x555557145760, 24 [pid 5068] <... openat resumed>) = 3 [pid 12756] <... set_robust_list resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 12756] chdir("./71" [pid 5068] <... ioctl resumed>) = 0 [pid 12756] <... chdir resumed>) = 0 [pid 5068] close(3 [pid 12757] set_robust_list(0x555557145760, 24 [pid 12756] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... close resumed>) = 0 [pid 12757] <... set_robust_list resumed>) = 0 [pid 12756] <... prctl resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12757 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12757] chdir("./71") = 0 [pid 12756] setpgid(0, 0 [pid 12757] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12756] <... setpgid resumed>) = 0 [pid 12757] <... prctl resumed>) = 0 [pid 12756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 12760 attached [pid 12757] setpgid(0, 0 [pid 12756] <... openat resumed>) = 3 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12760 [pid 12756] write(3, "1000", 4) = 4 [pid 12756] close(3) = 0 [pid 12756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12756] memfd_create("syzkaller", 0 [pid 12760] set_robust_list(0x555557145760, 24 [pid 12757] <... setpgid resumed>) = 0 [pid 12760] <... set_robust_list resumed>) = 0 [pid 12757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12756] <... memfd_create resumed>) = 3 [pid 12658] <... mount resumed>) = 0 [pid 12760] chdir("./71" [pid 12757] <... openat resumed>) = 3 [pid 12756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12760] <... chdir resumed>) = 0 [pid 12757] write(3, "1000", 4 [pid 12756] <... mmap resumed>) = 0x7fda9371b000 [pid 12658] <... openat resumed>) = 3 [pid 12760] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12757] <... write resumed>) = 4 [pid 12760] <... prctl resumed>) = 0 [pid 12757] close(3 [pid 12658] chdir("./file0" [pid 12760] setpgid(0, 0 [pid 12757] <... close resumed>) = 0 [pid 12658] <... chdir resumed>) = 0 [pid 12658] ioctl(4, LOOP_CLR_FD [pid 12757] symlink("/dev/binderfs", "./binderfs" [pid 12658] <... ioctl resumed>) = 0 [pid 12757] <... symlink resumed>) = 0 [pid 12658] close(4 [pid 12760] <... setpgid resumed>) = 0 [pid 12757] memfd_create("syzkaller", 0 [pid 12658] <... close resumed>) = 0 [pid 12760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12658] open("./file0", O_RDONLY [pid 12760] <... openat resumed>) = 3 [pid 12658] <... open resumed>) = 4 [pid 12658] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12760] write(3, "1000", 4 [pid 12757] <... memfd_create resumed>) = 3 [pid 12760] <... write resumed>) = 4 [pid 12757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12760] close(3 [pid 12757] <... mmap resumed>) = 0x7fda9371b000 [pid 12760] <... close resumed>) = 0 [pid 12760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12760] memfd_create("syzkaller", 0) = 3 [pid 12760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12658] <... ioctl resumed>) = 0 [pid 12658] open("./file0", O_RDONLY) = 5 [pid 12658] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12657] <... mount resumed>) = 0 [pid 12658] <... ioctl resumed>) = 0 [pid 12658] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12658] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12657] <... openat resumed>) = 3 [pid 12658] exit_group(0 [pid 12657] chdir("./file0" [pid 12658] <... exit_group resumed>) = ? [pid 12657] <... chdir resumed>) = 0 [pid 12658] +++ exited with 0 +++ [pid 12657] ioctl(4, LOOP_CLR_FD) = 0 [pid 12657] close(4 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12658, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 12657] <... close resumed>) = 0 [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 12657] open("./file0", O_RDONLY) = 4 [pid 5067] <... restart_syscall resumed>) = 0 [pid 12657] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./70/binderfs") = 0 [pid 5067] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12657] <... ioctl resumed>) = 0 [pid 12657] open("./file0", O_RDONLY) = 5 [pid 12657] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12657] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12657] exit_group(0) = ? [pid 12657] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12657, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 5064] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./69/binderfs") = 0 [pid 5064] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./70/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./70") = 0 [pid 5067] mkdir("./71", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12765 ./strace-static-x86_64: Process 12765 attached [pid 12765] set_robust_list(0x555557145760, 24) = 0 [pid 12756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12765] chdir("./71") = 0 [pid 12765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12765] setpgid(0, 0) = 0 [pid 12765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12765] write(3, "1000", 4) = 4 [pid 12765] close(3) = 0 [pid 12765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12765] memfd_create("syzkaller", 0) = 3 [pid 12765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./69/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./69") = 0 [pid 5064] mkdir("./70", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12766 attached , child_tidptr=0x555557145750) = 12766 [pid 12766] set_robust_list(0x555557145760, 24) = 0 [pid 12757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12766] chdir("./70") = 0 [pid 12766] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12724] <... write resumed>) = 16777216 [pid 12766] <... prctl resumed>) = 0 [pid 12724] munmap(0x7fda9371b000, 138412032 [pid 12766] setpgid(0, 0 [pid 12724] <... munmap resumed>) = 0 [pid 12766] <... setpgid resumed>) = 0 [pid 12766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12766] write(3, "1000", 4 [pid 12724] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 12766] <... write resumed>) = 4 [pid 12724] ioctl(4, LOOP_SET_FD, 3 [pid 12766] close(3) = 0 [pid 12766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12766] memfd_create("syzkaller", 0) = 3 [pid 12766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12724] <... ioctl resumed>) = 0 [pid 12724] close(3) = 0 [pid 12724] mkdir("./file0", 0777) = 0 [ 226.122648][T12724] loop2: detected capacity change from 0 to 32768 [ 226.171276][T12724] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12724) [pid 12724] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 226.251678][T12724] _btrfs_printk: 76 callbacks suppressed [ 226.251690][T12724] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 226.322021][T12724] BTRFS info (device loop2): force clearing of disk cache [ 226.359690][T12724] BTRFS info (device loop2): setting nodatasum [pid 12765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12760] <... write resumed>) = 16777216 [pid 12756] <... write resumed>) = 16777216 [pid 12756] munmap(0x7fda9371b000, 138412032 [pid 12760] munmap(0x7fda9371b000, 138412032 [pid 12756] <... munmap resumed>) = 0 [ 226.388951][T12724] BTRFS info (device loop2): allowing degraded mounts [ 226.395727][T12724] BTRFS info (device loop2): enabling disk space caching [pid 12760] <... munmap resumed>) = 0 [pid 12756] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12760] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12756] ioctl(4, LOOP_SET_FD, 3 [pid 12760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12756] <... ioctl resumed>) = 0 [pid 12760] close(3 [pid 12756] close(3 [pid 12760] <... close resumed>) = 0 [pid 12756] <... close resumed>) = 0 [pid 12760] mkdir("./file0", 0777 [pid 12756] mkdir("./file0", 0777 [pid 12760] <... mkdir resumed>) = 0 [pid 12756] <... mkdir resumed>) = 0 [ 226.444967][T12724] BTRFS info (device loop2): disk space caching is enabled [ 226.480711][T12756] loop1: detected capacity change from 0 to 32768 [ 226.487511][T12760] loop4: detected capacity change from 0 to 32768 [pid 12760] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12756] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12757] <... write resumed>) = 16777216 [pid 12757] munmap(0x7fda9371b000, 138412032) = 0 [pid 12757] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 226.512269][T12756] BTRFS: device /dev/loop1 using temp-fsid b030c990-3001-4d20-bc59-7d7c175c0991 [ 226.533751][T12756] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12756) [pid 12757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12757] close(3) = 0 [pid 12757] mkdir("./file0", 0777) = 0 [ 226.561057][T12757] loop5: detected capacity change from 0 to 32768 [ 226.581078][T12760] BTRFS: device /dev/loop4 using temp-fsid ce01611f-ecee-4d6d-88d0-9e771c6c2873 [ 226.592627][T12756] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 226.608804][T12760] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12760) [ 226.621948][T12756] BTRFS info (device loop1): force clearing of disk cache [ 226.640663][T12756] BTRFS info (device loop1): setting nodatasum [ 226.641540][T12757] BTRFS: device /dev/loop5 using temp-fsid 20ca4f35-2e56-4477-aee4-806e34f810bd [ 226.650471][T12756] BTRFS info (device loop1): allowing degraded mounts [ 226.665089][T12756] BTRFS info (device loop1): enabling disk space caching [ 226.669132][T12760] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 226.673615][T12756] BTRFS info (device loop1): disk space caching is enabled [ 226.717211][T12757] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12757) [ 226.742797][T12760] BTRFS info (device loop4): force clearing of disk cache [ 226.775197][T12760] BTRFS info (device loop4): setting nodatasum [ 226.799681][T12757] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 226.803948][T12760] BTRFS info (device loop4): allowing degraded mounts [ 226.816420][T12757] BTRFS info (device loop5): force clearing of disk cache [ 226.829258][T12757] BTRFS info (device loop5): setting nodatasum [ 226.836402][T12756] BTRFS info (device loop1): enabling ssd optimizations [ 226.844787][T12756] BTRFS info (device loop1): auto enabling async discard [ 226.845751][T12724] BTRFS info (device loop2): enabling ssd optimizations [ 226.853431][T12757] BTRFS info (device loop5): allowing degraded mounts [ 226.868783][T12757] BTRFS info (device loop5): enabling disk space caching [pid 12757] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12765] <... write resumed>) = 16777216 [pid 12765] munmap(0x7fda9371b000, 138412032) = 0 [ 226.868811][T12760] BTRFS info (device loop4): enabling disk space caching [ 226.875834][T12760] BTRFS info (device loop4): disk space caching is enabled [ 226.890417][T12756] BTRFS info (device loop1): rebuilding free space tree [ 226.897504][T12724] BTRFS info (device loop2): auto enabling async discard [ 226.900187][T12757] BTRFS info (device loop5): disk space caching is enabled [pid 12765] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 12765] ioctl(4, LOOP_SET_FD, 3) = 0 [ 226.923253][T12724] BTRFS info (device loop2): rebuilding free space tree [ 226.923446][T12756] BTRFS info (device loop1): disabling free space tree [ 226.935346][T12724] BTRFS info (device loop2): disabling free space tree [ 226.945275][T12724] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 226.955360][T12765] loop3: detected capacity change from 0 to 32768 [ 226.962594][T12724] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 12765] close(3) = 0 [pid 12765] mkdir("./file0", 0777) = 0 [ 226.964723][T12756] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 226.986060][T12724] BTRFS info (device loop2): checking UUID tree [ 226.989337][T12756] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 226.993490][T12765] BTRFS: device /dev/loop3 using temp-fsid 6e3c5f9d-ebdc-49ff-b510-9d9a4f3517cb [ 227.014748][T12765] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12765) [pid 12765] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12766] <... write resumed>) = 16777216 [pid 12724] <... mount resumed>) = 0 [pid 12766] munmap(0x7fda9371b000, 138412032 [pid 12724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12724] chdir("./file0") = 0 [pid 12724] ioctl(4, LOOP_CLR_FD [pid 12766] <... munmap resumed>) = 0 [pid 12756] <... mount resumed>) = 0 [pid 12756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12756] chdir("./file0") = 0 [pid 12756] ioctl(4, LOOP_CLR_FD) = 0 [pid 12766] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12756] close(4 [pid 12724] <... ioctl resumed>) = 0 [pid 12766] <... openat resumed>) = 4 [pid 12756] <... close resumed>) = 0 [ 227.020660][T12756] BTRFS info (device loop1): checking UUID tree [ 227.042393][T12765] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 227.051771][T12765] BTRFS info (device loop3): force clearing of disk cache [ 227.059333][T12765] BTRFS info (device loop3): setting nodatasum [ 227.059348][T12757] BTRFS info (device loop5): enabling ssd optimizations [ 227.065493][T12757] BTRFS info (device loop5): auto enabling async discard [pid 12724] close(4 [pid 12766] ioctl(4, LOOP_SET_FD, 3 [pid 12756] open("./file0", O_RDONLY [pid 12724] <... close resumed>) = 0 [pid 12724] open("./file0", O_RDONLY [pid 12766] <... ioctl resumed>) = 0 [pid 12724] <... open resumed>) = 4 [pid 12756] <... open resumed>) = 4 [pid 12724] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12756] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12766] close(3 [pid 12724] <... ioctl resumed>) = 0 [pid 12766] <... close resumed>) = 0 [pid 12724] open("./file0", O_RDONLY [pid 12766] mkdir("./file0", 0777 [pid 12724] <... open resumed>) = 5 [pid 12766] <... mkdir resumed>) = 0 [pid 12724] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12766] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12724] <... ioctl resumed>) = 0 [pid 12724] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12756] <... ioctl resumed>) = 0 [pid 12724] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 227.080732][T12757] BTRFS info (device loop5): rebuilding free space tree [ 227.089989][T12766] loop0: detected capacity change from 0 to 32768 [ 227.105385][T12765] BTRFS info (device loop3): allowing degraded mounts [ 227.122192][T12766] BTRFS: device /dev/loop0 using temp-fsid dba0195f-c69e-4f87-90d7-1daecab75a56 [pid 12724] exit_group(0) = ? [pid 12724] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12724, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- [pid 5066] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 12756] open("./file0", O_RDONLY [pid 5066] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 12756] <... open resumed>) = 5 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./71/binderfs") = 0 [ 227.124435][ T2855] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 227.141618][T12760] BTRFS info (device loop4): enabling ssd optimizations [ 227.147072][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 227.149176][T12760] BTRFS info (device loop4): auto enabling async discard [ 227.165031][T12766] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12766) [pid 5066] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12756] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12756] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12756] exit_group(0) = ? [pid 12756] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12756, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=32 /* 0.32 s */} --- [pid 5065] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 227.178657][T12765] BTRFS info (device loop3): enabling disk space caching [ 227.185948][T12765] BTRFS info (device loop3): disk space caching is enabled [ 227.194041][T12760] BTRFS info (device loop4): rebuilding free space tree [ 227.198212][T12757] BTRFS info (device loop5): disabling free space tree [ 227.219114][T12766] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./71/binderfs") = 0 [ 227.229151][T12766] BTRFS info (device loop0): force clearing of disk cache [ 227.237703][T12760] BTRFS info (device loop4): disabling free space tree [ 227.254931][T12760] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 227.258024][T12757] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 227.271561][T12766] BTRFS info (device loop0): setting nodatasum [pid 5065] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./71/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 12760] <... mount resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 12760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] rmdir("./71" [pid 5065] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12760] chdir("./file0") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12760] ioctl(4, LOOP_CLR_FD [pid 5066] mkdir("./72", 0777 [pid 5065] newfstatat(AT_FDCWD, "./71/file0", [pid 12760] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 12760] close(4 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12760] <... close resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [ 227.294257][T12757] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 227.294675][T12760] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 227.318553][T12760] BTRFS info (device loop4): checking UUID tree [ 227.327719][T12757] BTRFS info (device loop5): checking UUID tree [ 227.333816][T12766] BTRFS info (device loop0): allowing degraded mounts [pid 5065] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12760] open("./file0", O_RDONLY) = 4 [pid 5066] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] close(3 [pid 5065] <... openat resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] newfstatat(4, "", [pid 12760] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 12847 attached [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 12847 [pid 12847] set_robust_list(0x555557145760, 24 [pid 5065] getdents64(4, [pid 12847] <... set_robust_list resumed>) = 0 [pid 12847] chdir("./72" [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12847] <... chdir resumed>) = 0 [pid 5065] getdents64(4, [pid 12847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 12847] <... prctl resumed>) = 0 [pid 12760] <... ioctl resumed>) = 0 [pid 12847] setpgid(0, 0 [pid 12760] open("./file0", O_RDONLY [pid 12847] <... setpgid resumed>) = 0 [pid 12847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12760] <... open resumed>) = 5 [pid 12847] <... openat resumed>) = 3 [pid 12760] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] close(4 [pid 12847] write(3, "1000", 4) = 4 [pid 5065] <... close resumed>) = 0 [pid 12847] close(3) = 0 [pid 12757] <... mount resumed>) = 0 [pid 5065] rmdir("./71/file0" [pid 12847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... rmdir resumed>) = 0 [pid 12847] memfd_create("syzkaller", 0 [pid 12757] <... openat resumed>) = 3 [pid 5065] getdents64(3, [pid 12847] <... memfd_create resumed>) = 3 [ 227.399145][T12765] BTRFS info (device loop3): enabling ssd optimizations [ 227.406125][T12765] BTRFS info (device loop3): auto enabling async discard [ 227.414350][T12766] BTRFS info (device loop0): enabling disk space caching [pid 12757] chdir("./file0" [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12757] <... chdir resumed>) = 0 [pid 12757] ioctl(4, LOOP_CLR_FD [pid 5065] close(3 [pid 12757] <... ioctl resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 12757] close(4 [pid 5065] rmdir("./71" [pid 12757] <... close resumed>) = 0 [pid 12757] open("./file0", O_RDONLY [pid 5065] <... rmdir resumed>) = 0 [pid 12757] <... open resumed>) = 4 [pid 12757] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] mkdir("./72", 0777 [pid 12847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 12847] <... mmap resumed>) = 0x7fda9371b000 [pid 12757] <... ioctl resumed>) = 0 [pid 12757] open("./file0", O_RDONLY [pid 5065] <... openat resumed>) = 3 [pid 12760] <... ioctl resumed>) = 0 [pid 12757] <... open resumed>) = 5 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 12760] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12757] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... ioctl resumed>) = 0 [pid 12760] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] close(3 [pid 12760] exit_group(0 [pid 5065] <... close resumed>) = 0 [pid 12760] <... exit_group resumed>) = ? [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12760] +++ exited with 0 +++ [pid 12757] <... ioctl resumed>) = 0 [pid 12757] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12760, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- ./strace-static-x86_64: Process 12852 attached [pid 12757] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12757] exit_group(0 [pid 12852] set_robust_list(0x555557145760, 24 [pid 12757] <... exit_group resumed>) = ? [pid 12852] <... set_robust_list resumed>) = 0 [pid 12852] chdir("./72" [pid 12757] +++ exited with 0 +++ [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 12852 [pid 12852] <... chdir resumed>) = 0 [ 227.443469][T12766] BTRFS info (device loop0): disk space caching is enabled [ 227.458973][T12765] BTRFS info (device loop3): rebuilding free space tree [ 227.482267][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 12852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12852] setpgid(0, 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12757, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5068] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12852] <... setpgid resumed>) = 0 [pid 12852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12852] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12852] write(3, "1000", 4) = 4 [pid 5069] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... openat resumed>) = 3 [pid 12852] close(3 [pid 5069] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", [pid 5069] newfstatat(3, "", [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12852] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 12852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] getdents64(3, [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12852] memfd_create("syzkaller", 0 [pid 5068] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5069] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./71/binderfs" [pid 5069] unlink("./71/binderfs" [pid 5068] <... unlink resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5068] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 227.523641][T12765] BTRFS info (device loop3): disabling free space tree [ 227.559199][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12852] <... memfd_create resumed>) = 3 [pid 12852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 227.587944][T12765] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 227.689369][T12765] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 227.748993][T12766] BTRFS info (device loop0): enabling ssd optimizations [ 227.763679][T12766] BTRFS info (device loop0): auto enabling async discard [pid 12765] <... mount resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 12765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12765] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 227.792749][T12766] BTRFS info (device loop0): rebuilding free space tree [ 227.800986][T12765] BTRFS info (device loop3): checking UUID tree [ 227.818229][T12766] BTRFS info (device loop0): disabling free space tree [pid 12765] chdir("./file0" [pid 5068] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12765] <... chdir resumed>) = 0 [pid 12765] ioctl(4, LOOP_CLR_FD [pid 5068] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12765] <... ioctl resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12765] close(4) = 0 [pid 12765] open("./file0", O_RDONLY [pid 5068] <... openat resumed>) = 4 [ 227.865588][T12766] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12765] <... open resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 12765] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] getdents64(4, [pid 12765] <... ioctl resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./71/file0", [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./71/file0" [pid 12765] open("./file0", O_RDONLY [pid 5069] <... rmdir resumed>) = 0 [pid 5068] getdents64(4, [pid 12765] <... open resumed>) = 5 [pid 5069] getdents64(3, [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [ 227.910800][T12766] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 12765] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5069] close(3 [pid 5068] <... close resumed>) = 0 [pid 12765] <... ioctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5068] rmdir("./71/file0" [pid 5069] rmdir("./71") = 0 [pid 5069] mkdir("./72", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 12765] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... rmdir resumed>) = 0 [pid 12765] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12765] exit_group(0) = ? [pid 5068] getdents64(3, [pid 12765] +++ exited with 0 +++ [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12765, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- ./strace-static-x86_64: Process 12868 attached [pid 12868] set_robust_list(0x555557145760, 24 [pid 5068] <... close resumed>) = 0 [pid 5067] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12868] <... set_robust_list resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12868 [pid 5068] rmdir("./71" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 12868] chdir("./72" [pid 5067] newfstatat(3, "", [pid 12868] <... chdir resumed>) = 0 [pid 5068] mkdir("./72", 0777 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] getdents64(3, [pid 12868] <... prctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12868] setpgid(0, 0 [pid 5067] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12868] <... setpgid resumed>) = 0 [ 227.975440][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 228.012410][T12766] BTRFS info (device loop0): checking UUID tree [pid 12868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... mkdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12868] <... openat resumed>) = 3 [pid 5067] newfstatat(AT_FDCWD, "./71/binderfs", [pid 12868] write(3, "1000", 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12868] <... write resumed>) = 4 [pid 12868] close(3 [pid 5067] unlink("./71/binderfs" [pid 12868] <... close resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] <... unlink resumed>) = 0 [pid 12868] symlink("/dev/binderfs", "./binderfs" [pid 5067] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12868] <... symlink resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 12868] memfd_create("syzkaller", 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 12868] <... memfd_create resumed>) = 3 [pid 5068] <... ioctl resumed>) = 0 [pid 12868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] close(3 [pid 12868] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12871 attached [pid 12852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12847] <... write resumed>) = 16777216 [pid 12871] set_robust_list(0x555557145760, 24) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12871 [pid 12871] chdir("./72") = 0 [pid 12766] <... mount resumed>) = 0 [pid 12871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12871] <... prctl resumed>) = 0 [pid 12871] setpgid(0, 0 [pid 12847] munmap(0x7fda9371b000, 138412032 [pid 12766] <... openat resumed>) = 3 [pid 12766] chdir("./file0") = 0 [pid 12766] ioctl(4, LOOP_CLR_FD) = 0 [pid 12766] close(4 [pid 12871] <... setpgid resumed>) = 0 [pid 12847] <... munmap resumed>) = 0 [pid 12766] <... close resumed>) = 0 [pid 12871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12766] open("./file0", O_RDONLY [pid 12847] <... openat resumed>) = 4 [pid 12766] <... open resumed>) = 4 [pid 12871] write(3, "1000", 4 [pid 12847] ioctl(4, LOOP_SET_FD, 3 [pid 12766] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12871] <... write resumed>) = 4 [pid 12871] close(3) = 0 [pid 12871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12871] memfd_create("syzkaller", 0 [pid 12766] <... ioctl resumed>) = 0 [pid 12766] open("./file0", O_RDONLY) = 5 [pid 12766] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12766] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12766] exit_group(0) = ? [pid 12871] <... memfd_create resumed>) = 3 [pid 12847] <... ioctl resumed>) = 0 [pid 12766] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12766, si_uid=0, si_status=0, si_utime=0, si_stime=36 /* 0.36 s */} --- [pid 12847] close(3 [pid 12871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12847] <... close resumed>) = 0 [ 228.154558][T12847] loop2: detected capacity change from 0 to 32768 [pid 5064] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12871] <... mmap resumed>) = 0x7fda9371b000 [pid 12847] mkdir("./file0", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12847] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 12847] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./70/binderfs", [pid 5067] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 228.235353][T12847] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12847) [ 228.252545][ T2497] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] unlink("./70/binderfs") = 0 [pid 5067] newfstatat(AT_FDCWD, "./71/file0", [pid 5064] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./71/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./71") = 0 [pid 5067] mkdir("./72", 0777) = 0 [ 228.355548][T12847] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 228.389117][T12847] BTRFS info (device loop2): force clearing of disk cache [ 228.396255][T12847] BTRFS info (device loop2): setting nodatasum [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12873 attached [pid 5064] <... umount2 resumed>) = 0 [pid 12873] set_robust_list(0x555557145760, 24) = 0 [pid 12873] chdir("./72") = 0 [pid 12873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12873] setpgid(0, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 12873 [pid 12873] <... setpgid resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./70/file0", [pid 12873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12873] <... openat resumed>) = 3 [pid 5064] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12873] write(3, "1000", 4) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12873] close(3 [pid 5064] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12873] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [ 228.459195][T12847] BTRFS info (device loop2): allowing degraded mounts [ 228.466007][T12847] BTRFS info (device loop2): enabling disk space caching [pid 12873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] newfstatat(4, "", [pid 12873] memfd_create("syzkaller", 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12873] <... memfd_create resumed>) = 3 [pid 5064] getdents64(4, [pid 12873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12873] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./70/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./70") = 0 [pid 5064] mkdir("./71", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12875 ./strace-static-x86_64: Process 12875 attached [pid 12875] set_robust_list(0x555557145760, 24) = 0 [ 228.519597][T12847] BTRFS info (device loop2): disk space caching is enabled [pid 12875] chdir("./71") = 0 [pid 12868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12875] setpgid(0, 0) = 0 [pid 12875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12875] write(3, "1000", 4) = 4 [pid 12875] close(3) = 0 [pid 12875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12875] memfd_create("syzkaller", 0) = 3 [pid 12875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 228.819733][T12847] BTRFS info (device loop2): enabling ssd optimizations [ 228.838787][T12847] BTRFS info (device loop2): auto enabling async discard [ 228.849590][T12847] BTRFS info (device loop2): rebuilding free space tree [pid 12871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12852] <... write resumed>) = 16777216 [ 228.880162][T12847] BTRFS info (device loop2): disabling free space tree [ 228.906005][T12847] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 12875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12852] munmap(0x7fda9371b000, 138412032) = 0 [ 228.923739][T12847] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 12852] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 12852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12852] close(3) = 0 [pid 12852] mkdir("./file0", 0777) = 0 [ 228.962531][T12847] BTRFS info (device loop2): checking UUID tree [ 228.969440][T12852] loop1: detected capacity change from 0 to 32768 [pid 12852] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12847] <... mount resumed>) = 0 [pid 12847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12847] chdir("./file0") = 0 [pid 12873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 229.019294][T12852] BTRFS: device /dev/loop1 using temp-fsid a520832e-9188-4ba8-b7c4-a758ff2e8ab2 [ 229.040198][T12852] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12852) [pid 12847] ioctl(4, LOOP_CLR_FD) = 0 [pid 12847] close(4) = 0 [pid 12847] open("./file0", O_RDONLY) = 4 [pid 12847] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12847] open("./file0", O_RDONLY) = 5 [pid 12847] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 229.129481][T12852] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 12847] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12847] exit_group(0) = ? [pid 12847] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12847, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [pid 5066] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 229.181004][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 229.190526][T12852] BTRFS info (device loop1): force clearing of disk cache [pid 5066] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./72/binderfs") = 0 [pid 5066] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12875] <... write resumed>) = 16777216 [pid 12868] <... write resumed>) = 16777216 [pid 12868] munmap(0x7fda9371b000, 138412032 [pid 12875] munmap(0x7fda9371b000, 138412032 [pid 12868] <... munmap resumed>) = 0 [pid 12868] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 12868] ioctl(4, LOOP_SET_FD, 3 [pid 12875] <... munmap resumed>) = 0 [pid 12875] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12868] <... ioctl resumed>) = 0 [pid 12875] <... openat resumed>) = 4 [pid 12868] close(3 [pid 12875] ioctl(4, LOOP_SET_FD, 3 [pid 12868] <... close resumed>) = 0 [pid 12868] mkdir("./file0", 0777) = 0 [pid 12868] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./72/file0", [pid 12875] <... ioctl resumed>) = 0 [pid 12875] close(3) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12875] mkdir("./file0", 0777 [pid 5066] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12875] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 229.328518][T12868] loop5: detected capacity change from 0 to 32768 [ 229.355666][T12875] loop0: detected capacity change from 0 to 32768 [ 229.365624][T12868] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12868) [pid 5066] getdents64(4, [pid 12875] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./72/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./72") = 0 [pid 5066] mkdir("./73", 0777 [pid 12871] <... write resumed>) = 16777216 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 12871] munmap(0x7fda9371b000, 138412032 [pid 12852] <... mount resumed>) = 0 [pid 5066] close(3 [pid 12873] <... write resumed>) = 16777216 [pid 12852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12852] <... openat resumed>) = 3 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 12909 [pid 12852] chdir("./file0") = 0 [pid 12852] ioctl(4, LOOP_CLR_FD) = 0 [pid 12852] close(4) = 0 [pid 12852] open("./file0", O_RDONLY) = 4 ./strace-static-x86_64: Process 12909 attached [pid 12873] munmap(0x7fda9371b000, 138412032 [pid 12871] <... munmap resumed>) = 0 [pid 12852] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12909] set_robust_list(0x555557145760, 24) = 0 [pid 12909] chdir("./73") = 0 [pid 12909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12909] setpgid(0, 0) = 0 [pid 12909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12873] <... munmap resumed>) = 0 [pid 12871] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 12852] <... ioctl resumed>) = 0 [pid 12909] <... openat resumed>) = 3 [pid 12871] <... openat resumed>) = 4 [pid 12852] open("./file0", O_RDONLY [pid 12909] write(3, "1000", 4 [pid 12852] <... open resumed>) = 5 [pid 12909] <... write resumed>) = 4 [pid 12909] close(3) = 0 [pid 12852] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12909] symlink("/dev/binderfs", "./binderfs") = 0 [ 229.432902][T12875] BTRFS: device /dev/loop0 using temp-fsid 7a62a6d8-c556-49e2-b3ca-f57bd6727c6c [ 229.468170][T12875] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12875) [pid 12909] memfd_create("syzkaller", 0 [pid 12871] ioctl(4, LOOP_SET_FD, 3 [pid 12852] <... ioctl resumed>) = 0 [pid 12852] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12909] <... memfd_create resumed>) = 3 [pid 12909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12852] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12909] <... mmap resumed>) = 0x7fda9371b000 [pid 12873] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 12871] <... ioctl resumed>) = 0 [pid 12852] exit_group(0) = ? [pid 12873] <... openat resumed>) = 4 [pid 12852] +++ exited with 0 +++ [pid 12873] ioctl(4, LOOP_SET_FD, 3 [pid 12871] close(3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12852, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 12871] <... close resumed>) = 0 [pid 5065] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12871] mkdir("./file0", 0777 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 12871] <... mkdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./72/binderfs", [pid 12871] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./72/binderfs") = 0 [ 229.515103][T12871] loop4: detected capacity change from 0 to 32768 [ 229.534620][T12873] loop3: detected capacity change from 0 to 32768 [pid 5065] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12873] <... ioctl resumed>) = 0 [pid 12873] close(3) = 0 [pid 12873] mkdir("./file0", 0777) = 0 [ 229.562042][T12871] BTRFS: device /dev/loop4 using temp-fsid 38926a57-f976-488b-bb9e-9c968b953e24 [ 229.620858][T12871] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12871) [pid 12873] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 229.705261][T12873] BTRFS: device /dev/loop3 using temp-fsid 6156e036-1b83-4074-b49f-e057cce83bde [ 229.744351][T12873] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12873) [pid 12909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12868] <... mount resumed>) = 0 [pid 12868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12868] chdir("./file0") = 0 [pid 12868] ioctl(4, LOOP_CLR_FD) = 0 [pid 12868] close(4) = 0 [pid 12868] open("./file0", O_RDONLY) = 4 [pid 12868] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12875] <... mount resumed>) = 0 [pid 12868] open("./file0", O_RDONLY [pid 12875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12871] <... mount resumed>) = 0 [pid 12868] <... open resumed>) = 5 [pid 12875] <... openat resumed>) = 3 [pid 12871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12868] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12875] chdir("./file0" [pid 12871] <... openat resumed>) = 3 [pid 12868] <... ioctl resumed>) = 0 [pid 12875] <... chdir resumed>) = 0 [pid 12871] chdir("./file0" [pid 12868] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12875] ioctl(4, LOOP_CLR_FD [pid 12871] <... chdir resumed>) = 0 [pid 12868] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12868] exit_group(0 [pid 12871] ioctl(4, LOOP_CLR_FD [pid 12875] <... ioctl resumed>) = 0 [pid 12871] <... ioctl resumed>) = 0 [pid 12868] <... exit_group resumed>) = ? [pid 12875] close(4) = 0 [pid 12875] open("./file0", O_RDONLY [pid 12871] close(4 [pid 12868] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12868, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 12875] <... open resumed>) = 4 [pid 12871] <... close resumed>) = 0 [pid 12875] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12871] open("./file0", O_RDONLY) = 4 [pid 5069] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12871] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12875] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12875] open("./file0", O_RDONLY [pid 5069] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12875] <... open resumed>) = 5 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12875] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12871] <... ioctl resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./72/binderfs", [pid 12909] <... write resumed>) = 16777216 [pid 12875] <... ioctl resumed>) = 0 [pid 12871] open("./file0", O_RDONLY [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12875] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12871] <... open resumed>) = 5 [pid 5069] unlink("./72/binderfs" [pid 12909] munmap(0x7fda9371b000, 138412032 [pid 12875] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12871] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... unlink resumed>) = 0 [pid 12875] exit_group(0 [pid 12871] <... ioctl resumed>) = 0 [pid 5069] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12909] <... munmap resumed>) = 0 [pid 12875] <... exit_group resumed>) = ? [pid 12875] +++ exited with 0 +++ [pid 12871] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12909] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 12871] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12909] <... openat resumed>) = 4 [pid 12871] exit_group(0 [pid 12909] ioctl(4, LOOP_SET_FD, 3 [pid 12873] <... mount resumed>) = 0 [pid 12871] <... exit_group resumed>) = ? [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12875, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 12873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12871] +++ exited with 0 +++ [pid 12909] <... ioctl resumed>) = 0 [pid 5064] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12909] close(3 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12871, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] <... umount2 resumed>) = 0 [pid 12909] <... close resumed>) = 0 [pid 5068] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12873] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12909] mkdir("./file0", 0777 [pid 12873] chdir("./file0" [pid 5068] <... openat resumed>) = 3 [pid 5065] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12873] <... chdir resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 12873] ioctl(4, LOOP_CLR_FD [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12873] <... ioctl resumed>) = 0 [pid 5068] getdents64(3, [pid 12873] close(4 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 12909] <... mkdir resumed>) = 0 [pid 12873] <... close resumed>) = 0 [pid 5068] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 12909] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12873] open("./file0", O_RDONLY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12873] <... open resumed>) = 4 [pid 5068] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5064] newfstatat(3, "", [pid 12873] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./72/file0", [pid 5068] unlink("./72/binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... unlink resumed>) = 0 [pid 5068] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12873] <... ioctl resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 230.028967][T12909] loop2: detected capacity change from 0 to 32768 [ 230.058369][T12909] BTRFS: device /dev/loop2 using temp-fsid 35265e3a-29ea-4f6c-94cf-3ec6138e1893 [pid 5064] unlink("./71/binderfs" [pid 12873] open("./file0", O_RDONLY) = 5 [pid 5065] getdents64(4, [pid 5064] <... unlink resumed>) = 0 [pid 12873] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./72/file0" [pid 12873] <... ioctl resumed>) = 0 [pid 12873] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12873] exit_group(0) = ? [pid 12873] +++ exited with 0 +++ [pid 5065] <... rmdir resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12873, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5067] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 230.098008][T12909] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (12909) [pid 5067] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5067] newfstatat(3, "", [pid 5065] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] rmdir("./72" [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./72/binderfs") = 0 [pid 5065] mkdir("./73", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12979 ./strace-static-x86_64: Process 12979 attached [pid 12979] set_robust_list(0x555557145760, 24) = 0 [pid 12979] chdir("./73") = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 12979] setpgid(0, 0) = 0 [pid 12979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12979] write(3, "1000", 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12979] <... write resumed>) = 4 [pid 5069] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(AT_FDCWD, "./72/file0", [pid 12979] close(3) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./72/file0", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12979] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5069] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(4, "", [pid 12979] <... symlink resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", [pid 5068] getdents64(4, [pid 12979] memfd_create("syzkaller", 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5068] getdents64(4, [pid 12979] <... memfd_create resumed>) = 3 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./72/file0") = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5068] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./72" [pid 5068] rmdir("./72/file0" [pid 5064] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5069] mkdir("./73", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./71/file0", [pid 5069] <... mkdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5064] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] getdents64(3, [pid 5064] <... openat resumed>) = 4 [pid 5069] <... ioctl resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 5069] close(3 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] close(3) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] rmdir("./72" [pid 5064] close(4) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5064] rmdir("./71/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 12990 attached [pid 12990] set_robust_list(0x555557145760, 24 [pid 5064] close(3 [pid 12990] <... set_robust_list resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 12990] chdir("./73" [pid 5068] mkdir("./73", 0777 [pid 5064] rmdir("./71") = 0 [pid 5064] mkdir("./72", 0777 [pid 5068] <... mkdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 12990 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 12990] <... chdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 12990] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] ioctl(3, LOOP_CLR_FD [pid 12990] <... prctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 12990] setpgid(0, 0 [pid 5068] <... ioctl resumed>) = 0 [pid 12990] <... setpgid resumed>) = 0 [pid 5068] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 12990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... close resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 12990] <... openat resumed>) = 3 [pid 12990] write(3, "1000", 4 [pid 5067] <... umount2 resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 12990] <... write resumed>) = 4 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 12993 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 12993 attached [pid 12990] close(3 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 12994 [pid 12990] <... close resumed>) = 0 [pid 12990] symlink("/dev/binderfs", "./binderfs" [pid 12993] set_robust_list(0x555557145760, 24 [pid 5067] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12993] <... set_robust_list resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12993] chdir("./73" [pid 5067] newfstatat(AT_FDCWD, "./72/file0", [pid 12993] <... chdir resumed>) = 0 [pid 12990] <... symlink resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12993] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12993] <... prctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 12994 attached [pid 12993] setpgid(0, 0 [pid 5067] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12994] set_robust_list(0x555557145760, 24 [pid 12993] <... setpgid resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 12994] <... set_robust_list resumed>) = 0 [pid 12993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] newfstatat(4, "", [pid 12994] chdir("./72" [pid 12993] <... openat resumed>) = 3 [pid 12990] memfd_create("syzkaller", 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12994] <... chdir resumed>) = 0 [pid 12993] write(3, "1000", 4 [pid 12990] <... memfd_create resumed>) = 3 [pid 5067] getdents64(4, [pid 12994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12993] <... write resumed>) = 4 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12994] <... prctl resumed>) = 0 [pid 12993] close(3 [pid 5067] getdents64(4, [pid 12994] setpgid(0, 0 [pid 12993] <... close resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 12994] <... setpgid resumed>) = 0 [pid 12993] symlink("/dev/binderfs", "./binderfs" [pid 5067] close(4 [pid 12994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12993] <... symlink resumed>) = 0 [pid 12994] <... openat resumed>) = 3 [pid 12993] memfd_create("syzkaller", 0 [pid 5067] <... close resumed>) = 0 [pid 12994] write(3, "1000", 4 [pid 12993] <... memfd_create resumed>) = 3 [pid 5067] rmdir("./72/file0" [pid 12994] <... write resumed>) = 4 [pid 12993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... rmdir resumed>) = 0 [pid 12994] close(3 [pid 12993] <... mmap resumed>) = 0x7fda9371b000 [pid 12994] <... close resumed>) = 0 [pid 12990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12994] symlink("/dev/binderfs", "./binderfs" [pid 12990] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] getdents64(3, [pid 12994] <... symlink resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12994] memfd_create("syzkaller", 0 [pid 5067] close(3 [pid 12994] <... memfd_create resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 12994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] rmdir("./72" [pid 12994] <... mmap resumed>) = 0x7fda9371b000 [pid 12979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./73", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 12998 ./strace-static-x86_64: Process 12998 attached [pid 12998] set_robust_list(0x555557145760, 24) = 0 [pid 12998] chdir("./73") = 0 [pid 12998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 12998] setpgid(0, 0) = 0 [pid 12998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 12998] write(3, "1000", 4) = 4 [pid 12998] close(3) = 0 [pid 12998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 12998] memfd_create("syzkaller", 0) = 3 [pid 12998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 12909] <... mount resumed>) = 0 [pid 12909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12909] chdir("./file0") = 0 [pid 12909] ioctl(4, LOOP_CLR_FD) = 0 [pid 12909] close(4) = 0 [pid 12909] open("./file0", O_RDONLY) = 4 [pid 12909] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12909] open("./file0", O_RDONLY) = 5 [pid 12909] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12909] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12909] exit_group(0) = ? [pid 12909] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12909, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} --- [pid 5066] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./73/binderfs") = 0 [pid 5066] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12979] <... write resumed>) = 16777216 [pid 12979] munmap(0x7fda9371b000, 138412032 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 12979] <... munmap resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 12979] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 12979] <... openat resumed>) = 4 [pid 12979] ioctl(4, LOOP_SET_FD, 3 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./73/file0") = 0 [pid 5066] getdents64(3, [pid 12979] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 12979] close(3) = 0 [pid 12979] mkdir("./file0", 0777) = 0 [pid 12979] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] close(3) = 0 [pid 12998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] rmdir("./73") = 0 [pid 5066] mkdir("./74", 0777) = 0 [ 231.203429][T12979] loop1: detected capacity change from 0 to 32768 [ 231.233465][T12979] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (12979) [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13000 ./strace-static-x86_64: Process 13000 attached [pid 13000] set_robust_list(0x555557145760, 24) = 0 [pid 13000] chdir("./74") = 0 [pid 13000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13000] setpgid(0, 0) = 0 [ 231.304169][T12979] _btrfs_printk: 82 callbacks suppressed [ 231.304183][T12979] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 13000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13000] write(3, "1000", 4) = 4 [pid 13000] close(3) = 0 [pid 13000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13000] memfd_create("syzkaller", 0) = 3 [pid 13000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 231.389153][T12979] BTRFS info (device loop1): force clearing of disk cache [ 231.413326][T12979] BTRFS info (device loop1): setting nodatasum [ 231.459647][T12979] BTRFS info (device loop1): allowing degraded mounts [ 231.488787][T12979] BTRFS info (device loop1): enabling disk space caching [ 231.495816][T12979] BTRFS info (device loop1): disk space caching is enabled [pid 12993] <... write resumed>) = 16777216 [pid 12993] munmap(0x7fda9371b000, 138412032 [pid 12990] <... write resumed>) = 16777216 [pid 12993] <... munmap resumed>) = 0 [pid 12993] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 12993] ioctl(4, LOOP_SET_FD, 3 [pid 12990] munmap(0x7fda9371b000, 138412032) = 0 [pid 12993] <... ioctl resumed>) = 0 [pid 12990] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 12993] close(3 [pid 12990] <... openat resumed>) = 4 [pid 12993] <... close resumed>) = 0 [ 231.590657][T12993] loop4: detected capacity change from 0 to 32768 [ 231.630439][T12990] loop5: detected capacity change from 0 to 32768 [pid 12990] ioctl(4, LOOP_SET_FD, 3 [pid 12993] mkdir("./file0", 0777) = 0 [pid 12993] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12990] <... ioctl resumed>) = 0 [pid 12990] close(3) = 0 [pid 12990] mkdir("./file0", 0777) = 0 [ 231.639931][T12993] BTRFS: device /dev/loop4 using temp-fsid f1874c79-a270-4f70-b269-1803feb742d2 [ 231.643554][T12979] BTRFS info (device loop1): enabling ssd optimizations [ 231.669858][T12993] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (12993) [ 231.670787][T12979] BTRFS info (device loop1): auto enabling async discard [pid 12990] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12994] <... write resumed>) = 16777216 [pid 12994] munmap(0x7fda9371b000, 138412032) = 0 [pid 12994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 231.724142][T12990] BTRFS: device /dev/loop5 using temp-fsid f5ff0df9-c8c8-4639-897f-703b89b83d89 [ 231.744388][T12979] BTRFS info (device loop1): rebuilding free space tree [ 231.753720][T12993] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 12994] ioctl(4, LOOP_SET_FD, 3 [pid 13000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12994] <... ioctl resumed>) = 0 [pid 12994] close(3) = 0 [pid 12994] mkdir("./file0", 0777) = 0 [ 231.764646][T12990] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (12990) [ 231.766087][T12993] BTRFS info (device loop4): force clearing of disk cache [ 231.784850][T12994] loop0: detected capacity change from 0 to 32768 [ 231.806279][T12979] BTRFS info (device loop1): disabling free space tree [pid 12994] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12998] <... write resumed>) = 16777216 [ 231.816222][T12979] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 231.827935][T12994] BTRFS: device /dev/loop0 using temp-fsid 108d58ea-ba87-4274-81a5-1bb4611c329b [ 231.837045][T12993] BTRFS info (device loop4): setting nodatasum [ 231.837065][T12993] BTRFS info (device loop4): allowing degraded mounts [ 231.837081][T12993] BTRFS info (device loop4): enabling disk space caching [ 231.837095][T12993] BTRFS info (device loop4): disk space caching is enabled [pid 12998] munmap(0x7fda9371b000, 138412032) = 0 [pid 12998] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 231.868242][T12979] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 231.878569][T12990] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 231.891464][T12990] BTRFS info (device loop5): force clearing of disk cache [ 231.892321][T12998] loop3: detected capacity change from 0 to 32768 [ 231.898879][T12990] BTRFS info (device loop5): setting nodatasum [ 231.898898][T12990] BTRFS info (device loop5): allowing degraded mounts [pid 12998] ioctl(4, LOOP_SET_FD, 3 [pid 13000] <... write resumed>) = 16777216 [pid 12998] <... ioctl resumed>) = 0 [pid 12998] close(3) = 0 [pid 12998] mkdir("./file0", 0777) = 0 [ 231.898914][T12990] BTRFS info (device loop5): enabling disk space caching [ 231.898928][T12990] BTRFS info (device loop5): disk space caching is enabled [ 231.937940][T12994] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (12994) [ 231.955138][T12979] BTRFS info (device loop1): checking UUID tree [pid 12998] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13000] munmap(0x7fda9371b000, 138412032) = 0 [pid 13000] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 231.969028][T12998] BTRFS: device /dev/loop3 using temp-fsid b0b85ac1-a8d6-47d6-b917-76b1cf5e1e06 [ 231.978518][T12994] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 231.978921][T12998] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (12998) [ 231.990605][T13000] loop2: detected capacity change from 0 to 32768 [ 232.002409][T12994] BTRFS info (device loop0): force clearing of disk cache [ 232.014835][T12994] BTRFS info (device loop0): setting nodatasum [pid 13000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 12979] <... mount resumed>) = 0 [pid 13000] close(3) = 0 [pid 13000] mkdir("./file0", 0777) = 0 [pid 13000] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 12979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12979] chdir("./file0") = 0 [ 232.021644][T12998] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 232.023545][T12994] BTRFS info (device loop0): allowing degraded mounts [ 232.035477][T13000] BTRFS: device /dev/loop2 using temp-fsid 5e43e814-1213-4cac-aa31-e916e654e598 [ 232.038316][T12994] BTRFS info (device loop0): enabling disk space caching [ 232.050446][T12998] BTRFS info (device loop3): force clearing of disk cache [ 232.054903][T12994] BTRFS info (device loop0): disk space caching is enabled [pid 12979] ioctl(4, LOOP_CLR_FD) = 0 [pid 12979] close(4) = 0 [pid 12979] open("./file0", O_RDONLY) = 4 [ 232.069982][T13000] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13000) [ 232.070053][T12993] BTRFS info (device loop4): enabling ssd optimizations [ 232.084289][T12998] BTRFS info (device loop3): setting nodatasum [ 232.090743][T12993] BTRFS info (device loop4): auto enabling async discard [ 232.097937][T12998] BTRFS info (device loop3): allowing degraded mounts [ 232.104644][T12993] BTRFS info (device loop4): rebuilding free space tree [ 232.111924][T12998] BTRFS info (device loop3): enabling disk space caching [pid 12979] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 12979] open("./file0", O_RDONLY) = 5 [pid 12979] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12979] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 12979] exit_group(0) = ? [pid 12979] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12979, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=37 /* 0.37 s */} --- [pid 5065] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 232.126063][T12998] BTRFS info (device loop3): disk space caching is enabled [ 232.137153][T13000] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 232.147702][T13000] BTRFS info (device loop2): force clearing of disk cache [pid 5065] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./73/binderfs") = 0 [ 232.178622][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 232.184918][T13000] BTRFS info (device loop2): setting nodatasum [ 232.194331][T12990] BTRFS info (device loop5): enabling ssd optimizations [ 232.201685][T12993] BTRFS info (device loop4): disabling free space tree [ 232.201867][T12990] BTRFS info (device loop5): auto enabling async discard [ 232.215659][T12993] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 232.229947][T12990] BTRFS info (device loop5): rebuilding free space tree [ 232.253496][T13000] BTRFS info (device loop2): allowing degraded mounts [ 232.262237][T13000] BTRFS info (device loop2): enabling disk space caching [ 232.267710][T12990] BTRFS info (device loop5): disabling free space tree [pid 5065] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 232.271369][T13000] BTRFS info (device loop2): disk space caching is enabled [ 232.286255][T12993] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 232.290353][T12990] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 232.308959][T12990] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./73/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./73") = 0 [pid 5065] mkdir("./74", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [ 232.328019][T12994] BTRFS info (device loop0): enabling ssd optimizations [ 232.331960][T12993] BTRFS info (device loop4): checking UUID tree [ 232.339819][T12994] BTRFS info (device loop0): auto enabling async discard [ 232.350648][T12998] BTRFS info (device loop3): enabling ssd optimizations [ 232.352510][T12990] BTRFS info (device loop5): checking UUID tree [ 232.357579][T12998] BTRFS info (device loop3): auto enabling async discard [ 232.372018][T12994] BTRFS info (device loop0): rebuilding free space tree [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13086 attached [pid 13086] set_robust_list(0x555557145760, 24) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13086 [pid 13086] chdir("./74" [pid 12993] <... mount resumed>) = 0 [pid 13086] <... chdir resumed>) = 0 [pid 12993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 12993] <... openat resumed>) = 3 [pid 13086] <... prctl resumed>) = 0 [pid 12993] chdir("./file0" [pid 13086] setpgid(0, 0 [pid 12993] <... chdir resumed>) = 0 [pid 13086] <... setpgid resumed>) = 0 [pid 13086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 12993] ioctl(4, LOOP_CLR_FD [pid 13086] <... openat resumed>) = 3 [pid 12993] <... ioctl resumed>) = 0 [pid 13086] write(3, "1000", 4 [pid 12993] close(4 [pid 13086] <... write resumed>) = 4 [pid 12993] <... close resumed>) = 0 [pid 13086] close(3 [pid 12990] <... mount resumed>) = 0 [pid 13086] <... close resumed>) = 0 [pid 12990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13086] symlink("/dev/binderfs", "./binderfs" [pid 12993] open("./file0", O_RDONLY [pid 12990] <... openat resumed>) = 3 [pid 13086] <... symlink resumed>) = 0 [pid 12993] <... open resumed>) = 4 [pid 12990] chdir("./file0" [pid 13086] memfd_create("syzkaller", 0 [pid 12993] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 12990] <... chdir resumed>) = 0 [pid 13086] <... memfd_create resumed>) = 3 [pid 12990] ioctl(4, LOOP_CLR_FD [pid 13086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 12990] <... ioctl resumed>) = 0 [pid 12990] close(4 [pid 13086] <... mmap resumed>) = 0x7fda9371b000 [pid 12990] <... close resumed>) = 0 [ 232.390922][T12994] BTRFS info (device loop0): disabling free space tree [ 232.411809][T12994] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 232.431110][T12998] BTRFS info (device loop3): rebuilding free space tree [pid 12993] <... ioctl resumed>) = 0 [pid 12990] open("./file0", O_RDONLY [pid 12993] open("./file0", O_RDONLY [pid 12990] <... open resumed>) = 4 [pid 12993] <... open resumed>) = 5 [pid 12990] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 232.459116][T12994] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 232.475948][T12994] BTRFS info (device loop0): checking UUID tree [ 232.484071][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 12993] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 12990] <... ioctl resumed>) = 0 [pid 12993] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 12990] open("./file0", O_RDONLY [pid 12994] <... mount resumed>) = 0 [pid 12994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12993] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 12990] <... open resumed>) = 5 [pid 12994] chdir("./file0") = 0 [pid 12993] exit_group(0 [pid 12990] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 12994] ioctl(4, LOOP_CLR_FD [pid 12993] <... exit_group resumed>) = ? [pid 12990] <... ioctl resumed>) = 0 [pid 12994] <... ioctl resumed>) = 0 [pid 12993] +++ exited with 0 +++ [pid 12990] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12993, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- [ 232.519004][T12998] BTRFS info (device loop3): disabling free space tree [ 232.525916][T12998] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 232.535693][T13000] BTRFS info (device loop2): enabling ssd optimizations [pid 12994] close(4 [pid 12990] exit_group(0) = ? [pid 12990] +++ exited with 0 +++ [pid 5068] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12990, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12994] <... close resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 12994] open("./file0", O_RDONLY [pid 5069] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(3, "", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 5069] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... openat resumed>) = 3 [pid 5068] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12994] <... open resumed>) = 4 [pid 5069] newfstatat(3, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12994] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5069] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] unlink("./73/binderfs" [pid 5069] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... unlink resumed>) = 0 [pid 12994] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12994] open("./file0", O_RDONLY) = 5 [pid 5069] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./73/binderfs") = 0 [pid 5069] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12994] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 232.584968][T13000] BTRFS info (device loop2): auto enabling async discard [ 232.603667][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 232.622441][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 12994] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 12994] exit_group(0) = ? [pid 12994] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12994, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5064] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./72/binderfs") = 0 [ 232.635456][T13000] BTRFS info (device loop2): rebuilding free space tree [ 232.643858][T12998] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 232.681522][T13000] BTRFS info (device loop2): disabling free space tree [ 232.710740][T12998] BTRFS info (device loop3): checking UUID tree [ 232.731058][T13000] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 232.748181][T13000] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 232.794506][T13000] BTRFS info (device loop2): checking UUID tree [pid 5064] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 12998] <... mount resumed>) = 0 [pid 12998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 12998] chdir("./file0") = 0 [pid 12998] ioctl(4, LOOP_CLR_FD) = 0 [pid 12998] close(4) = 0 [pid 12998] open("./file0", O_RDONLY) = 4 [pid 12998] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5068] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13000] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 13000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 12998] <... ioctl resumed>) = 0 [pid 5069] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(4, "", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13000] <... openat resumed>) = 3 [pid 12998] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./72/file0", [pid 12998] <... open resumed>) = 5 [pid 5069] newfstatat(AT_FDCWD, "./73/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 12998] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13000] chdir("./file0" [pid 12998] <... ioctl resumed>) = 0 [pid 5069] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 12998] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 12998] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] getdents64(4, [pid 12998] exit_group(0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 12998] <... exit_group resumed>) = ? [pid 5068] close(4) = 0 [pid 13000] <... chdir resumed>) = 0 [pid 12998] +++ exited with 0 +++ [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] rmdir("./73/file0" [pid 5064] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./73") = 0 [pid 5068] mkdir("./74", 0777) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13000] ioctl(4, LOOP_CLR_FD [pid 5064] newfstatat(4, "", [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3 [pid 13000] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12998, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=43 /* 0.43 s */} --- [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13000] close(4 [pid 5069] newfstatat(4, "", [pid 5067] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13000] <... close resumed>) = 0 [pid 5064] getdents64(4, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13000] open("./file0", O_RDONLY [pid 5069] getdents64(4, [pid 5068] <... close resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 13000] <... open resumed>) = 4 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... openat resumed>) = 3 [pid 5064] getdents64(4, [pid 13000] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] getdents64(4, [pid 5067] newfstatat(3, "", [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 13102 [pid 5064] close(4 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] close(4 [pid 5064] <... close resumed>) = 0 [pid 5067] getdents64(3, [pid 5069] <... close resumed>) = 0 [pid 5064] rmdir("./72/file0" [pid 13000] <... ioctl resumed>) = 0 [pid 5069] rmdir("./73/file0" [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... rmdir resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5067] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 13000] open("./file0", O_RDONLY./strace-static-x86_64: Process 13102 attached [pid 13102] set_robust_list(0x555557145760, 24) = 0 [pid 13102] chdir("./74") = 0 [ 232.937483][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 13102] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13000] <... open resumed>) = 5 [pid 5069] getdents64(3, [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13000] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5069] close(3 [pid 5064] close(3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13000] <... ioctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5067] unlink("./73/binderfs" [pid 5064] <... close resumed>) = 0 [pid 13000] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] rmdir("./73" [pid 13102] <... prctl resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 13102] setpgid(0, 0) = 0 [pid 13102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... rmdir resumed>) = 0 [pid 5067] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13000] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] rmdir("./72" [pid 13000] exit_group(0 [pid 5069] mkdir("./74", 0777 [pid 5064] <... rmdir resumed>) = 0 [pid 13000] <... exit_group resumed>) = ? [pid 13102] <... openat resumed>) = 3 [pid 13000] +++ exited with 0 +++ [pid 5069] <... mkdir resumed>) = 0 [pid 5064] mkdir("./73", 0777 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13000, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 13102] write(3, "1000", 4 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5064] <... mkdir resumed>) = 0 [pid 13102] <... write resumed>) = 4 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 13102] close(3 [pid 5069] <... openat resumed>) = 3 [pid 5066] <... restart_syscall resumed>) = 0 [pid 13102] <... close resumed>) = 0 [pid 13102] symlink("/dev/binderfs", "./binderfs" [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5064] <... openat resumed>) = 3 [pid 13102] <... symlink resumed>) = 0 [pid 5066] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13102] memfd_create("syzkaller", 0 [pid 5069] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 13102] <... memfd_create resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... openat resumed>) = 3 [pid 13102] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] newfstatat(3, "", [pid 5064] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... close resumed>) = 0 [pid 5066] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./74/binderfs") = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13103 attached [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 13103 [pid 13103] set_robust_list(0x555557145760, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13104 [pid 13103] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 13104 attached [pid 13103] chdir("./74" [pid 13104] set_robust_list(0x555557145760, 24) = 0 [pid 13103] <... chdir resumed>) = 0 [pid 13103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13104] chdir("./73" [pid 13103] setpgid(0, 0 [pid 13104] <... chdir resumed>) = 0 [ 233.055089][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 13104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13104] setpgid(0, 0) = 0 [pid 13104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13103] <... setpgid resumed>) = 0 [pid 13104] write(3, "1000", 4) = 4 [pid 13104] close(3) = 0 [pid 13104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13104] memfd_create("syzkaller", 0 [pid 13103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13104] <... memfd_create resumed>) = 3 [pid 13103] <... openat resumed>) = 3 [pid 13104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13103] write(3, "1000", 4) = 4 [pid 13103] close(3) = 0 [pid 13103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13103] memfd_create("syzkaller", 0) = 3 [pid 13103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13086] <... write resumed>) = 16777216 [pid 13086] munmap(0x7fda9371b000, 138412032) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 13086] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5066] <... umount2 resumed>) = 0 [pid 13086] ioctl(4, LOOP_SET_FD, 3 [pid 5067] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./73/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./73") = 0 [pid 5067] mkdir("./74", 0777) = 0 [pid 5066] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13107 ./strace-static-x86_64: Process 13107 attached [pid 13107] set_robust_list(0x555557145760, 24) = 0 [pid 13107] chdir("./74" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13107] <... chdir resumed>) = 0 [ 233.393227][T13086] loop1: detected capacity change from 0 to 32768 [pid 5066] newfstatat(AT_FDCWD, "./74/file0", [pid 13086] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13107] setpgid(0, 0) = 0 [pid 13107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13107] write(3, "1000", 4 [pid 13086] close(3 [pid 13107] <... write resumed>) = 4 [pid 13086] <... close resumed>) = 0 [pid 13107] close(3 [pid 13086] mkdir("./file0", 0777 [pid 13107] <... close resumed>) = 0 [pid 13086] <... mkdir resumed>) = 0 [pid 13107] symlink("/dev/binderfs", "./binderfs" [pid 13086] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13107] <... symlink resumed>) = 0 [pid 13107] memfd_create("syzkaller", 0) = 3 [pid 13107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 233.467518][T13086] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13086) [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./74/file0" [pid 13102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./74") = 0 [pid 5066] mkdir("./75", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [ 233.590221][T13086] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 233.628986][T13086] BTRFS info (device loop1): force clearing of disk cache [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13108 attached , child_tidptr=0x555557145750) = 13108 [pid 13108] set_robust_list(0x555557145760, 24) = 0 [pid 13108] chdir("./75") = 0 [pid 13108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13108] setpgid(0, 0) = 0 [ 233.678772][T13086] BTRFS info (device loop1): setting nodatasum [ 233.685238][T13086] BTRFS info (device loop1): allowing degraded mounts [ 233.713595][T13086] BTRFS info (device loop1): enabling disk space caching [pid 13108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13108] write(3, "1000", 4) = 4 [pid 13108] close(3) = 0 [pid 13108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13108] memfd_create("syzkaller", 0) = 3 [pid 13108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 233.745200][T13086] BTRFS info (device loop1): disk space caching is enabled [pid 13108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13103] <... write resumed>) = 16777216 [pid 13103] munmap(0x7fda9371b000, 138412032) = 0 [pid 13103] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 234.058785][T13086] BTRFS info (device loop1): enabling ssd optimizations [ 234.065761][T13086] BTRFS info (device loop1): auto enabling async discard [pid 13103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13103] close(3) = 0 [pid 13103] mkdir("./file0", 0777) = 0 [ 234.120069][T13103] loop5: detected capacity change from 0 to 32768 [ 234.133277][T13086] BTRFS info (device loop1): rebuilding free space tree [ 234.183983][T13103] BTRFS: device /dev/loop5 using temp-fsid 67c5790f-4e7a-422b-a782-f3e63c7a637b [ 234.206277][T13086] BTRFS info (device loop1): disabling free space tree [ 234.213228][T13103] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13103) [pid 13103] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13102] <... write resumed>) = 16777216 [ 234.258982][T13086] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 234.282253][T13103] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 13102] munmap(0x7fda9371b000, 138412032) = 0 [pid 13102] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 13102] ioctl(4, LOOP_SET_FD, 3 [pid 13108] <... write resumed>) = 16777216 [pid 13108] munmap(0x7fda9371b000, 138412032 [pid 13104] <... write resumed>) = 16777216 [pid 13108] <... munmap resumed>) = 0 [pid 13102] <... ioctl resumed>) = 0 [pid 13086] <... mount resumed>) = 0 [pid 13102] close(3) = 0 [pid 13102] mkdir("./file0", 0777 [pid 13104] munmap(0x7fda9371b000, 138412032 [pid 13086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13102] <... mkdir resumed>) = 0 [pid 13086] <... openat resumed>) = 3 [pid 13102] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13086] chdir("./file0" [pid 13108] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 13086] <... chdir resumed>) = 0 [pid 13108] <... openat resumed>) = 4 [pid 13086] ioctl(4, LOOP_CLR_FD [ 234.301939][T13086] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 234.308803][T13103] BTRFS info (device loop5): force clearing of disk cache [ 234.330899][T13103] BTRFS info (device loop5): setting nodatasum [ 234.331553][T13102] loop4: detected capacity change from 0 to 32768 [ 234.344715][T13103] BTRFS info (device loop5): allowing degraded mounts [pid 13108] ioctl(4, LOOP_SET_FD, 3 [pid 13086] <... ioctl resumed>) = 0 [pid 13104] <... munmap resumed>) = 0 [pid 13086] close(4) = 0 [pid 13086] open("./file0", O_RDONLY) = 4 [pid 13086] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 13104] ioctl(4, LOOP_SET_FD, 3 [pid 13086] <... ioctl resumed>) = 0 [pid 13086] open("./file0", O_RDONLY) = 5 [pid 13086] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13108] <... ioctl resumed>) = 0 [pid 13108] close(3) = 0 [pid 13108] mkdir("./file0", 0777) = 0 [pid 13108] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13104] <... ioctl resumed>) = 0 [pid 13086] <... ioctl resumed>) = 0 [pid 13104] close(3) = 0 [pid 13104] mkdir("./file0", 0777) = 0 [pid 13086] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13104] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13086] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13086] exit_group(0) = ? [pid 13086] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13086, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 5065] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 234.382249][T13108] loop2: detected capacity change from 0 to 32768 [ 234.390179][T13102] BTRFS: device /dev/loop4 using temp-fsid e14ded8f-4083-48e2-aa8e-c6144108e4d6 [ 234.405134][T13104] loop0: detected capacity change from 0 to 32768 [ 234.405151][T13102] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13102) [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./74/binderfs") = 0 [pid 5065] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13107] <... write resumed>) = 16777216 [ 234.465054][T13108] BTRFS: device /dev/loop2 using temp-fsid 8e823b6e-e9f0-43b2-ae89-f2c5832a4d99 [ 234.480432][T13108] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13108) [ 234.498886][T13104] BTRFS: device /dev/loop0 using temp-fsid f65f21c8-383a-4990-8fba-c4a9c16eeeb5 [pid 13107] munmap(0x7fda9371b000, 138412032) = 0 [pid 13107] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 13107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13107] close(3) = 0 [pid 13107] mkdir("./file0", 0777) = 0 [ 234.509128][T13104] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13104) [ 234.520477][T13107] loop3: detected capacity change from 0 to 32768 [pid 13107] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [ 234.562770][T13107] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13107) [pid 5065] rmdir("./74/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13103] <... mount resumed>) = 0 [pid 5065] close(3 [pid 13103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./74") = 0 [pid 5065] mkdir("./75", 0777) = 0 [pid 13103] chdir("./file0" [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 13103] <... chdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 13103] ioctl(4, LOOP_CLR_FD [pid 5065] ioctl(3, LOOP_CLR_FD [pid 13103] <... ioctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3) = 0 [pid 13103] close(4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13187 attached [pid 13103] <... close resumed>) = 0 [pid 13187] set_robust_list(0x555557145760, 24 [pid 13103] open("./file0", O_RDONLY [pid 13102] <... mount resumed>) = 0 [pid 13108] <... mount resumed>) = 0 [pid 13187] <... set_robust_list resumed>) = 0 [pid 13108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13187] chdir("./75" [pid 13108] <... openat resumed>) = 3 [pid 13103] <... open resumed>) = 4 [pid 13102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13187 [pid 13187] <... chdir resumed>) = 0 [pid 13108] chdir("./file0" [pid 13103] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13102] <... openat resumed>) = 3 [pid 13187] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13108] <... chdir resumed>) = 0 [pid 13102] chdir("./file0") = 0 [pid 13187] <... prctl resumed>) = 0 [pid 13187] setpgid(0, 0 [pid 13108] ioctl(4, LOOP_CLR_FD [pid 13102] ioctl(4, LOOP_CLR_FD [pid 13187] <... setpgid resumed>) = 0 [pid 13108] <... ioctl resumed>) = 0 [pid 13102] <... ioctl resumed>) = 0 [pid 13187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13108] close(4 [pid 13102] close(4 [pid 13108] <... close resumed>) = 0 [pid 13102] <... close resumed>) = 0 [pid 13187] <... openat resumed>) = 3 [pid 13108] open("./file0", O_RDONLY [pid 13103] <... ioctl resumed>) = 0 [pid 13102] open("./file0", O_RDONLY [pid 13108] <... open resumed>) = 4 [pid 13103] open("./file0", O_RDONLY [pid 13102] <... open resumed>) = 4 [pid 13108] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13103] <... open resumed>) = 5 [pid 13187] write(3, "1000", 4 [pid 13108] <... ioctl resumed>) = 0 [pid 13102] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13103] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13187] <... write resumed>) = 4 [pid 13187] close(3 [pid 13103] <... ioctl resumed>) = 0 [pid 13187] <... close resumed>) = 0 [pid 13187] symlink("/dev/binderfs", "./binderfs" [pid 13108] open("./file0", O_RDONLY [pid 13187] <... symlink resumed>) = 0 [pid 13108] <... open resumed>) = 5 [pid 13103] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13187] memfd_create("syzkaller", 0 [pid 13108] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13103] exit_group(0) = ? [pid 13108] <... ioctl resumed>) = 0 [pid 13103] +++ exited with 0 +++ [pid 13187] <... memfd_create resumed>) = 3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13103, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 13108] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13108] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13102] <... ioctl resumed>) = 0 [pid 13187] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13102] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13108] exit_group(0 [pid 13102] <... open resumed>) = 5 [pid 5069] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13108] <... exit_group resumed>) = ? [pid 13102] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... openat resumed>) = 3 [pid 13108] +++ exited with 0 +++ [pid 13102] <... ioctl resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 13102] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13102] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] getdents64(3, [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13108, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- [pid 13102] exit_group(0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 13102] <... exit_group resumed>) = ? [pid 5069] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... restart_syscall resumed>) = 0 [pid 13102] +++ exited with 0 +++ [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13102, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5066] umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] unlink("./74/binderfs" [pid 5068] <... restart_syscall resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... unlink resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5069] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(3, [pid 5068] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] newfstatat(3, "", [pid 5066] umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] getdents64(3, [pid 5066] newfstatat(AT_FDCWD, "./75/binderfs", [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] unlink("./75/binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... unlink resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5066] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./74/binderfs") = 0 [pid 5068] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13104] <... mount resumed>) = 0 [pid 13104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13104] chdir("./file0" [pid 13107] <... mount resumed>) = 0 [pid 13104] <... chdir resumed>) = 0 [pid 13107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13104] ioctl(4, LOOP_CLR_FD [pid 13107] <... openat resumed>) = 3 [pid 13104] <... ioctl resumed>) = 0 [pid 13107] chdir("./file0" [pid 13104] close(4 [pid 13107] <... chdir resumed>) = 0 [pid 13104] <... close resumed>) = 0 [pid 13107] ioctl(4, LOOP_CLR_FD [pid 13104] open("./file0", O_RDONLY [pid 13107] <... ioctl resumed>) = 0 [pid 13104] <... open resumed>) = 4 [pid 13107] close(4 [pid 13104] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13107] <... close resumed>) = 0 [pid 13107] open("./file0", O_RDONLY) = 4 [pid 13107] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13104] <... ioctl resumed>) = 0 [pid 13104] open("./file0", O_RDONLY) = 5 [pid 13104] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13107] <... ioctl resumed>) = 0 [pid 13107] open("./file0", O_RDONLY) = 5 [pid 13107] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13104] <... ioctl resumed>) = 0 [pid 13104] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13104] exit_group(0) = ? [pid 13104] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13104, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 13107] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13107] exit_group(0) = ? [pid 13107] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13107, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5067] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... openat resumed>) = 3 [pid 5064] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(3, "", [pid 5064] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] newfstatat(3, "", [pid 5067] getdents64(3, [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] getdents64(3, [pid 5067] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5067] unlink("./74/binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5064] unlink("./73/binderfs" [pid 5067] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./74/file0") = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./74") = 0 [pid 5068] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] mkdir("./75", 0777 [pid 5068] newfstatat(AT_FDCWD, "./74/file0", [pid 5069] <... mkdir resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... openat resumed>) = 3 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] close(4 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 13210 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./74/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 ./strace-static-x86_64: Process 13210 attached [pid 5068] rmdir("./74") = 0 [pid 13210] set_robust_list(0x555557145760, 24 [pid 5068] mkdir("./75", 0777 [pid 13210] <... set_robust_list resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 13210] chdir("./75" [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 13210] <... chdir resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 13210] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] ioctl(3, LOOP_CLR_FD [pid 13210] <... prctl resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 13210] setpgid(0, 0) = 0 [pid 5068] close(3 [pid 13210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 13210] <... openat resumed>) = 3 ./strace-static-x86_64: Process 13211 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 13211 [pid 13211] set_robust_list(0x555557145760, 24) = 0 [pid 13210] write(3, "1000", 4) = 4 [pid 13210] close(3) = 0 [pid 13210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13211] chdir("./75" [pid 13210] memfd_create("syzkaller", 0 [pid 13211] <... chdir resumed>) = 0 [pid 13210] <... memfd_create resumed>) = 3 [pid 13211] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13211] <... prctl resumed>) = 0 [pid 13210] <... mmap resumed>) = 0x7fda9371b000 [pid 13211] setpgid(0, 0) = 0 [pid 13211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13211] write(3, "1000", 4) = 4 [pid 13211] close(3) = 0 [pid 13211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13211] memfd_create("syzkaller", 0) = 3 [pid 13211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./75/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./75") = 0 [pid 5066] mkdir("./76", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13212 ./strace-static-x86_64: Process 13212 attached [pid 13212] set_robust_list(0x555557145760, 24) = 0 [pid 13212] chdir("./76") = 0 [pid 13212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13212] setpgid(0, 0) = 0 [pid 13212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13212] write(3, "1000", 4) = 4 [pid 13212] close(3) = 0 [pid 13212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13212] memfd_create("syzkaller", 0) = 3 [pid 13212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./73/file0", [pid 5067] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./74/file0", [pid 5064] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(4, "", [pid 5067] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5067] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5067] <... openat resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 5067] newfstatat(4, "", [pid 5064] rmdir("./73/file0" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(3, [pid 5067] getdents64(4, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 5064] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5064] rmdir("./73" [pid 5067] rmdir("./74/file0" [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./74", 0777 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5067] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5067] <... close resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5067] rmdir("./74" [pid 5064] close(3) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] mkdir("./75", 0777 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13215 ./strace-static-x86_64: Process 13215 attached [pid 5067] <... mkdir resumed>) = 0 [pid 13215] set_robust_list(0x555557145760, 24 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 13215] <... set_robust_list resumed>) = 0 [pid 13215] chdir("./74" [pid 5067] <... openat resumed>) = 3 [pid 13215] <... chdir resumed>) = 0 [pid 13215] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 13215] <... prctl resumed>) = 0 [pid 13215] setpgid(0, 0) = 0 [pid 13215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 13216 attached ) = 3 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 13216 [pid 13216] set_robust_list(0x555557145760, 24 [pid 13215] write(3, "1000", 4) = 4 [pid 13215] close(3) = 0 [pid 13215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13216] <... set_robust_list resumed>) = 0 [pid 13215] memfd_create("syzkaller", 0) = 3 [pid 13216] chdir("./75" [pid 13215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13216] <... chdir resumed>) = 0 [pid 13216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13216] setpgid(0, 0 [pid 13210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13216] <... setpgid resumed>) = 0 [pid 13216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13216] write(3, "1000", 4) = 4 [pid 13216] close(3) = 0 [pid 13216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13216] memfd_create("syzkaller", 0) = 3 [pid 13216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13187] <... write resumed>) = 16777216 [pid 13187] munmap(0x7fda9371b000, 138412032) = 0 [pid 13187] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 13187] ioctl(4, LOOP_SET_FD, 3) = 0 [ 235.969383][T13187] loop1: detected capacity change from 0 to 32768 [pid 13187] close(3) = 0 [pid 13187] mkdir("./file0", 0777) = 0 [pid 13187] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 236.048857][T13187] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13187) [pid 13215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13211] <... write resumed>) = 16777216 [pid 13210] <... write resumed>) = 16777216 [pid 13211] munmap(0x7fda9371b000, 138412032) = 0 [pid 13210] munmap(0x7fda9371b000, 138412032 [pid 13215] <... write resumed>) = 16777216 [pid 13215] munmap(0x7fda9371b000, 138412032 [pid 13212] <... write resumed>) = 16777216 [pid 13210] <... munmap resumed>) = 0 [pid 13211] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 13211] ioctl(4, LOOP_SET_FD, 3 [pid 13215] <... munmap resumed>) = 0 [pid 13212] munmap(0x7fda9371b000, 138412032 [pid 13215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 13215] ioctl(4, LOOP_SET_FD, 3 [pid 13210] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 13210] ioctl(4, LOOP_SET_FD, 3 [pid 13215] <... ioctl resumed>) = 0 [pid 13212] <... munmap resumed>) = 0 [ 236.338559][T13211] loop4: detected capacity change from 0 to 32768 [ 236.360669][T13215] loop0: detected capacity change from 0 to 32768 [ 236.362693][T13210] loop5: detected capacity change from 0 to 32768 [pid 13212] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 13212] ioctl(4, LOOP_SET_FD, 3 [pid 13211] <... ioctl resumed>) = 0 [pid 13212] <... ioctl resumed>) = 0 [pid 13211] close(3) = 0 [pid 13211] mkdir("./file0", 0777) = 0 [pid 13211] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 236.383668][T13187] _btrfs_printk: 74 callbacks suppressed [ 236.383680][T13187] BTRFS info (device loop1): enabling ssd optimizations [ 236.409123][T13212] loop2: detected capacity change from 0 to 32768 [ 236.420761][T13211] BTRFS: device /dev/loop4 using temp-fsid 86a1257f-54bc-4b72-a3d2-de015b8b1313 [ 236.421276][T13187] BTRFS info (device loop1): auto enabling async discard [pid 13215] close(3) = 0 [pid 13210] <... ioctl resumed>) = 0 [pid 13215] mkdir("./file0", 0777 [pid 13210] close(3 [pid 13215] <... mkdir resumed>) = 0 [pid 13210] <... close resumed>) = 0 [pid 13215] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13210] mkdir("./file0", 0777) = 0 [pid 13212] close(3 [pid 13210] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13212] <... close resumed>) = 0 [pid 13212] mkdir("./file0", 0777) = 0 [ 236.441997][T13211] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13211) [ 236.472202][T13210] BTRFS: device /dev/loop5 using temp-fsid 0e0e03ef-221c-412d-80a8-c759b5d74dcc [ 236.482807][T13211] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 236.485293][T13210] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13210) [ 236.506016][T13187] BTRFS info (device loop1): rebuilding free space tree [ 236.508902][T13211] BTRFS info (device loop4): force clearing of disk cache [pid 13212] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13216] <... write resumed>) = 16777216 [ 236.541670][T13187] BTRFS info (device loop1): disabling free space tree [ 236.548565][T13187] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 236.548779][T13211] BTRFS info (device loop4): setting nodatasum [ 236.559909][T13187] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 236.577339][T13210] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 13216] munmap(0x7fda9371b000, 138412032) = 0 [ 236.587586][T13212] BTRFS: device /dev/loop2 using temp-fsid 87a1ca06-0128-422c-ab46-77b39b996900 [ 236.590150][T13210] BTRFS info (device loop5): force clearing of disk cache [ 236.608126][T13211] BTRFS info (device loop4): allowing degraded mounts [ 236.611110][T13210] BTRFS info (device loop5): setting nodatasum [ 236.618783][T13212] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13212) [ 236.630069][T13210] BTRFS info (device loop5): allowing degraded mounts [pid 13216] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 236.636331][T13211] BTRFS info (device loop4): enabling disk space caching [ 236.643580][T13210] BTRFS info (device loop5): enabling disk space caching [ 236.655666][T13211] BTRFS info (device loop4): disk space caching is enabled [ 236.656575][T13187] BTRFS info (device loop1): checking UUID tree [ 236.670138][T13216] loop3: detected capacity change from 0 to 32768 [ 236.670585][T13215] BTRFS: device /dev/loop0 using temp-fsid 17c33a18-b9f2-47eb-99f3-2f16479357c8 [pid 13216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13216] close(3) = 0 [pid 13216] mkdir("./file0", 0777) = 0 [pid 13216] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13187] <... mount resumed>) = 0 [pid 13187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13187] chdir("./file0") = 0 [pid 13187] ioctl(4, LOOP_CLR_FD) = 0 [pid 13187] close(4) = 0 [pid 13187] open("./file0", O_RDONLY) = 4 [pid 13187] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13187] open("./file0", O_RDONLY) = 5 [ 236.690091][T13212] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 236.691924][T13215] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13215) [ 236.708779][T13212] BTRFS info (device loop2): force clearing of disk cache [ 236.719814][T13210] BTRFS info (device loop5): disk space caching is enabled [pid 13187] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13187] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13187] exit_group(0) = ? [pid 13187] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13187, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./75/binderfs") = 0 [ 236.750596][T13212] BTRFS info (device loop2): setting nodatasum [ 236.758072][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 236.761989][T13212] BTRFS info (device loop2): allowing degraded mounts [ 236.795606][T13216] BTRFS: device /dev/loop3 using temp-fsid 4b8f8248-b963-4893-a97f-ab5c10200045 [ 236.805863][T13215] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 236.810209][T13216] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13216) [ 236.828834][T13212] BTRFS info (device loop2): enabling disk space caching [ 236.832237][T13215] BTRFS info (device loop0): force clearing of disk cache [ 236.838545][T13212] BTRFS info (device loop2): disk space caching is enabled [ 236.858128][T13215] BTRFS info (device loop0): setting nodatasum [ 236.864646][T13215] BTRFS info (device loop0): allowing degraded mounts [ 236.867088][T13216] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 236.872017][T13215] BTRFS info (device loop0): enabling disk space caching [ 236.881253][T13216] BTRFS info (device loop3): force clearing of disk cache [ 236.898094][T13216] BTRFS info (device loop3): setting nodatasum [ 236.906571][T13216] BTRFS info (device loop3): allowing degraded mounts [ 236.913610][T13216] BTRFS info (device loop3): enabling disk space caching [ 236.917268][T13215] BTRFS info (device loop0): disk space caching is enabled [ 236.920693][T13216] BTRFS info (device loop3): disk space caching is enabled [pid 5065] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./75/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./75") = 0 [pid 5065] mkdir("./76", 0777) = 0 [ 236.950404][T13210] BTRFS info (device loop5): enabling ssd optimizations [ 236.957351][T13210] BTRFS info (device loop5): auto enabling async discard [ 236.965051][T13211] BTRFS info (device loop4): enabling ssd optimizations [ 236.966705][T13210] BTRFS info (device loop5): rebuilding free space tree [ 236.979137][T13211] BTRFS info (device loop4): auto enabling async discard [ 236.989364][T13211] BTRFS info (device loop4): rebuilding free space tree [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13303 ./strace-static-x86_64: Process 13303 attached [pid 13303] set_robust_list(0x555557145760, 24) = 0 [pid 13303] chdir("./76") = 0 [ 237.028210][T13211] BTRFS info (device loop4): disabling free space tree [ 237.038640][T13210] BTRFS info (device loop5): disabling free space tree [ 237.059674][T13211] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 13303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13303] setpgid(0, 0) = 0 [pid 13303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13303] write(3, "1000", 4) = 4 [pid 13303] close(3) = 0 [pid 13303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13303] memfd_create("syzkaller", 0) = 3 [pid 13303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 237.077846][T13210] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 237.089934][T13211] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 237.099520][T13216] BTRFS info (device loop3): enabling ssd optimizations [ 237.100198][T13215] BTRFS info (device loop0): enabling ssd optimizations [ 237.107019][T13216] BTRFS info (device loop3): auto enabling async discard [ 237.122920][T13210] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 237.139330][T13212] BTRFS info (device loop2): enabling ssd optimizations [ 237.149303][T13215] BTRFS info (device loop0): auto enabling async discard [ 237.164326][T13211] BTRFS info (device loop4): checking UUID tree [pid 13211] <... mount resumed>) = 0 [pid 13211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13211] chdir("./file0") = 0 [pid 13211] ioctl(4, LOOP_CLR_FD) = 0 [pid 13211] close(4) = 0 [pid 13211] open("./file0", O_RDONLY) = 4 [ 237.174449][T13212] BTRFS info (device loop2): auto enabling async discard [ 237.186402][T13210] BTRFS info (device loop5): checking UUID tree [ 237.197096][T13215] BTRFS info (device loop0): rebuilding free space tree [ 237.210094][T13212] BTRFS info (device loop2): rebuilding free space tree [ 237.219731][T13216] BTRFS info (device loop3): rebuilding free space tree [pid 13211] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13211] open("./file0", O_RDONLY) = 5 [pid 13211] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13210] <... mount resumed>) = 0 [pid 13211] <... ioctl resumed>) = 0 [pid 13211] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13211] exit_group(0) = ? [pid 13211] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13211, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- [pid 5068] umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 237.236758][T13215] BTRFS info (device loop0): disabling free space tree [ 237.264419][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 237.274098][T13215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./75/binderfs", [pid 13210] <... openat resumed>) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./75/binderfs") = 0 [pid 5068] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13210] chdir("./file0") = 0 [pid 13210] ioctl(4, LOOP_CLR_FD) = 0 [pid 13210] close(4) = 0 [ 237.279341][T13216] BTRFS info (device loop3): disabling free space tree [ 237.289121][T13212] BTRFS info (device loop2): disabling free space tree [ 237.298603][T13212] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 237.309351][T13215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 237.324565][T13212] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 13210] open("./file0", O_RDONLY) = 4 [pid 13303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 237.337114][T13216] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 237.352577][T13215] BTRFS info (device loop0): checking UUID tree [ 237.370195][T13216] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 237.371465][T13212] BTRFS info (device loop2): checking UUID tree [pid 13210] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13210] open("./file0", O_RDONLY) = 5 [pid 13210] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13210] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13210] exit_group(0) = ? [pid 13210] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13210, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=35 /* 0.35 s */} --- [pid 13215] <... mount resumed>) = 0 [pid 5069] umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = 0 [pid 13212] <... mount resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13215] <... openat resumed>) = 3 [pid 13215] chdir("./file0" [pid 5069] <... openat resumed>) = 3 [pid 5068] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13215] <... chdir resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 13215] ioctl(4, LOOP_CLR_FD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13215] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, [pid 13215] close(4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13215] <... close resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./75/file0", [pid 13215] open("./file0", O_RDONLY) = 4 [pid 13212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13212] <... openat resumed>) = 3 [ 237.429594][T13216] BTRFS info (device loop3): checking UUID tree [pid 5069] umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13215] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13212] chdir("./file0" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13212] <... chdir resumed>) = 0 [pid 13212] ioctl(4, LOOP_CLR_FD [pid 5069] unlink("./75/binderfs" [pid 5068] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... unlink resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5069] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13212] <... ioctl resumed>) = 0 [pid 13212] close(4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 13215] <... ioctl resumed>) = 0 [pid 13212] <... close resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 13212] open("./file0", O_RDONLY [pid 13215] open("./file0", O_RDONLY [pid 13212] <... open resumed>) = 4 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13212] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] close(4 [pid 13215] <... open resumed>) = 5 [pid 5068] <... close resumed>) = 0 [pid 13215] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13216] <... mount resumed>) = 0 [pid 13215] <... ioctl resumed>) = 0 [pid 5068] rmdir("./75/file0" [pid 13216] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13216] chdir("./file0") = 0 [ 237.492495][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 13216] ioctl(4, LOOP_CLR_FD) = 0 [pid 13216] close(4) = 0 [pid 13216] open("./file0", O_RDONLY) = 4 [pid 13216] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... rmdir resumed>) = 0 [pid 13215] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] getdents64(3, [pid 13215] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13216] <... ioctl resumed>) = 0 [pid 13215] exit_group(0 [pid 5068] close(3 [pid 13216] open("./file0", O_RDONLY) = 5 [pid 13215] <... exit_group resumed>) = ? [pid 5068] <... close resumed>) = 0 [pid 13216] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13215] +++ exited with 0 +++ [pid 5068] rmdir("./75" [pid 13216] <... ioctl resumed>) = 0 [pid 13212] <... ioctl resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13215, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 13212] open("./file0", O_RDONLY [pid 5068] mkdir("./76", 0777 [pid 13216] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13212] <... open resumed>) = 5 [pid 5068] <... mkdir resumed>) = 0 [pid 13216] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13212] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 13216] exit_group(0) = ? [pid 5064] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 3 [pid 13216] +++ exited with 0 +++ [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13216, si_uid=0, si_status=0, si_utime=0, si_stime=41 /* 0.41 s */} --- [pid 5064] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... ioctl resumed>) = 0 [pid 13212] <... ioctl resumed>) = 0 [pid 5068] close(3 [pid 5064] <... openat resumed>) = 3 [pid 5067] umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 237.576436][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 13212] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... openat resumed>) = 3 [pid 5064] getdents64(3, ./strace-static-x86_64: Process 13319 attached [pid 13319] set_robust_list(0x555557145760, 24) = 0 [pid 13319] chdir("./76") = 0 [pid 13319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13319] setpgid(0, 0) = 0 [pid 13319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13319] write(3, "1000", 4) = 4 [pid 13319] close(3) = 0 [pid 13319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13319] memfd_create("syzkaller", 0) = 3 [pid 13319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5067] newfstatat(3, "", [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13212] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 13319 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] getdents64(3, [pid 5064] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] unlink("./74/binderfs") = 0 [pid 5064] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13212] exit_group(0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13212] <... exit_group resumed>) = ? [pid 5067] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./75/binderfs" [pid 13212] +++ exited with 0 +++ [pid 5067] <... unlink resumed>) = 0 [pid 5067] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13212, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- [pid 5066] umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 237.659825][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 237.686309][ T2497] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5069] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] unlink("./76/binderfs" [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./75/file0") = 0 [pid 5066] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./75") = 0 [pid 5069] mkdir("./76", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13321 ./strace-static-x86_64: Process 13321 attached [pid 13321] set_robust_list(0x555557145760, 24) = 0 [pid 13321] chdir("./76") = 0 [pid 13321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13321] setpgid(0, 0) = 0 [pid 13321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13321] write(3, "1000", 4) = 4 [pid 13321] close(3) = 0 [pid 13321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13321] memfd_create("syzkaller", 0) = 3 [pid 13321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./76/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./76" [pid 5067] <... umount2 resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] mkdir("./77", 0777 [pid 5067] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] newfstatat(AT_FDCWD, "./75/file0", [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] close(3 [pid 5067] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 13323 attached ) = 4 [pid 5067] newfstatat(4, "", [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 13323 [pid 13323] set_robust_list(0x555557145760, 24) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 13323] chdir("./77" [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13323] <... chdir resumed>) = 0 [pid 13323] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] close(4 [pid 13323] <... prctl resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 13323] setpgid(0, 0 [pid 5067] rmdir("./75/file0" [pid 13323] <... setpgid resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 13323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... umount2 resumed>) = 0 [pid 13323] <... openat resumed>) = 3 [pid 5067] getdents64(3, [pid 13323] write(3, "1000", 4 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13323] <... write resumed>) = 4 [pid 5067] close(3 [pid 13323] close(3 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./75" [pid 13323] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 13323] symlink("/dev/binderfs", "./binderfs" [pid 13303] <... write resumed>) = 16777216 [pid 5067] mkdir("./76", 0777 [pid 5064] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13323] <... symlink resumed>) = 0 [pid 13321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13323] memfd_create("syzkaller", 0 [pid 13303] munmap(0x7fda9371b000, 138412032 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5064] newfstatat(AT_FDCWD, "./74/file0", [pid 5067] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5064] <... openat resumed>) = 4 [pid 13323] <... memfd_create resumed>) = 3 [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3 [pid 5064] newfstatat(4, "", [pid 5067] <... close resumed>) = 0 [pid 13323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13323] <... mmap resumed>) = 0x7fda9371b000 [pid 13303] <... munmap resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./74/file0"./strace-static-x86_64: Process 13324 attached [pid 13303] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] <... rmdir resumed>) = 0 [pid 13324] set_robust_list(0x555557145760, 24 [pid 13303] <... openat resumed>) = 4 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 13324 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./74") = 0 [pid 5064] mkdir("./75", 0777) = 0 [pid 13324] <... set_robust_list resumed>) = 0 [pid 13319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 13324] chdir("./76" [pid 13303] ioctl(4, LOOP_SET_FD, 3 [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13325 ./strace-static-x86_64: Process 13325 attached [pid 13325] set_robust_list(0x555557145760, 24) = 0 [pid 13325] chdir("./75") = 0 [pid 13324] <... chdir resumed>) = 0 [pid 13324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13325] setpgid(0, 0) = 0 [pid 13325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13325] write(3, "1000", 4) = 4 [pid 13324] setpgid(0, 0 [pid 13325] close(3) = 0 [pid 13325] symlink("/dev/binderfs", "./binderfs") = 0 [ 238.157846][T13303] loop1: detected capacity change from 0 to 32768 [pid 13325] memfd_create("syzkaller", 0 [pid 13303] <... ioctl resumed>) = 0 [pid 13324] <... setpgid resumed>) = 0 [pid 13325] <... memfd_create resumed>) = 3 [pid 13325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13303] close(3) = 0 [pid 13324] <... openat resumed>) = 3 [pid 13303] mkdir("./file0", 0777) = 0 [pid 13303] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13324] write(3, "1000", 4) = 4 [pid 13324] close(3) = 0 [pid 13324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13324] memfd_create("syzkaller", 0) = 3 [ 238.251341][T13303] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13303) [pid 13324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 238.320100][T13303] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 238.419260][T13303] BTRFS info (device loop1): force clearing of disk cache [ 238.445456][T13303] BTRFS info (device loop1): setting nodatasum [ 238.492376][T13303] BTRFS info (device loop1): allowing degraded mounts [ 238.528847][T13303] BTRFS info (device loop1): enabling disk space caching [ 238.535883][T13303] BTRFS info (device loop1): disk space caching is enabled [pid 13323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 238.740267][T13303] BTRFS info (device loop1): enabling ssd optimizations [ 238.756766][T13303] BTRFS info (device loop1): auto enabling async discard [ 238.778192][T13303] BTRFS info (device loop1): rebuilding free space tree [pid 13325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13321] <... write resumed>) = 16777216 [pid 13324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13319] <... write resumed>) = 16777216 [pid 13319] munmap(0x7fda9371b000, 138412032 [pid 13321] munmap(0x7fda9371b000, 138412032 [pid 13319] <... munmap resumed>) = 0 [pid 13321] <... munmap resumed>) = 0 [pid 13321] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 13319] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 13321] <... openat resumed>) = 4 [pid 13319] <... openat resumed>) = 4 [pid 13321] ioctl(4, LOOP_SET_FD, 3 [ 238.882594][T13303] BTRFS info (device loop1): disabling free space tree [ 238.907989][T13303] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 13319] ioctl(4, LOOP_SET_FD, 3 [pid 13321] <... ioctl resumed>) = 0 [pid 13321] close(3) = 0 [ 238.952095][T13321] loop5: detected capacity change from 0 to 32768 [ 238.958627][T13303] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 238.981434][T13319] loop4: detected capacity change from 0 to 32768 [pid 13319] <... ioctl resumed>) = 0 [pid 13321] mkdir("./file0", 0777) = 0 [pid 13319] close(3) = 0 [pid 13321] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13319] mkdir("./file0", 0777) = 0 [pid 13319] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13303] <... mount resumed>) = 0 [pid 13303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13303] chdir("./file0") = 0 [pid 13303] ioctl(4, LOOP_CLR_FD) = 0 [pid 13303] close(4) = 0 [pid 13303] open("./file0", O_RDONLY) = 4 [pid 13303] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 239.010776][T13303] BTRFS info (device loop1): checking UUID tree [ 239.024969][T13321] BTRFS: device /dev/loop5 using temp-fsid 47b7c0ca-a5a4-4471-a516-123abee04f5d [pid 13303] open("./file0", O_RDONLY) = 5 [pid 13303] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13303] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13303] exit_group(0) = ? [pid 13303] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13303, si_uid=0, si_status=0, si_utime=0, si_stime=40 /* 0.40 s */} --- [pid 5065] umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./76/binderfs") = 0 [ 239.059546][T13321] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13321) [ 239.079643][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 239.127464][T13319] BTRFS: device /dev/loop4 using temp-fsid 5451bb70-0dcc-409f-9944-95068cbcbddc [ 239.140867][T13321] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 239.159228][T13319] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13319) [ 239.160079][T13321] BTRFS info (device loop5): force clearing of disk cache [pid 5065] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 239.200681][T13319] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 239.229690][T13321] BTRFS info (device loop5): setting nodatasum [ 239.235869][T13321] BTRFS info (device loop5): allowing degraded mounts [pid 13325] <... write resumed>) = 16777216 [pid 13325] munmap(0x7fda9371b000, 138412032 [pid 5065] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13325] <... munmap resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 13325] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 13325] <... openat resumed>) = 4 [pid 13325] ioctl(4, LOOP_SET_FD, 3 [pid 13323] <... write resumed>) = 16777216 [pid 5065] <... close resumed>) = 0 [pid 13325] <... ioctl resumed>) = 0 [pid 13323] munmap(0x7fda9371b000, 138412032 [pid 5065] rmdir("./76/file0") = 0 [pid 13325] close(3 [pid 5065] getdents64(3, [pid 13325] <... close resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13325] mkdir("./file0", 0777) = 0 [pid 5065] close(3 [ 239.249202][T13319] BTRFS info (device loop4): force clearing of disk cache [ 239.256450][T13319] BTRFS info (device loop4): setting nodatasum [ 239.275864][T13325] loop0: detected capacity change from 0 to 32768 [ 239.283064][T13319] BTRFS info (device loop4): allowing degraded mounts [pid 13325] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... close resumed>) = 0 [pid 13323] <... munmap resumed>) = 0 [pid 5065] rmdir("./76") = 0 [pid 5065] mkdir("./77", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 13323] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5065] <... openat resumed>) = 3 [pid 13323] ioctl(4, LOOP_SET_FD, 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13360 attached [pid 13324] <... write resumed>) = 16777216 [pid 13323] <... ioctl resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13360 [pid 13360] set_robust_list(0x555557145760, 24 [pid 13324] munmap(0x7fda9371b000, 138412032 [pid 13323] close(3 [pid 13360] <... set_robust_list resumed>) = 0 [pid 13324] <... munmap resumed>) = 0 [pid 13360] chdir("./77" [pid 13323] <... close resumed>) = 0 [pid 13360] <... chdir resumed>) = 0 [pid 13323] mkdir("./file0", 0777) = 0 [pid 13360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 239.307239][T13325] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13325) [ 239.334397][T13323] loop2: detected capacity change from 0 to 32768 [pid 13323] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13360] setpgid(0, 0) = 0 [pid 13324] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 13324] ioctl(4, LOOP_SET_FD, 3 [pid 13360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13324] <... ioctl resumed>) = 0 [pid 13360] <... openat resumed>) = 3 [pid 13360] write(3, "1000", 4) = 4 [pid 13360] close(3) = 0 [pid 13360] symlink("/dev/binderfs", "./binderfs" [pid 13324] close(3 [pid 13360] <... symlink resumed>) = 0 [pid 13360] memfd_create("syzkaller", 0 [pid 13324] <... close resumed>) = 0 [pid 13324] mkdir("./file0", 0777 [pid 13360] <... memfd_create resumed>) = 3 [pid 13360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13324] <... mkdir resumed>) = 0 [ 239.375326][T13323] BTRFS: device /dev/loop2 using temp-fsid 113d5af5-4b35-4f13-9793-e82fcbdc2f86 [ 239.389109][T13324] loop3: detected capacity change from 0 to 32768 [ 239.411412][T13323] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13323) [pid 13324] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13321] <... mount resumed>) = 0 [pid 13321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13321] chdir("./file0") = 0 [pid 13321] ioctl(4, LOOP_CLR_FD) = 0 [pid 13321] close(4) = 0 [pid 13321] open("./file0", O_RDONLY) = 4 [ 239.434342][T13324] BTRFS: device /dev/loop3 using temp-fsid 004dc674-5f79-4514-ad91-cd12f2bf0dac [ 239.468832][T13324] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13324) [pid 13321] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13321] open("./file0", O_RDONLY) = 5 [pid 13321] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13321] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13321] exit_group(0) = ? [pid 13321] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13321, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- [pid 5069] umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./76/binderfs") = 0 [pid 5069] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13323] <... mount resumed>) = 0 [pid 13323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13319] <... mount resumed>) = 0 [pid 13325] <... mount resumed>) = 0 [pid 13323] <... openat resumed>) = 3 [pid 13319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13323] chdir("./file0") = 0 [pid 13323] ioctl(4, LOOP_CLR_FD) = 0 [pid 13323] close(4) = 0 [pid 13319] <... openat resumed>) = 3 [pid 13323] open("./file0", O_RDONLY [pid 13319] chdir("./file0") = 0 [pid 13325] <... openat resumed>) = 3 [pid 13319] ioctl(4, LOOP_CLR_FD [pid 13325] chdir("./file0") = 0 [pid 13323] <... open resumed>) = 4 [pid 13325] ioctl(4, LOOP_CLR_FD [pid 13323] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13325] <... ioctl resumed>) = 0 [pid 13325] close(4) = 0 [pid 13319] <... ioctl resumed>) = 0 [pid 13319] close(4) = 0 [pid 13319] open("./file0", O_RDONLY) = 4 [pid 13319] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13325] open("./file0", O_RDONLY) = 4 [pid 13360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13325] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13323] <... ioctl resumed>) = 0 [pid 13323] open("./file0", O_RDONLY) = 5 [pid 13319] <... ioctl resumed>) = 0 [pid 13323] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13319] open("./file0", O_RDONLY [pid 13323] <... ioctl resumed>) = 0 [pid 13319] <... open resumed>) = 5 [pid 13319] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13323] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13319] <... ioctl resumed>) = 0 [pid 13323] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13319] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13325] <... ioctl resumed>) = 0 [pid 13323] exit_group(0 [pid 13319] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13325] open("./file0", O_RDONLY [pid 13323] <... exit_group resumed>) = ? [pid 13319] exit_group(0 [pid 13325] <... open resumed>) = 5 [pid 13323] +++ exited with 0 +++ [pid 13319] <... exit_group resumed>) = ? [pid 13325] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13319] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13323, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13319, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5068] umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... restart_syscall resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] getdents64(3, [pid 13325] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] <... openat resumed>) = 3 [pid 5068] umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./76/binderfs", [pid 13325] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(3, [pid 13325] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] unlink("./76/binderfs" [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13325] exit_group(0 [pid 5066] umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13325] <... exit_group resumed>) = ? [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13325] +++ exited with 0 +++ [pid 5066] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./77/binderfs") = 0 [pid 5066] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13325, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} --- [pid 5068] <... unlink resumed>) = 0 [pid 5064] umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13324] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13324] chdir("./file0" [pid 5064] unlink("./75/binderfs" [pid 13324] <... chdir resumed>) = 0 [pid 13324] ioctl(4, LOOP_CLR_FD [pid 5064] <... unlink resumed>) = 0 [pid 13324] <... ioctl resumed>) = 0 [pid 5069] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13324] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13324] <... close resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./76/file0", [pid 13324] open("./file0", O_RDONLY [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13324] <... open resumed>) = 4 [pid 5069] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13324] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 13324] <... ioctl resumed>) = 0 [pid 5069] rmdir("./76/file0" [pid 13324] open("./file0", O_RDONLY [pid 5069] <... rmdir resumed>) = 0 [pid 13324] <... open resumed>) = 5 [pid 5069] getdents64(3, [pid 13324] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./76") = 0 [pid 5069] mkdir("./77", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13426 attached [pid 13426] set_robust_list(0x555557145760, 24) = 0 [pid 13426] chdir("./77") = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 13426 [pid 13426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13426] setpgid(0, 0) = 0 [pid 13426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13324] <... ioctl resumed>) = 0 [pid 13426] <... openat resumed>) = 3 [pid 13324] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13426] write(3, "1000", 4 [pid 13324] exit_group(0 [pid 13426] <... write resumed>) = 4 [pid 13324] <... exit_group resumed>) = ? [pid 13426] close(3 [pid 13324] +++ exited with 0 +++ [pid 13426] <... close resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13324, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 13426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13426] memfd_create("syzkaller", 0) = 3 [pid 13426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13360] <... write resumed>) = 16777216 [pid 5067] umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13360] munmap(0x7fda9371b000, 138412032 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", [pid 13360] <... munmap resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] getdents64(3, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./76/file0", [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./76/binderfs", [pid 13360] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5068] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5068] newfstatat(4, "", [pid 13360] ioctl(4, LOOP_SET_FD, 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] unlink("./76/binderfs" [pid 5068] getdents64(4, [pid 5067] <... unlink resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./76/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./76") = 0 [pid 5068] mkdir("./77", 0777 [pid 5064] <... umount2 resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./75/file0", ./strace-static-x86_64: Process 13427 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 13427 [pid 13427] set_robust_list(0x555557145760, 24) = 0 [pid 13360] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13360] close(3 [pid 5066] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13360] <... close resumed>) = 0 [pid 5064] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13360] mkdir("./file0", 0777 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13427] chdir("./77" [pid 13360] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 240.002506][T13360] loop1: detected capacity change from 0 to 32768 [pid 5066] newfstatat(AT_FDCWD, "./77/file0", [pid 13427] <... chdir resumed>) = 0 [pid 13360] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5066] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 13427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13427] setpgid(0, 0) = 0 [pid 13427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13427] write(3, "1000", 4) = 4 [pid 13427] close(3) = 0 [pid 13427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13427] memfd_create("syzkaller", 0) = 3 [pid 13427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5066] getdents64(4, [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 5066] getdents64(4, [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5064] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] rmdir("./75/file0") = 0 [pid 5066] rmdir("./77/file0") = 0 [pid 5064] getdents64(3, [pid 5066] getdents64(3, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [ 240.068989][T13360] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13360) [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5066] close(3) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] rmdir("./77" [pid 5064] rmdir("./75") = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] mkdir("./76", 0777 [pid 5066] mkdir("./78", 0777 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] <... openat resumed>) = 3 [pid 5064] <... ioctl resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] close(3 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] close(3 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13432 attached [pid 5066] <... close resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13432 [pid 13432] set_robust_list(0x555557145760, 24 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13433 attached [pid 13432] <... set_robust_list resumed>) = 0 [pid 13432] chdir("./76" [pid 13433] set_robust_list(0x555557145760, 24 [pid 13432] <... chdir resumed>) = 0 [pid 13432] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... umount2 resumed>) = 0 [pid 13432] <... prctl resumed>) = 0 [pid 13433] <... set_robust_list resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 13433 [pid 13433] chdir("./78" [pid 13432] setpgid(0, 0 [pid 5067] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 13433] <... chdir resumed>) = 0 [pid 13432] <... setpgid resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./76/file0", [pid 13433] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13433] <... prctl resumed>) = 0 [pid 13433] setpgid(0, 0 [pid 13432] <... openat resumed>) = 3 [pid 5067] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 13433] <... setpgid resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13432] write(3, "1000", 4 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", [pid 13433] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13432] <... write resumed>) = 4 [pid 5067] getdents64(4, [pid 13432] close(3) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 13432] symlink("/dev/binderfs", "./binderfs" [pid 5067] getdents64(4, [pid 13433] write(3, "1000", 4 [pid 13432] <... symlink resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13433] <... write resumed>) = 4 [pid 13433] close(3 [pid 13432] memfd_create("syzkaller", 0 [pid 5067] close(4 [pid 13433] <... close resumed>) = 0 [pid 13433] symlink("/dev/binderfs", "./binderfs" [pid 13432] <... memfd_create resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 13433] <... symlink resumed>) = 0 [pid 5067] rmdir("./76/file0" [pid 13433] memfd_create("syzkaller", 0 [pid 5067] <... rmdir resumed>) = 0 [pid 13433] <... memfd_create resumed>) = 3 [pid 13433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13433] <... mmap resumed>) = 0x7fda9371b000 [pid 13432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] close(3) = 0 [pid 13432] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] rmdir("./76") = 0 [pid 5067] mkdir("./77", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13444 ./strace-static-x86_64: Process 13444 attached [pid 13444] set_robust_list(0x555557145760, 24) = 0 [pid 13444] chdir("./77") = 0 [pid 13444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13444] setpgid(0, 0) = 0 [pid 13444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13444] write(3, "1000", 4) = 4 [pid 13444] close(3) = 0 [pid 13444] symlink("/dev/binderfs", "./binderfs" [pid 13426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13444] <... symlink resumed>) = 0 [pid 13444] memfd_create("syzkaller", 0) = 3 [pid 13444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13360] <... mount resumed>) = 0 [pid 13360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13360] chdir("./file0") = 0 [pid 13360] ioctl(4, LOOP_CLR_FD) = 0 [pid 13360] close(4) = 0 [pid 13360] open("./file0", O_RDONLY) = 4 [pid 13360] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13360] open("./file0", O_RDONLY) = 5 [pid 13360] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13360] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13360] exit_group(0) = ? [pid 13360] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13360, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./77/binderfs") = 0 [pid 5065] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13426] <... write resumed>) = 16777216 [pid 13426] munmap(0x7fda9371b000, 138412032) = 0 [pid 13426] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 13426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13426] close(3) = 0 [pid 13426] mkdir("./file0", 0777) = 0 [ 241.269113][T13426] loop5: detected capacity change from 0 to 32768 [ 241.314901][T13426] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13426) [pid 13426] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13427] <... write resumed>) = 16777216 [pid 13427] munmap(0x7fda9371b000, 138412032) = 0 [pid 13427] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 13427] ioctl(4, LOOP_SET_FD, 3 [pid 13433] <... write resumed>) = 16777216 [pid 13433] munmap(0x7fda9371b000, 138412032 [pid 13427] <... ioctl resumed>) = 0 [pid 13427] close(3) = 0 [pid 13427] mkdir("./file0", 0777) = 0 [pid 13427] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13433] <... munmap resumed>) = 0 [ 241.445900][T13427] loop4: detected capacity change from 0 to 32768 [pid 13433] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 13433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13433] close(3) = 0 [pid 13433] mkdir("./file0", 0777) = 0 [pid 13433] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13432] <... write resumed>) = 16777216 [pid 13432] munmap(0x7fda9371b000, 138412032) = 0 [pid 13432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 241.486549][T13427] BTRFS: device /dev/loop4 using temp-fsid 51907aa7-493c-4e74-8297-7de2b27e39ff [ 241.498961][T13433] loop2: detected capacity change from 0 to 32768 [ 241.522934][T13427] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13427) [pid 13444] <... write resumed>) = 16777216 [pid 13432] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13444] munmap(0x7fda9371b000, 138412032 [pid 13432] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 241.561974][T13433] BTRFS: device /dev/loop2 using temp-fsid faae82e2-47fe-4024-a930-ba913e9ee1f5 [ 241.572291][T13427] _btrfs_printk: 82 callbacks suppressed [ 241.572302][T13427] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 241.573400][T13432] loop0: detected capacity change from 0 to 32768 [ 241.579365][T13427] BTRFS info (device loop4): force clearing of disk cache [pid 13444] <... munmap resumed>) = 0 [pid 13432] close(3 [pid 5065] newfstatat(AT_FDCWD, "./77/file0", [pid 13444] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 13432] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13444] <... openat resumed>) = 4 [pid 13432] mkdir("./file0", 0777 [pid 5065] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 241.591774][T13433] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13433) [ 241.595182][T13427] BTRFS info (device loop4): setting nodatasum [ 241.608542][T13426] BTRFS info (device loop5): enabling ssd optimizations [ 241.614091][T13427] BTRFS info (device loop4): allowing degraded mounts [ 241.622496][T13426] BTRFS info (device loop5): auto enabling async discard [ 241.630455][T13427] BTRFS info (device loop4): enabling disk space caching [ 241.639140][T13444] loop3: detected capacity change from 0 to 32768 [pid 13444] ioctl(4, LOOP_SET_FD, 3 [pid 13432] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13444] <... ioctl resumed>) = 0 [pid 13444] close(3 [pid 13432] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13444] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 13444] mkdir("./file0", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13444] <... mkdir resumed>) = 0 [pid 5065] getdents64(4, [pid 13444] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 241.642262][T13433] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 241.648095][T13427] BTRFS info (device loop4): disk space caching is enabled [ 241.654962][T13433] BTRFS info (device loop2): force clearing of disk cache [ 241.664078][T13426] BTRFS info (device loop5): rebuilding free space tree [ 241.671348][T13433] BTRFS info (device loop2): setting nodatasum [ 241.685895][T13432] BTRFS: device /dev/loop0 using temp-fsid 109f549b-e250-4455-9d48-c9c377b109a1 [ 241.702472][T13433] BTRFS info (device loop2): allowing degraded mounts [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 241.706181][T13426] BTRFS info (device loop5): disabling free space tree [ 241.710011][T13432] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13432) [ 241.718236][T13426] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 241.729528][T13433] BTRFS info (device loop2): enabling disk space caching [ 241.740803][T13426] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5065] close(4) = 0 [pid 5065] rmdir("./77/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [ 241.756299][T13433] BTRFS info (device loop2): disk space caching is enabled [ 241.759691][T13426] BTRFS info (device loop5): checking UUID tree [ 241.766300][T13444] BTRFS: device /dev/loop3 using temp-fsid f7d45382-2254-4d13-a4fc-b38b5cd475ab [ 241.781137][T13432] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 241.791413][T13432] BTRFS info (device loop0): force clearing of disk cache [ 241.794455][T13444] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13444) [pid 5065] close(3 [pid 13426] <... mount resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./77") = 0 [pid 5065] mkdir("./78", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 13426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 13426] <... openat resumed>) = 3 [pid 5065] close(3) = 0 [pid 13426] chdir("./file0" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 13426] <... chdir resumed>) = 0 [pid 13426] ioctl(4, LOOP_CLR_FD [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13480 [pid 13426] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 13480 attached [pid 13426] close(4 [pid 13480] set_robust_list(0x555557145760, 24 [pid 13426] <... close resumed>) = 0 [ 241.799086][T13432] BTRFS info (device loop0): setting nodatasum [ 241.817749][T13432] BTRFS info (device loop0): allowing degraded mounts [ 241.832150][T13444] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 241.841447][T13432] BTRFS info (device loop0): enabling disk space caching [ 241.841464][T13432] BTRFS info (device loop0): disk space caching is enabled [pid 13480] <... set_robust_list resumed>) = 0 [pid 13426] open("./file0", O_RDONLY [pid 13480] chdir("./78" [pid 13426] <... open resumed>) = 4 [pid 13480] <... chdir resumed>) = 0 [pid 13426] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13480] setpgid(0, 0) = 0 [pid 13480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13480] write(3, "1000", 4) = 4 [pid 13480] close(3) = 0 [pid 13426] <... ioctl resumed>) = 0 [pid 13426] open("./file0", O_RDONLY) = 5 [pid 13426] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13426] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 241.859589][T13444] BTRFS info (device loop3): force clearing of disk cache [ 241.869122][T13444] BTRFS info (device loop3): setting nodatasum [ 241.881141][T13444] BTRFS info (device loop3): allowing degraded mounts [ 241.889160][T13444] BTRFS info (device loop3): enabling disk space caching [ 241.897181][T13444] BTRFS info (device loop3): disk space caching is enabled [pid 13426] exit_group(0 [pid 13480] symlink("/dev/binderfs", "./binderfs" [pid 13426] <... exit_group resumed>) = ? [pid 13480] <... symlink resumed>) = 0 [pid 13480] memfd_create("syzkaller", 0 [pid 13426] +++ exited with 0 +++ [pid 13480] <... memfd_create resumed>) = 3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13426, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 13480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./77/binderfs") = 0 [ 241.909836][T13427] BTRFS info (device loop4): enabling ssd optimizations [ 241.917637][T13427] BTRFS info (device loop4): auto enabling async discard [ 241.931460][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 241.932659][T13427] BTRFS info (device loop4): rebuilding free space tree [ 241.951374][T13433] BTRFS info (device loop2): enabling ssd optimizations [ 241.959372][T13433] BTRFS info (device loop2): auto enabling async discard [ 241.982306][T13433] BTRFS info (device loop2): rebuilding free space tree [ 242.005729][T13433] BTRFS info (device loop2): disabling free space tree [ 242.020563][T13432] BTRFS info (device loop0): enabling ssd optimizations [ 242.030838][T13432] BTRFS info (device loop0): auto enabling async discard [ 242.038180][T13444] BTRFS info (device loop3): enabling ssd optimizations [ 242.048935][T13427] BTRFS info (device loop4): disabling free space tree [ 242.056192][T13444] BTRFS info (device loop3): auto enabling async discard [pid 5069] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5069] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 242.056195][T13433] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 242.056215][T13433] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 242.068786][T13427] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 242.102224][T13432] BTRFS info (device loop0): rebuilding free space tree [ 242.110424][T13444] BTRFS info (device loop3): rebuilding free space tree [pid 5069] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 242.140090][T13433] BTRFS info (device loop2): checking UUID tree [ 242.157776][T13444] BTRFS info (device loop3): disabling free space tree [ 242.174424][T13427] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5069] getdents64(4, [pid 13480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 13433] <... mount resumed>) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] close(4 [pid 13433] chdir("./file0") = 0 [pid 13433] ioctl(4, LOOP_CLR_FD) = 0 [pid 13433] close(4) = 0 [pid 13433] open("./file0", O_RDONLY) = 4 [pid 13433] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./77/file0") = 0 [ 242.175060][T13432] BTRFS info (device loop0): disabling free space tree [ 242.189050][T13444] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 242.210077][T13432] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 242.221894][T13427] BTRFS info (device loop4): checking UUID tree [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13433] <... ioctl resumed>) = 0 [pid 13433] open("./file0", O_RDONLY) = 5 [pid 13433] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13433] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13433] exit_group(0) = ? [pid 13433] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13433, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 5066] umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] rmdir("./77" [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5069] mkdir("./78", 0777 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] <... mkdir resumed>) = 0 [pid 5066] umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 242.239216][T13444] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 242.247065][T13432] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5066] newfstatat(AT_FDCWD, "./78/binderfs", [pid 5069] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./78/binderfs") = 0 [pid 5066] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13427] <... mount resumed>) = 0 [pid 13427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13427] chdir("./file0") = 0 [pid 13427] ioctl(4, LOOP_CLR_FD [pid 13444] <... mount resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 13444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13427] <... ioctl resumed>) = 0 [pid 13444] <... openat resumed>) = 3 [pid 13427] close(4 [pid 13444] chdir("./file0" [pid 13427] <... close resumed>) = 0 [pid 13432] <... mount resumed>) = 0 [pid 13432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13444] <... chdir resumed>) = 0 [pid 13432] <... openat resumed>) = 3 [pid 13427] open("./file0", O_RDONLY [pid 13432] chdir("./file0") = 0 [pid 13432] ioctl(4, LOOP_CLR_FD [pid 13444] ioctl(4, LOOP_CLR_FD [pid 13427] <... open resumed>) = 4 [pid 13444] <... ioctl resumed>) = 0 [pid 13427] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13444] close(4) = 0 [pid 13444] open("./file0", O_RDONLY) = 4 [pid 13444] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13432] <... ioctl resumed>) = 0 [pid 13432] close(4) = 0 [pid 13432] open("./file0", O_RDONLY) = 4 [ 242.291590][T13444] BTRFS info (device loop3): checking UUID tree [ 242.299992][T13432] BTRFS info (device loop0): checking UUID tree [ 242.321437][ T2855] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 13432] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13427] <... ioctl resumed>) = 0 [pid 13427] open("./file0", O_RDONLY [pid 13444] <... ioctl resumed>) = 0 [pid 13427] <... open resumed>) = 5 [pid 13444] open("./file0", O_RDONLY) = 5 [pid 13427] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13444] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13432] <... ioctl resumed>) = 0 [pid 13432] open("./file0", O_RDONLY [pid 13427] <... ioctl resumed>) = 0 [pid 13432] <... open resumed>) = 5 [pid 13432] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13432] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13427] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13432] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13432] exit_group(0 [pid 13444] <... ioctl resumed>) = 0 [pid 13432] <... exit_group resumed>) = ? [pid 13427] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13444] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13432] +++ exited with 0 +++ [pid 13444] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13432, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 13444] exit_group(0) = ? [pid 13444] +++ exited with 0 +++ [pid 13427] exit_group(0) = ? [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13444, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [ 242.398683][ T2855] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5064] umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(3, "", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(3, [pid 5067] <... openat resumed>) = 3 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13427] +++ exited with 0 +++ [pid 5067] newfstatat(3, "", [pid 5064] umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13427, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] getdents64(3, [pid 5064] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] unlink("./76/binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... unlink resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(AT_FDCWD, "./77/binderfs", [pid 5064] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] newfstatat(3, "", [pid 5067] unlink("./77/binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5068] getdents64(3, [pid 5067] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./77/binderfs", [pid 5066] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./77/binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... unlink resumed>) = 0 [pid 5068] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 242.441587][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 242.454534][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5066] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./78/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./78") = 0 [pid 5066] mkdir("./79", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13534 attached , child_tidptr=0x555557145750) = 13534 [pid 13534] set_robust_list(0x555557145760, 24) = 0 [pid 13534] chdir("./79") = 0 [pid 13534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13534] setpgid(0, 0) = 0 [pid 13534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] <... ioctl resumed>) = 0 [pid 13534] write(3, "1000", 4) = 4 [pid 13534] close(3 [pid 5064] <... umount2 resumed>) = 0 [pid 13534] <... close resumed>) = 0 [pid 13534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13534] memfd_create("syzkaller", 0 [pid 5064] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13534] <... memfd_create resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] newfstatat(AT_FDCWD, "./76/file0", [pid 13534] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./76/file0") = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 13535 [pid 5064] close(3) = 0 [pid 5064] rmdir("./76") = 0 [pid 5064] mkdir("./77", 0777) = 0 ./strace-static-x86_64: Process 13535 attached [pid 13535] set_robust_list(0x555557145760, 24 [pid 5067] <... umount2 resumed>) = 0 [pid 13535] <... set_robust_list resumed>) = 0 [pid 13535] chdir("./78" [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5067] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13535] <... chdir resumed>) = 0 [pid 5067] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13538 [pid 13535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] newfstatat(4, "", [pid 13535] <... prctl resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13535] setpgid(0, 0 [pid 5067] getdents64(4, ./strace-static-x86_64: Process 13538 attached 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 13538] set_robust_list(0x555557145760, 24 [pid 13535] <... setpgid resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 13538] <... set_robust_list resumed>) = 0 [pid 13535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... close resumed>) = 0 [pid 13538] chdir("./77" [pid 13535] <... openat resumed>) = 3 [pid 5067] rmdir("./77/file0" [pid 13535] write(3, "1000", 4 [pid 13538] <... chdir resumed>) = 0 [pid 13535] <... write resumed>) = 4 [pid 5068] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... rmdir resumed>) = 0 [pid 13538] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13535] close(3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] getdents64(3, [pid 13538] <... prctl resumed>) = 0 [pid 13535] <... close resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./77/file0", [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13538] setpgid(0, 0 [pid 13535] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] close(3 [pid 13538] <... setpgid resumed>) = 0 [pid 13535] <... symlink resumed>) = 0 [pid 5068] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", [pid 13538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13538] <... openat resumed>) = 3 [pid 5068] close(4 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./77" [pid 13535] memfd_create("syzkaller", 0 [pid 13538] write(3, "1000", 4 [pid 13535] <... memfd_create resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 13535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] mkdir("./78", 0777 [pid 13538] <... write resumed>) = 4 [pid 5068] rmdir("./77/file0" [pid 13535] <... mmap resumed>) = 0x7fda9371b000 [pid 13538] close(3 [pid 5068] <... rmdir resumed>) = 0 [pid 13538] <... close resumed>) = 0 [pid 5068] getdents64(3, [pid 13538] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 13538] <... symlink resumed>) = 0 [pid 5068] close(3 [pid 13538] memfd_create("syzkaller", 0 [pid 5068] <... close resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 13538] <... memfd_create resumed>) = 3 [pid 5068] rmdir("./77" [pid 13538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... rmdir resumed>) = 0 [pid 13538] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] mkdir("./78", 0777) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5067] close(3) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13540 ./strace-static-x86_64: Process 13540 attached [pid 13540] set_robust_list(0x555557145760, 24) = 0 [pid 13540] chdir("./78") = 0 [pid 13540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 13541 attached [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 13541 [pid 13541] set_robust_list(0x555557145760, 24 [pid 13540] setpgid(0, 0 [pid 13541] <... set_robust_list resumed>) = 0 [pid 13541] chdir("./78" [pid 13540] <... setpgid resumed>) = 0 [pid 13541] <... chdir resumed>) = 0 [pid 13541] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13480] <... write resumed>) = 16777216 [pid 13540] write(3, "1000", 4 [pid 13541] <... prctl resumed>) = 0 [pid 13540] <... write resumed>) = 4 [pid 13541] setpgid(0, 0 [pid 13540] close(3) = 0 [pid 13540] symlink("/dev/binderfs", "./binderfs" [pid 13541] <... setpgid resumed>) = 0 [pid 13540] <... symlink resumed>) = 0 [pid 13541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13540] memfd_create("syzkaller", 0 [pid 13541] <... openat resumed>) = 3 [pid 13540] <... memfd_create resumed>) = 3 [pid 13541] write(3, "1000", 4 [pid 13540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13541] <... write resumed>) = 4 [pid 13540] <... mmap resumed>) = 0x7fda9371b000 [pid 13541] close(3) = 0 [pid 13541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13541] memfd_create("syzkaller", 0) = 3 [pid 13480] munmap(0x7fda9371b000, 138412032) = 0 [pid 13541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13480] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 13480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13480] close(3) = 0 [pid 13480] mkdir("./file0", 0777) = 0 [ 242.897776][T13480] loop1: detected capacity change from 0 to 32768 [pid 13480] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 242.956915][T13480] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13480) [ 243.079547][T13480] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 243.151478][T13480] BTRFS info (device loop1): force clearing of disk cache [ 243.158614][T13480] BTRFS info (device loop1): setting nodatasum [pid 13534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 243.237372][T13480] BTRFS info (device loop1): allowing degraded mounts [ 243.274896][T13480] BTRFS info (device loop1): enabling disk space caching [ 243.330788][T13480] BTRFS info (device loop1): disk space caching is enabled [pid 13535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 243.589013][T13480] BTRFS info (device loop1): enabling ssd optimizations [ 243.615590][T13480] BTRFS info (device loop1): auto enabling async discard [pid 13541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13534] <... write resumed>) = 16777216 [ 243.679484][T13480] BTRFS info (device loop1): rebuilding free space tree [pid 13534] munmap(0x7fda9371b000, 138412032) = 0 [pid 13534] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 243.732810][T13480] BTRFS info (device loop1): disabling free space tree [ 243.766037][T13480] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 243.767810][T13534] loop2: detected capacity change from 0 to 32768 [pid 13534] ioctl(4, LOOP_SET_FD, 3 [pid 13535] <... write resumed>) = 16777216 [pid 13534] <... ioctl resumed>) = 0 [pid 13535] munmap(0x7fda9371b000, 138412032 [pid 13534] close(3) = 0 [pid 13534] mkdir("./file0", 0777) = 0 [ 243.798922][T13480] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 13535] <... munmap resumed>) = 0 [pid 13534] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13535] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 13535] ioctl(4, LOOP_SET_FD, 3 [pid 13540] <... write resumed>) = 16777216 [pid 13538] <... write resumed>) = 16777216 [pid 13540] munmap(0x7fda9371b000, 138412032 [pid 13538] munmap(0x7fda9371b000, 138412032 [pid 13540] <... munmap resumed>) = 0 [pid 13540] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 13540] ioctl(4, LOOP_SET_FD, 3 [pid 13480] <... mount resumed>) = 0 [pid 13538] <... munmap resumed>) = 0 [pid 13535] <... ioctl resumed>) = 0 [pid 13535] close(3) = 0 [ 243.850510][T13480] BTRFS info (device loop1): checking UUID tree [ 243.855847][T13535] loop5: detected capacity change from 0 to 32768 [ 243.864391][T13534] BTRFS: device /dev/loop2 using temp-fsid 5b26ee05-d603-47c7-a9e2-707b3cd43e60 [ 243.884071][T13540] loop4: detected capacity change from 0 to 32768 [pid 13541] <... write resumed>) = 16777216 [pid 13540] <... ioctl resumed>) = 0 [pid 13538] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 13535] mkdir("./file0", 0777 [pid 13480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13541] munmap(0x7fda9371b000, 138412032 [pid 13540] close(3 [pid 13538] <... openat resumed>) = 4 [pid 13480] <... openat resumed>) = 3 [pid 13540] <... close resumed>) = 0 [pid 13538] ioctl(4, LOOP_SET_FD, 3 [pid 13535] <... mkdir resumed>) = 0 [pid 13480] chdir("./file0" [pid 13535] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13480] <... chdir resumed>) = 0 [ 243.888454][T13534] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13534) [ 243.915391][T13538] loop0: detected capacity change from 0 to 32768 [ 243.922059][T13535] BTRFS: device /dev/loop5 using temp-fsid d68df663-96e1-4b70-9a90-ff529b1204d9 [ 243.922139][T13534] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 13541] <... munmap resumed>) = 0 [pid 13540] mkdir("./file0", 0777 [pid 13538] <... ioctl resumed>) = 0 [pid 13480] ioctl(4, LOOP_CLR_FD [pid 13541] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 13540] <... mkdir resumed>) = 0 [pid 13540] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13541] <... openat resumed>) = 4 [pid 13541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13538] close(3 [pid 13480] <... ioctl resumed>) = 0 [pid 13541] close(3) = 0 [pid 13541] mkdir("./file0", 0777) = 0 [pid 13541] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13480] close(4 [pid 13538] <... close resumed>) = 0 [pid 13538] mkdir("./file0", 0777 [pid 13480] <... close resumed>) = 0 [pid 13480] open("./file0", O_RDONLY [pid 13538] <... mkdir resumed>) = 0 [pid 13538] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13480] <... open resumed>) = 4 [ 243.932257][T13535] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13535) [ 243.953368][T13534] BTRFS info (device loop2): force clearing of disk cache [ 243.958172][T13541] loop3: detected capacity change from 0 to 32768 [ 243.960775][T13534] BTRFS info (device loop2): setting nodatasum [ 243.973822][T13534] BTRFS info (device loop2): allowing degraded mounts [ 243.978794][T13540] BTRFS: device /dev/loop4 using temp-fsid c26d82d9-4587-4ddc-9ae2-9030d2d76fad [ 243.980803][T13534] BTRFS info (device loop2): enabling disk space caching [pid 13480] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 243.997973][T13534] BTRFS info (device loop2): disk space caching is enabled [ 244.006979][T13540] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13540) [ 244.022300][T13535] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 244.032494][T13535] BTRFS info (device loop5): force clearing of disk cache [ 244.034116][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 13480] open("./file0", O_RDONLY) = 5 [ 244.039970][T13535] BTRFS info (device loop5): setting nodatasum [ 244.056393][T13535] BTRFS info (device loop5): allowing degraded mounts [ 244.059810][T13541] BTRFS: device /dev/loop3 using temp-fsid e5fd4a5c-f517-46de-a732-17899ab6859f [ 244.072254][T13540] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 244.072280][T13541] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13541) [ 244.094705][T13535] BTRFS info (device loop5): enabling disk space caching [pid 13480] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13480] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13480] exit_group(0) = ? [pid 13480] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13480, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5065] umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./78/binderfs") = 0 [ 244.097763][T13538] BTRFS: device /dev/loop0 using temp-fsid 71498aa4-b062-4912-b363-9a28fe09e104 [ 244.101796][T13535] BTRFS info (device loop5): disk space caching is enabled [ 244.118449][T13541] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 244.125686][T13540] BTRFS info (device loop4): force clearing of disk cache [ 244.136233][T13540] BTRFS info (device loop4): setting nodatasum [ 244.141527][T13541] BTRFS info (device loop3): force clearing of disk cache [ 244.143649][T13540] BTRFS info (device loop4): allowing degraded mounts [ 244.161023][T13540] BTRFS info (device loop4): enabling disk space caching [ 244.165316][T13538] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13538) [ 244.169984][T13540] BTRFS info (device loop4): disk space caching is enabled [ 244.185268][T13541] BTRFS info (device loop3): setting nodatasum [ 244.194419][T13541] BTRFS info (device loop3): allowing degraded mounts [pid 5065] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5065] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 13535] <... mount resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... openat resumed>) = 4 [pid 13535] <... openat resumed>) = 3 [pid 13535] chdir("./file0" [pid 5065] newfstatat(4, "", [pid 13535] <... chdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13535] ioctl(4, LOOP_CLR_FD [pid 5065] getdents64(4, [pid 13535] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 13535] close(4) = 0 [pid 13535] open("./file0", O_RDONLY [pid 5065] getdents64(4, [pid 13535] <... open resumed>) = 4 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13535] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] close(4) = 0 [pid 13535] <... ioctl resumed>) = 0 [pid 5065] rmdir("./78/file0" [pid 13535] open("./file0", O_RDONLY) = 5 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 13535] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] rmdir("./78" [pid 13535] <... ioctl resumed>) = 0 [pid 13535] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... rmdir resumed>) = 0 [pid 13535] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13535] exit_group(0 [pid 5065] mkdir("./79", 0777 [pid 13535] <... exit_group resumed>) = ? [pid 13535] +++ exited with 0 +++ [pid 5065] <... mkdir resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13535, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5069] umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 5069] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, ./strace-static-x86_64: Process 13631 attached 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13631] set_robust_list(0x555557145760, 24 [pid 5069] umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13631 [pid 13631] <... set_robust_list resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13631] chdir("./79" [pid 5069] newfstatat(AT_FDCWD, "./78/binderfs", [pid 13631] <... chdir resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13631] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] unlink("./78/binderfs" [pid 13631] <... prctl resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 13631] setpgid(0, 0 [pid 5069] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13631] <... setpgid resumed>) = 0 [pid 13631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13631] write(3, "1000", 4) = 4 [pid 13631] close(3) = 0 [pid 13631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13631] memfd_create("syzkaller", 0) = 3 [pid 13631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13534] <... mount resumed>) = 0 [pid 13534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13534] chdir("./file0") = 0 [pid 13534] ioctl(4, LOOP_CLR_FD) = 0 [pid 13534] close(4) = 0 [pid 13534] open("./file0", O_RDONLY) = 4 [pid 13540] <... mount resumed>) = 0 [pid 13534] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13540] chdir("./file0") = 0 [pid 13540] ioctl(4, LOOP_CLR_FD [pid 13534] <... ioctl resumed>) = 0 [pid 13534] open("./file0", O_RDONLY) = 5 [pid 13534] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13534] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13534] exit_group(0) = ? [pid 13540] <... ioctl resumed>) = 0 [pid 13534] +++ exited with 0 +++ [pid 13540] close(4) = 0 [pid 13540] open("./file0", O_RDONLY) = 4 [pid 13540] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13540] open("./file0", O_RDONLY [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13534, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 13540] <... open resumed>) = 5 [pid 13540] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5066] umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13540] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... openat resumed>) = 3 [pid 13540] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] newfstatat(3, "", [pid 13540] exit_group(0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13540] <... exit_group resumed>) = ? [pid 5066] getdents64(3, [pid 13540] +++ exited with 0 +++ [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13540, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] unlink("./79/binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... unlink resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./78/binderfs") = 0 [pid 5068] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13541] <... mount resumed>) = 0 [pid 13541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13541] chdir("./file0" [pid 13538] <... mount resumed>) = 0 [pid 13541] <... chdir resumed>) = 0 [pid 13541] ioctl(4, LOOP_CLR_FD) = 0 [pid 13538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13541] close(4 [pid 13538] <... openat resumed>) = 3 [pid 13538] chdir("./file0") = 0 [pid 13541] <... close resumed>) = 0 [pid 13538] ioctl(4, LOOP_CLR_FD [pid 13541] open("./file0", O_RDONLY [pid 13538] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13538] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13538] <... close resumed>) = 0 [pid 13538] open("./file0", O_RDONLY [pid 13541] <... open resumed>) = 4 [pid 13538] <... open resumed>) = 4 [pid 5069] newfstatat(AT_FDCWD, "./78/file0", [pid 13538] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13541] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13541] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13541] open("./file0", O_RDONLY [pid 5069] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13541] <... open resumed>) = 5 [pid 5069] <... openat resumed>) = 4 [pid 13541] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13538] <... ioctl resumed>) = 0 [pid 5069] getdents64(4, [pid 13538] open("./file0", O_RDONLY [pid 13541] <... ioctl resumed>) = 0 [pid 13538] <... open resumed>) = 5 [pid 13538] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13541] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 13541] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13538] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13538] exit_group(0) = ? [pid 13541] exit_group(0 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13541] <... exit_group resumed>) = ? [pid 5069] close(4 [pid 13541] +++ exited with 0 +++ [pid 5069] <... close resumed>) = 0 [pid 13538] +++ exited with 0 +++ [pid 5069] rmdir("./78/file0" [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13541, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=31 /* 0.31 s */} --- [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13538, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 5064] umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./77/binderfs") = 0 [pid 5067] umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... rmdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] getdents64(3, [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./78") = 0 [pid 5067] unlink("./78/binderfs" [pid 5069] mkdir("./79", 0777 [pid 5067] <... unlink resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5067] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13641 ./strace-static-x86_64: Process 13641 attached [pid 13641] set_robust_list(0x555557145760, 24) = 0 [pid 13641] chdir("./79") = 0 [pid 13641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13641] setpgid(0, 0) = 0 [pid 13641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13641] write(3, "1000", 4) = 4 [pid 13641] close(3) = 0 [pid 13641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13641] memfd_create("syzkaller", 0) = 3 [pid 13641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5068] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./78/file0", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(AT_FDCWD, "./79/file0", [pid 5068] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 4 [pid 5066] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5068] newfstatat(4, "", [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... close resumed>) = 0 [pid 5068] getdents64(4, [pid 5066] rmdir("./79/file0" [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 5068] getdents64(4, [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./79") = 0 [pid 5066] mkdir("./80", 0777 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 5068] rmdir("./78/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5068] close(3) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5068] rmdir("./78") = 0 [pid 5068] mkdir("./79", 0777) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] close(3./strace-static-x86_64: Process 13646 attached [pid 13646] set_robust_list(0x555557145760, 24) = 0 [pid 13646] chdir("./79" [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 13646 [pid 13646] <... chdir resumed>) = 0 [pid 13646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 13647 attached [pid 13646] setpgid(0, 0 [pid 13647] set_robust_list(0x555557145760, 24 [pid 13646] <... setpgid resumed>) = 0 [pid 13631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13646] write(3, "1000", 4) = 4 [pid 13646] close(3) = 0 [pid 13646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13646] memfd_create("syzkaller", 0 [pid 13647] <... set_robust_list resumed>) = 0 [pid 13646] <... memfd_create resumed>) = 3 [pid 13646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13647] chdir("./80" [pid 13646] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... umount2 resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 13647 [pid 5064] <... umount2 resumed>) = 0 [pid 13647] <... chdir resumed>) = 0 [pid 13647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5067] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5067] newfstatat(AT_FDCWD, "./78/file0", [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] close(4 [pid 5067] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13647] <... prctl resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 13647] setpgid(0, 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./77/file0" [pid 13647] <... setpgid resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... rmdir resumed>) = 0 [pid 13647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... openat resumed>) = 4 [pid 5064] getdents64(3, [pid 13647] <... openat resumed>) = 3 [pid 5067] newfstatat(4, "", [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 5064] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... close resumed>) = 0 [pid 5067] getdents64(4, [pid 5064] rmdir("./77" [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5067] close(4 [pid 13647] write(3, "1000", 4 [pid 5064] mkdir("./78", 0777 [pid 13647] <... write resumed>) = 4 [pid 13647] close(3 [pid 5067] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5067] rmdir("./78/file0" [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5067] <... rmdir resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 13647] <... close resumed>) = 0 [pid 5067] getdents64(3, [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 13648 attached [pid 13647] symlink("/dev/binderfs", "./binderfs" [pid 5067] close(3) = 0 [pid 5067] rmdir("./78" [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13648 [pid 13648] set_robust_list(0x555557145760, 24 [pid 13647] <... symlink resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./79", 0777 [pid 13648] <... set_robust_list resumed>) = 0 [pid 13647] memfd_create("syzkaller", 0 [pid 5067] <... mkdir resumed>) = 0 [pid 13648] chdir("./78" [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13649 attached [pid 13649] set_robust_list(0x555557145760, 24) = 0 [pid 13649] chdir("./79" [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 13649 [pid 13649] <... chdir resumed>) = 0 [pid 13649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13649] setpgid(0, 0) = 0 [pid 13649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13648] <... chdir resumed>) = 0 [pid 13647] <... memfd_create resumed>) = 3 [pid 13649] <... openat resumed>) = 3 [pid 13647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13649] write(3, "1000", 4) = 4 [pid 13647] <... mmap resumed>) = 0x7fda9371b000 [pid 13649] close(3) = 0 [pid 13649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13649] memfd_create("syzkaller", 0) = 3 [pid 13649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13648] setpgid(0, 0) = 0 [pid 13648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13648] write(3, "1000", 4) = 4 [pid 13648] close(3) = 0 [pid 13648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13648] memfd_create("syzkaller", 0) = 3 [pid 13648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13631] <... write resumed>) = 16777216 [pid 13648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13631] munmap(0x7fda9371b000, 138412032) = 0 [pid 13631] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 13631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13631] close(3) = 0 [pid 13631] mkdir("./file0", 0777) = 0 [ 245.759354][T13631] loop1: detected capacity change from 0 to 32768 [ 245.814224][T13631] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13631) [pid 13631] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13641] <... write resumed>) = 16777216 [pid 13641] munmap(0x7fda9371b000, 138412032) = 0 [pid 13641] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 13641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13641] close(3) = 0 [pid 13641] mkdir("./file0", 0777) = 0 [ 245.988443][T13641] loop5: detected capacity change from 0 to 32768 [ 246.020783][T13641] BTRFS: device /dev/loop5 using temp-fsid 692fc6bc-dc3e-45f1-becc-edd638f689f4 [pid 13641] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13647] <... write resumed>) = 16777216 [pid 13647] munmap(0x7fda9371b000, 138412032) = 0 [pid 13647] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 246.061046][T13641] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13641) [pid 13647] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13646] <... write resumed>) = 16777216 [pid 13647] close(3 [pid 13646] munmap(0x7fda9371b000, 138412032 [pid 13647] <... close resumed>) = 0 [pid 13647] mkdir("./file0", 0777) = 0 [ 246.122488][T13647] loop2: detected capacity change from 0 to 32768 [pid 13647] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13646] <... munmap resumed>) = 0 [pid 13646] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 13631] <... mount resumed>) = 0 [pid 13646] ioctl(4, LOOP_SET_FD, 3 [pid 13631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13631] chdir("./file0") = 0 [pid 13631] ioctl(4, LOOP_CLR_FD) = 0 [pid 13631] close(4) = 0 [pid 13631] open("./file0", O_RDONLY) = 4 [pid 13631] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13649] <... write resumed>) = 16777216 [pid 13649] munmap(0x7fda9371b000, 138412032 [pid 13646] <... ioctl resumed>) = 0 [pid 13631] <... ioctl resumed>) = 0 [pid 13646] close(3 [pid 13649] <... munmap resumed>) = 0 [pid 13631] open("./file0", O_RDONLY [pid 13646] <... close resumed>) = 0 [pid 13649] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 13646] mkdir("./file0", 0777 [pid 13649] <... openat resumed>) = 4 [pid 13648] <... write resumed>) = 16777216 [pid 13646] <... mkdir resumed>) = 0 [pid 13631] <... open resumed>) = 5 [pid 13649] ioctl(4, LOOP_SET_FD, 3 [pid 13631] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13646] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13648] munmap(0x7fda9371b000, 138412032 [pid 13631] <... ioctl resumed>) = 0 [ 246.163107][T13647] BTRFS: device /dev/loop2 using temp-fsid 4d526307-8c21-4f73-a5fd-507851b9f002 [ 246.176578][T13647] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13647) [ 246.196852][T13646] loop4: detected capacity change from 0 to 32768 [pid 13648] <... munmap resumed>) = 0 [pid 13631] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13648] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 13631] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13631] exit_group(0 [pid 13648] <... openat resumed>) = 4 [pid 13631] <... exit_group resumed>) = ? [pid 13648] ioctl(4, LOOP_SET_FD, 3 [pid 13631] +++ exited with 0 +++ [pid 13648] <... ioctl resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13631, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- [pid 13648] close(3) = 0 [pid 13648] mkdir("./file0", 0777) = 0 [pid 13648] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13649] <... ioctl resumed>) = 0 [pid 13649] close(3 [pid 5065] umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13649] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./79/binderfs") = 0 [ 246.243140][T13646] BTRFS: device /dev/loop4 using temp-fsid f9090e59-07f0-46c8-af48-ff8aafb6497c [ 246.253876][T13649] loop3: detected capacity change from 0 to 32768 [ 246.258644][T13648] loop0: detected capacity change from 0 to 32768 [ 246.275672][T13646] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13646) [pid 5065] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13649] mkdir("./file0", 0777 [pid 13641] <... mount resumed>) = 0 [pid 13641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13641] chdir("./file0") = 0 [pid 13641] ioctl(4, LOOP_CLR_FD) = 0 [pid 13641] close(4) = 0 [pid 13641] open("./file0", O_RDONLY) = 4 [pid 13641] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13649] <... mkdir resumed>) = 0 [pid 13641] <... ioctl resumed>) = 0 [pid 13649] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13641] open("./file0", O_RDONLY) = 5 [pid 13641] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13641] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13641] exit_group(0) = ? [ 246.289539][T13648] BTRFS: device /dev/loop0 using temp-fsid 4e4c796e-fff9-42c2-a617-845e8133b2b0 [ 246.298682][T13648] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13648) [ 246.330962][T13649] BTRFS: device /dev/loop3 using temp-fsid 3cfc9124-6652-40a8-8f4d-8e9c6e3b9fd1 [pid 13641] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13641, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./79/binderfs") = 0 [ 246.368826][T13649] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13649) [pid 5069] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13647] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 13647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 13647] <... openat resumed>) = 3 [pid 5069] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(AT_FDCWD, "./79/file0", [pid 13647] chdir("./file0" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./79/file0", [pid 13647] <... chdir resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13647] ioctl(4, LOOP_CLR_FD [pid 5069] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13647] <... ioctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5069] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 13647] close(4 [pid 5069] <... openat resumed>) = 4 [pid 13647] <... close resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 5065] <... close resumed>) = 0 [pid 13647] open("./file0", O_RDONLY [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13647] <... open resumed>) = 4 [pid 5069] getdents64(4, [pid 13647] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] rmdir("./79/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./79" [pid 5069] getdents64(4, [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./80", 0777 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5069] close(4 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] <... close resumed>) = 0 [pid 5065] close(3) = 0 [pid 5069] rmdir("./79/file0" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... rmdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13743 ./strace-static-x86_64: Process 13743 attached [pid 5069] getdents64(3, [pid 13743] set_robust_list(0x555557145760, 24 [pid 13647] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13647] open("./file0", O_RDONLY [pid 5069] close(3 [pid 13743] <... set_robust_list resumed>) = 0 [pid 13647] <... open resumed>) = 5 [pid 5069] <... close resumed>) = 0 [pid 13646] <... mount resumed>) = 0 [pid 13646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13647] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13646] <... openat resumed>) = 3 [pid 5069] rmdir("./79" [pid 13743] chdir("./80" [pid 13646] chdir("./file0" [pid 5069] <... rmdir resumed>) = 0 [pid 13743] <... chdir resumed>) = 0 [pid 13647] <... ioctl resumed>) = 0 [pid 13646] <... chdir resumed>) = 0 [pid 5069] mkdir("./80", 0777 [pid 13743] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13647] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13646] ioctl(4, LOOP_CLR_FD [pid 5069] <... mkdir resumed>) = 0 [pid 13743] <... prctl resumed>) = 0 [pid 13647] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13646] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 13743] setpgid(0, 0 [pid 13647] exit_group(0 [pid 13646] close(4 [pid 5069] <... openat resumed>) = 3 [pid 13743] <... setpgid resumed>) = 0 [pid 13647] <... exit_group resumed>) = ? [pid 13743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13647] +++ exited with 0 +++ [pid 13646] <... close resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13647, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 13743] <... openat resumed>) = 3 [pid 13648] <... mount resumed>) = 0 [pid 13646] open("./file0", O_RDONLY [pid 5069] ioctl(3, LOOP_CLR_FD [ 246.580430][T13649] _btrfs_printk: 123 callbacks suppressed [ 246.580444][T13649] BTRFS info (device loop3): rebuilding free space tree [ 246.589746][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 246.618954][T13649] BTRFS info (device loop3): disabling free space tree [pid 5066] umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13743] write(3, "1000", 4 [pid 13648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13646] <... open resumed>) = 4 [pid 5069] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13743] <... write resumed>) = 4 [pid 13648] <... openat resumed>) = 3 [pid 13646] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] close(3) = 0 [pid 5066] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13648] chdir("./file0" [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... openat resumed>) = 3 [pid 13743] close(3 [pid 13648] <... chdir resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 13743] <... close resumed>) = 0 [pid 13648] ioctl(4, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 13743] symlink("/dev/binderfs", "./binderfs" [pid 13648] <... ioctl resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 13749 attached [pid 13743] <... symlink resumed>) = 0 [pid 13648] close(4 [pid 13646] <... ioctl resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 13749 [pid 5066] umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13749] set_robust_list(0x555557145760, 24 [pid 13743] memfd_create("syzkaller", 0 [pid 13648] <... close resumed>) = 0 [pid 13749] <... set_robust_list resumed>) = 0 [pid 13648] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13749] chdir("./80" [pid 13648] <... open resumed>) = 4 [pid 13749] <... chdir resumed>) = 0 [pid 13648] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] newfstatat(AT_FDCWD, "./80/binderfs", [pid 13749] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13749] <... prctl resumed>) = 0 [pid 5066] unlink("./80/binderfs" [ 246.625857][T13649] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 13749] setpgid(0, 0) = 0 [pid 13743] <... memfd_create resumed>) = 3 [pid 13646] open("./file0", O_RDONLY [pid 5066] <... unlink resumed>) = 0 [pid 13749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13749] <... openat resumed>) = 3 [pid 13743] <... mmap resumed>) = 0x7fda9371b000 [pid 13749] write(3, "1000", 4 [pid 13648] <... ioctl resumed>) = 0 [pid 13646] <... open resumed>) = 5 [pid 5066] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13749] <... write resumed>) = 4 [pid 13648] open("./file0", O_RDONLY [pid 13749] close(3 [pid 13648] <... open resumed>) = 5 [pid 13646] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13749] <... close resumed>) = 0 [pid 13648] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13749] symlink("/dev/binderfs", "./binderfs" [pid 13648] <... ioctl resumed>) = 0 [pid 13749] <... symlink resumed>) = 0 [pid 13648] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13749] memfd_create("syzkaller", 0 [pid 13648] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13749] <... memfd_create resumed>) = 3 [pid 13648] exit_group(0 [pid 13749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13648] <... exit_group resumed>) = ? [pid 13749] <... mmap resumed>) = 0x7fda9371b000 [pid 13648] +++ exited with 0 +++ [ 246.665283][T13649] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 246.681837][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13648, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5064] umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./78/binderfs") = 0 [pid 5064] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13646] <... ioctl resumed>) = 0 [pid 13646] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13646] exit_group(0) = ? [pid 13646] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13646, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5068] umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 246.713425][T13649] BTRFS info (device loop3): checking UUID tree [ 246.725184][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./79/binderfs") = 0 [pid 5068] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13649] <... mount resumed>) = 0 [pid 13649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13649] chdir("./file0") = 0 [pid 13649] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13649] close(4 [pid 5066] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 13649] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 13649] open("./file0", O_RDONLY [pid 5066] getdents64(4, [pid 13649] <... open resumed>) = 4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./80/file0") = 0 [pid 5066] getdents64(3, [pid 13649] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./80") = 0 [pid 5066] mkdir("./81", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 13649] <... ioctl resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13753 [pid 13649] open("./file0", O_RDONLY [pid 5064] <... umount2 resumed>) = 0 [pid 13649] <... open resumed>) = 5 [pid 5064] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13649] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}./strace-static-x86_64: Process 13753 attached [pid 13753] set_robust_list(0x555557145760, 24 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./78/file0", [pid 13753] <... set_robust_list resumed>) = 0 [pid 13753] chdir("./81" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13753] <... chdir resumed>) = 0 [pid 13753] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13753] <... prctl resumed>) = 0 [pid 13753] setpgid(0, 0) = 0 [pid 13753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13649] <... ioctl resumed>) = 0 [pid 13753] write(3, "1000", 4) = 4 [pid 13753] close(3) = 0 [pid 13753] symlink("/dev/binderfs", "./binderfs" [pid 13649] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13753] <... symlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13753] memfd_create("syzkaller", 0 [pid 13649] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13753] <... memfd_create resumed>) = 3 [pid 13753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13649] exit_group(0) = ? [pid 13649] +++ exited with 0 +++ [ 247.005175][ T2855] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5068] <... umount2 resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13649, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5064] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 4 [pid 5068] newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", [pid 5067] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] newfstatat(3, "", [pid 5068] <... openat resumed>) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5067] getdents64(3, [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./79/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./79") = 0 [pid 5068] mkdir("./80", 0777) = 0 [pid 5067] umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13754 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 13754 attached [pid 5067] newfstatat(AT_FDCWD, "./79/binderfs", [pid 5064] close(4 [pid 13754] set_robust_list(0x555557145760, 24 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... close resumed>) = 0 [pid 13754] <... set_robust_list resumed>) = 0 [pid 13754] chdir("./80" [pid 5067] unlink("./79/binderfs" [pid 5064] rmdir("./78/file0" [pid 13754] <... chdir resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 13754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13754] setpgid(0, 0) = 0 [pid 13754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13754] write(3, "1000", 4) = 4 [pid 5064] getdents64(3, [pid 5067] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13754] close(3) = 0 [pid 13754] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13754] <... symlink resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./78" [pid 13754] memfd_create("syzkaller", 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./79", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 13754] <... memfd_create resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 13754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 13743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13756 attached [pid 13749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13756 [pid 13756] set_robust_list(0x555557145760, 24) = 0 [pid 13756] chdir("./79") = 0 [pid 13756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13756] setpgid(0, 0) = 0 [pid 13756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13756] write(3, "1000", 4) = 4 [pid 13756] close(3) = 0 [pid 13756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13756] memfd_create("syzkaller", 0) = 3 [pid 13756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./79/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./79") = 0 [pid 5067] mkdir("./80", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13757 ./strace-static-x86_64: Process 13757 attached [pid 13757] set_robust_list(0x555557145760, 24) = 0 [pid 13757] chdir("./80") = 0 [pid 13757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13757] setpgid(0, 0 [pid 13754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13757] <... setpgid resumed>) = 0 [pid 13757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13757] write(3, "1000", 4) = 4 [pid 13757] close(3) = 0 [pid 13757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13757] memfd_create("syzkaller", 0) = 3 [pid 13757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13749] <... write resumed>) = 16777216 [pid 13749] munmap(0x7fda9371b000, 138412032) = 0 [pid 13749] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 13743] <... write resumed>) = 16777216 [pid 13749] <... openat resumed>) = 4 [pid 13749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13743] munmap(0x7fda9371b000, 138412032 [pid 13749] close(3) = 0 [pid 13749] mkdir("./file0", 0777) = 0 [ 247.980353][T13749] loop5: detected capacity change from 0 to 32768 [pid 13749] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13743] <... munmap resumed>) = 0 [pid 13743] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 248.023544][T13749] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13749) [ 248.039751][T13743] loop1: detected capacity change from 0 to 32768 [pid 13743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13743] close(3) = 0 [pid 13743] mkdir("./file0", 0777) = 0 [ 248.081637][T13749] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 248.084370][T13743] BTRFS: device /dev/loop1 using temp-fsid 0af267d6-fa7e-4abe-bbda-54d092a21a54 [ 248.108771][T13749] BTRFS info (device loop5): force clearing of disk cache [ 248.115894][T13749] BTRFS info (device loop5): setting nodatasum [ 248.144864][T13743] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13743) [ 248.179016][T13749] BTRFS info (device loop5): allowing degraded mounts [pid 13743] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13753] <... write resumed>) = 16777216 [pid 13753] munmap(0x7fda9371b000, 138412032) = 0 [ 248.193271][T13749] BTRFS info (device loop5): enabling disk space caching [ 248.213264][T13743] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 13753] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 248.250125][T13749] BTRFS info (device loop5): disk space caching is enabled [ 248.268782][T13743] BTRFS info (device loop1): force clearing of disk cache [ 248.275918][T13743] BTRFS info (device loop1): setting nodatasum [ 248.288589][T13753] loop2: detected capacity change from 0 to 32768 [pid 13753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13753] close(3) = 0 [pid 13753] mkdir("./file0", 0777) = 0 [ 248.288619][T13743] BTRFS info (device loop1): allowing degraded mounts [ 248.318793][T13743] BTRFS info (device loop1): enabling disk space caching [ 248.326199][T13753] BTRFS: device /dev/loop2 using temp-fsid e18be030-6d30-44cf-bd25-3d2afa573a41 [ 248.335857][T13743] BTRFS info (device loop1): disk space caching is enabled [pid 13753] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13756] <... write resumed>) = 16777216 [ 248.359615][T13753] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13753) [pid 13756] munmap(0x7fda9371b000, 138412032) = 0 [pid 13754] <... write resumed>) = 16777216 [pid 13756] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 13754] munmap(0x7fda9371b000, 138412032 [pid 13756] <... openat resumed>) = 4 [pid 13756] ioctl(4, LOOP_SET_FD, 3 [pid 13757] <... write resumed>) = 16777216 [pid 13757] munmap(0x7fda9371b000, 138412032 [pid 13756] <... ioctl resumed>) = 0 [pid 13754] <... munmap resumed>) = 0 [ 248.409196][T13753] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 248.423898][T13753] BTRFS info (device loop2): force clearing of disk cache [ 248.438195][T13756] loop0: detected capacity change from 0 to 32768 [ 248.439789][T13753] BTRFS info (device loop2): setting nodatasum [ 248.452293][T13753] BTRFS info (device loop2): allowing degraded mounts [pid 13756] close(3 [pid 13757] <... munmap resumed>) = 0 [pid 13756] <... close resumed>) = 0 [pid 13754] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 13756] mkdir("./file0", 0777 [pid 13754] <... openat resumed>) = 4 [pid 13757] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 13756] <... mkdir resumed>) = 0 [ 248.461352][T13749] BTRFS info (device loop5): enabling ssd optimizations [ 248.462141][T13743] BTRFS info (device loop1): enabling ssd optimizations [ 248.472370][T13753] BTRFS info (device loop2): enabling disk space caching [ 248.475982][T13743] BTRFS info (device loop1): auto enabling async discard [ 248.482687][T13749] BTRFS info (device loop5): auto enabling async discard [ 248.491254][T13743] BTRFS info (device loop1): rebuilding free space tree [ 248.497427][T13753] BTRFS info (device loop2): disk space caching is enabled [pid 13754] ioctl(4, LOOP_SET_FD, 3 [pid 13757] <... openat resumed>) = 4 [pid 13756] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13754] <... ioctl resumed>) = 0 [pid 13757] ioctl(4, LOOP_SET_FD, 3 [pid 13754] close(3) = 0 [pid 13754] mkdir("./file0", 0777 [pid 13757] <... ioctl resumed>) = 0 [pid 13754] <... mkdir resumed>) = 0 [pid 13757] close(3 [pid 13754] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13757] <... close resumed>) = 0 [pid 13757] mkdir("./file0", 0777) = 0 [ 248.509665][T13743] BTRFS info (device loop1): disabling free space tree [ 248.510958][T13754] loop4: detected capacity change from 0 to 32768 [ 248.517445][T13743] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 248.526849][T13757] loop3: detected capacity change from 0 to 32768 [ 248.534184][T13756] BTRFS: device /dev/loop0 using temp-fsid 60122114-b9d6-4c20-86da-6596a41abd25 [ 248.545955][T13743] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 248.549352][T13756] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13756) [ 248.572917][T13749] BTRFS info (device loop5): rebuilding free space tree [ 248.583642][T13743] BTRFS info (device loop1): checking UUID tree [ 248.585419][T13756] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 248.596932][T13754] BTRFS: device /dev/loop4 using temp-fsid 0bc393ee-4feb-46d9-866d-429d113c1066 [pid 13757] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13743] <... mount resumed>) = 0 [pid 13743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13743] chdir("./file0") = 0 [pid 13743] ioctl(4, LOOP_CLR_FD) = 0 [pid 13743] close(4) = 0 [pid 13743] open("./file0", O_RDONLY) = 4 [pid 13743] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 248.600529][T13749] BTRFS info (device loop5): disabling free space tree [ 248.611122][T13754] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13754) [ 248.615689][T13756] BTRFS info (device loop0): force clearing of disk cache [ 248.628111][T13749] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 248.635008][T13756] BTRFS info (device loop0): setting nodatasum [pid 13743] open("./file0", O_RDONLY) = 5 [pid 13743] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13743] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13743] exit_group(0) = ? [pid 13743] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13743, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=40 /* 0.40 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 248.663610][T13749] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 248.672032][ T2855] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 248.683732][T13756] BTRFS info (device loop0): allowing degraded mounts [ 248.691498][T13756] BTRFS info (device loop0): enabling disk space caching [ 248.699699][T13756] BTRFS info (device loop0): disk space caching is enabled [pid 5065] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./80/binderfs") = 0 [ 248.712102][T13754] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 248.721531][T13757] BTRFS: device /dev/loop3 using temp-fsid e21f2e1e-c8d7-4b16-ad81-eee7ee1dcb98 [ 248.735791][T13749] BTRFS info (device loop5): checking UUID tree [ 248.737179][T13754] BTRFS info (device loop4): force clearing of disk cache [ 248.751427][T13757] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13757) [pid 5065] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13749] <... mount resumed>) = 0 [pid 13749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13749] chdir("./file0") = 0 [pid 13749] ioctl(4, LOOP_CLR_FD) = 0 [pid 13749] close(4) = 0 [pid 13749] open("./file0", O_RDONLY) = 4 [pid 13749] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 248.759852][T13754] BTRFS info (device loop4): setting nodatasum [ 248.798014][T13753] BTRFS info (device loop2): enabling ssd optimizations [ 248.798490][T13757] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13749] open("./file0", O_RDONLY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13749] <... open resumed>) = 5 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13749] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] close(4) = 0 [pid 5065] rmdir("./80/file0") = 0 [pid 13749] <... ioctl resumed>) = 0 [pid 13749] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 13749] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] <... close resumed>) = 0 [pid 13749] exit_group(0 [pid 5065] rmdir("./80") = 0 [pid 5065] mkdir("./81", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 13749] <... exit_group resumed>) = ? [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 13749] +++ exited with 0 +++ [pid 5065] close(3 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13749, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5065] <... close resumed>) = 0 [pid 5069] umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", ./strace-static-x86_64: Process 13819 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13819 [pid 13819] set_robust_list(0x555557145760, 24 [pid 5069] getdents64(3, [pid 13819] <... set_robust_list resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13819] chdir("./81" [pid 5069] umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13819] <... chdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 248.837575][T13754] BTRFS info (device loop4): allowing degraded mounts [ 248.849794][T13753] BTRFS info (device loop2): auto enabling async discard [ 248.851343][ T12] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 13819] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] newfstatat(AT_FDCWD, "./80/binderfs", [pid 13819] <... prctl resumed>) = 0 [pid 13819] setpgid(0, 0) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] unlink("./80/binderfs" [pid 13819] <... openat resumed>) = 3 [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13819] write(3, "1000", 4) = 4 [pid 13819] close(3) = 0 [pid 13819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13819] memfd_create("syzkaller", 0) = 3 [pid 13819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 248.888447][T13754] BTRFS info (device loop4): enabling disk space caching [ 248.891139][T13757] BTRFS info (device loop3): force clearing of disk cache [ 248.896448][T13756] BTRFS info (device loop0): enabling ssd optimizations [ 248.909941][T13754] BTRFS info (device loop4): disk space caching is enabled [ 248.911460][T13753] BTRFS info (device loop2): rebuilding free space tree [ 248.930007][T13756] BTRFS info (device loop0): auto enabling async discard [ 248.940055][T13756] BTRFS info (device loop0): rebuilding free space tree [ 248.962560][T13757] BTRFS info (device loop3): setting nodatasum [ 248.976984][T13756] BTRFS info (device loop0): disabling free space tree [ 248.983928][T13756] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 248.995595][T13756] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 249.007581][T13757] BTRFS info (device loop3): allowing degraded mounts [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 249.039824][T13757] BTRFS info (device loop3): enabling disk space caching [ 249.040049][T13753] BTRFS info (device loop2): disabling free space tree [ 249.060745][T13753] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 249.078536][T13757] BTRFS info (device loop3): disk space caching is enabled [pid 5069] openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./80/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./80") = 0 [ 249.106923][T13753] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 249.136038][T13754] BTRFS info (device loop4): enabling ssd optimizations [pid 5069] mkdir("./81", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13843 ./strace-static-x86_64: Process 13843 attached [pid 13843] set_robust_list(0x555557145760, 24) = 0 [pid 13843] chdir("./81") = 0 [pid 13843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13843] setpgid(0, 0) = 0 [pid 13843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 249.157278][T13756] BTRFS info (device loop0): checking UUID tree [ 249.176323][T13754] BTRFS info (device loop4): auto enabling async discard [ 249.197972][T13753] BTRFS info (device loop2): checking UUID tree [pid 13843] write(3, "1000", 4) = 4 [pid 13843] close(3) = 0 [pid 13843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13756] <... mount resumed>) = 0 [pid 13756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13843] memfd_create("syzkaller", 0 [pid 13756] chdir("./file0") = 0 [pid 13756] ioctl(4, LOOP_CLR_FD) = 0 [pid 13756] close(4 [pid 13843] <... memfd_create resumed>) = 3 [pid 13756] <... close resumed>) = 0 [pid 13756] open("./file0", O_RDONLY [pid 13843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13756] <... open resumed>) = 4 [pid 13753] <... mount resumed>) = 0 [pid 13753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13843] <... mmap resumed>) = 0x7fda9371b000 [pid 13753] <... openat resumed>) = 3 [pid 13753] chdir("./file0" [pid 13756] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13753] <... chdir resumed>) = 0 [pid 13753] ioctl(4, LOOP_CLR_FD) = 0 [pid 13753] close(4) = 0 [pid 13753] open("./file0", O_RDONLY) = 4 [ 249.229851][T13754] BTRFS info (device loop4): rebuilding free space tree [pid 13753] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13753] open("./file0", O_RDONLY) = 5 [pid 13756] <... ioctl resumed>) = 0 [pid 13753] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13756] open("./file0", O_RDONLY [pid 13753] <... ioctl resumed>) = 0 [pid 13756] <... open resumed>) = 5 [pid 13753] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13756] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13753] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13756] <... ioctl resumed>) = 0 [pid 13753] exit_group(0) = ? [pid 13753] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13753, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 13756] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13756] exit_group(0) = ? [pid 13756] +++ exited with 0 +++ [pid 5066] umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13756, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5066] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", [pid 5064] umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 249.324874][T13754] BTRFS info (device loop4): disabling free space tree [ 249.359998][T13757] BTRFS info (device loop3): enabling ssd optimizations [pid 5066] getdents64(3, [pid 5064] newfstatat(3, "", [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, [pid 5066] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] unlink("./81/binderfs") = 0 [pid 5064] umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 249.381188][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 249.388858][T13754] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 249.399596][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 249.419865][T13757] BTRFS info (device loop3): auto enabling async discard [pid 5064] unlink("./79/binderfs") = 0 [ 249.431684][T13754] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 249.435102][T13757] BTRFS info (device loop3): rebuilding free space tree [pid 5064] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 249.496943][T13754] BTRFS info (device loop4): checking UUID tree [ 249.546751][T13757] BTRFS info (device loop3): disabling free space tree [pid 13843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13754] <... mount resumed>) = 0 [pid 13754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = 0 [pid 13754] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = 0 [ 249.588780][T13757] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 249.598458][T13757] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13754] chdir("./file0" [pid 5066] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13754] <... chdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./79/file0", [pid 5066] newfstatat(AT_FDCWD, "./81/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13754] ioctl(4, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13754] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13754] close(4 [pid 5066] openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 4 [pid 13754] <... close resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 5066] newfstatat(4, "", [pid 13754] open("./file0", O_RDONLY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 5064] getdents64(4, [pid 13754] <... open resumed>) = 4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 5066] getdents64(4, [pid 13754] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 5064] close(4 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./81/file0" [pid 5064] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] rmdir("./79/file0" [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] close(3 [pid 5064] getdents64(3, [pid 13754] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] rmdir("./81" [pid 5064] close(3 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] mkdir("./82", 0777 [pid 5064] rmdir("./79" [pid 13754] open("./file0", O_RDONLY [pid 5066] <... mkdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 13754] <... open resumed>) = 5 [pid 13754] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... openat resumed>) = 3 [pid 5064] mkdir("./80", 0777) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 13754] <... ioctl resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 13754] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] close(3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 13754] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] close(3 [pid 13754] exit_group(0./strace-static-x86_64: Process 13860 attached ) = ? [pid 5064] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 13860 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 13754] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13754, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- [pid 13860] set_robust_list(0x555557145760, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13861 [pid 5068] umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 249.690760][T13757] BTRFS info (device loop3): checking UUID tree [pid 5068] getdents64(3, ./strace-static-x86_64: Process 13861 attached [pid 13860] <... set_robust_list resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13861] set_robust_list(0x555557145760, 24 [pid 13860] chdir("./82" [pid 13819] <... write resumed>) = 16777216 [pid 13757] <... mount resumed>) = 0 [pid 5068] umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13861] <... set_robust_list resumed>) = 0 [pid 13757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13757] <... openat resumed>) = 3 [pid 5068] newfstatat(AT_FDCWD, "./80/binderfs", [ 249.752418][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 13861] chdir("./80") = 0 [pid 13860] <... chdir resumed>) = 0 [pid 13819] munmap(0x7fda9371b000, 138412032 [pid 13757] chdir("./file0" [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13861] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13757] <... chdir resumed>) = 0 [pid 5068] unlink("./80/binderfs" [pid 13757] ioctl(4, LOOP_CLR_FD [pid 5068] <... unlink resumed>) = 0 [pid 13757] <... ioctl resumed>) = 0 [pid 5068] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13861] <... prctl resumed>) = 0 [pid 13860] <... prctl resumed>) = 0 [pid 13819] <... munmap resumed>) = 0 [pid 13757] close(4) = 0 [pid 13757] open("./file0", O_RDONLY) = 4 [pid 13757] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13861] setpgid(0, 0 [pid 13860] setpgid(0, 0) = 0 [pid 13861] <... setpgid resumed>) = 0 [pid 13861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13861] <... openat resumed>) = 3 [pid 13861] write(3, "1000", 4 [pid 13860] <... openat resumed>) = 3 [pid 13819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 13757] <... ioctl resumed>) = 0 [pid 13861] <... write resumed>) = 4 [pid 13860] write(3, "1000", 4 [pid 13861] close(3 [pid 13860] <... write resumed>) = 4 [pid 13861] <... close resumed>) = 0 [pid 13860] close(3 [pid 13861] symlink("/dev/binderfs", "./binderfs" [pid 13860] <... close resumed>) = 0 [pid 13757] open("./file0", O_RDONLY [pid 13860] symlink("/dev/binderfs", "./binderfs" [pid 13757] <... open resumed>) = 5 [pid 13861] <... symlink resumed>) = 0 [pid 13860] <... symlink resumed>) = 0 [pid 13819] <... openat resumed>) = 4 [pid 13757] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13861] memfd_create("syzkaller", 0 [pid 13860] memfd_create("syzkaller", 0 [pid 13819] ioctl(4, LOOP_SET_FD, 3 [pid 13860] <... memfd_create resumed>) = 3 [pid 13757] <... ioctl resumed>) = 0 [pid 13861] <... memfd_create resumed>) = 3 [pid 13860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13819] <... ioctl resumed>) = 0 [pid 13819] close(3) = 0 [pid 13861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13860] <... mmap resumed>) = 0x7fda9371b000 [pid 13819] mkdir("./file0", 0777) = 0 [pid 13757] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13861] <... mmap resumed>) = 0x7fda9371b000 [pid 13757] exit_group(0) = ? [pid 13757] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13757, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 13819] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 249.842314][T13819] loop1: detected capacity change from 0 to 32768 [ 249.870481][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./80/binderfs") = 0 [ 249.901852][T13819] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13819) [pid 5067] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./80/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./80") = 0 [ 250.010357][T13819] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5068] mkdir("./81", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13864 ./strace-static-x86_64: Process 13864 attached [pid 13864] set_robust_list(0x555557145760, 24) = 0 [pid 13864] chdir("./81") = 0 [pid 13864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13864] setpgid(0, 0) = 0 [pid 13843] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = 0 [ 250.089308][T13819] BTRFS info (device loop1): force clearing of disk cache [ 250.096443][T13819] BTRFS info (device loop1): setting nodatasum [pid 13864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13864] write(3, "1000", 4) = 4 [pid 5067] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13864] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13864] <... close resumed>) = 0 [pid 13864] symlink("/dev/binderfs", "./binderfs" [pid 5067] newfstatat(AT_FDCWD, "./80/file0", [pid 13864] <... symlink resumed>) = 0 [pid 13843] munmap(0x7fda9371b000, 138412032 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13843] <... munmap resumed>) = 0 [pid 5067] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 13864] memfd_create("syzkaller", 0 [pid 5067] openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13864] <... memfd_create resumed>) = 3 [pid 5067] <... openat resumed>) = 4 [pid 13864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] newfstatat(4, "", [pid 13864] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 13843] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] getdents64(4, [pid 13843] <... openat resumed>) = 4 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [ 250.162780][T13819] BTRFS info (device loop1): allowing degraded mounts [ 250.200030][T13819] BTRFS info (device loop1): enabling disk space caching [pid 13843] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./80/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./80") = 0 [pid 5067] mkdir("./81", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 13843] <... ioctl resumed>) = 0 [pid 13843] close(3 [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 13843] <... close resumed>) = 0 [ 250.239806][T13843] loop5: detected capacity change from 0 to 32768 [ 250.252442][T13819] BTRFS info (device loop1): disk space caching is enabled [pid 13843] mkdir("./file0", 0777) = 0 [pid 13843] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13867 attached [pid 13867] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 13867 [pid 13867] <... set_robust_list resumed>) = 0 [pid 13867] chdir("./81") = 0 [pid 13867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13867] setpgid(0, 0) = 0 [ 250.293284][T13843] BTRFS: device /dev/loop5 using temp-fsid df7366ab-297d-4026-bc65-25bdb3b791f5 [ 250.328830][T13843] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13843) [pid 13867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13867] write(3, "1000", 4) = 4 [pid 13867] close(3 [pid 13864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13867] <... close resumed>) = 0 [pid 13867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13867] memfd_create("syzkaller", 0) = 3 [pid 13867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 250.450792][T13843] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 13861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13819] <... mount resumed>) = 0 [pid 13819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13819] chdir("./file0") = 0 [pid 13819] ioctl(4, LOOP_CLR_FD) = 0 [pid 13819] close(4) = 0 [pid 13819] open("./file0", O_RDONLY) = 4 [pid 13819] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13864] <... write resumed>) = 16777216 [pid 13819] open("./file0", O_RDONLY) = 5 [pid 13819] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13843] <... mount resumed>) = 0 [pid 13843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13843] chdir("./file0") = 0 [pid 13843] ioctl(4, LOOP_CLR_FD) = 0 [pid 13843] close(4) = 0 [pid 13819] <... ioctl resumed>) = 0 [pid 13843] open("./file0", O_RDONLY) = 4 [pid 13843] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13864] munmap(0x7fda9371b000, 138412032 [pid 13819] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13819] exit_group(0 [pid 13864] <... munmap resumed>) = 0 [pid 13819] <... exit_group resumed>) = ? [pid 13843] <... ioctl resumed>) = 0 [pid 13819] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13819, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 13843] open("./file0", O_RDONLY [pid 5065] newfstatat(3, "", [pid 13864] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 13843] <... open resumed>) = 5 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13843] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] getdents64(3, [pid 13843] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./81/binderfs" [pid 13864] <... openat resumed>) = 4 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13843] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13843] exit_group(0) = ? [pid 13864] ioctl(4, LOOP_SET_FD, 3 [pid 13843] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13843, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./81/binderfs") = 0 [pid 5069] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13864] <... ioctl resumed>) = 0 [pid 13864] close(3) = 0 [pid 13864] mkdir("./file0", 0777) = 0 [ 250.952434][T13864] loop4: detected capacity change from 0 to 32768 [ 251.013718][T13864] BTRFS: device /dev/loop4 using temp-fsid bf6ddba5-4099-4915-b88a-7275aec052ec [ 251.049695][T13864] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13864) [pid 13864] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13867] <... write resumed>) = 16777216 [pid 13867] munmap(0x7fda9371b000, 138412032) = 0 [pid 13867] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 13867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13867] close(3) = 0 [pid 13867] mkdir("./file0", 0777) = 0 [pid 13867] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5069] newfstatat(AT_FDCWD, "./81/file0", [pid 5065] rmdir("./81/file0") = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] close(3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./81") = 0 [pid 5065] mkdir("./82", 0777) = 0 [pid 5069] openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 251.158799][T13867] loop3: detected capacity change from 0 to 32768 [ 251.191416][T13867] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (13867) [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... openat resumed>) = 4 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13909 attached [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 13909] set_robust_list(0x555557145760, 24 [pid 5069] getdents64(4, [pid 13909] <... set_robust_list resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 13909 [pid 5069] getdents64(4, [pid 13909] chdir("./82" [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 13909] <... chdir resumed>) = 0 [pid 5069] close(4 [pid 13909] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... close resumed>) = 0 [pid 13909] <... prctl resumed>) = 0 [pid 13860] <... write resumed>) = 16777216 [pid 5069] rmdir("./81/file0" [pid 13909] setpgid(0, 0 [pid 5069] <... rmdir resumed>) = 0 [pid 13909] <... setpgid resumed>) = 0 [pid 13860] munmap(0x7fda9371b000, 138412032 [pid 5069] getdents64(3, [pid 13909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13909] <... openat resumed>) = 3 [pid 5069] close(3 [pid 13909] write(3, "1000", 4 [pid 5069] <... close resumed>) = 0 [pid 13909] <... write resumed>) = 4 [pid 5069] rmdir("./81" [pid 13909] close(3) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 13909] symlink("/dev/binderfs", "./binderfs" [pid 5069] mkdir("./82", 0777 [pid 13909] <... symlink resumed>) = 0 [pid 13909] memfd_create("syzkaller", 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 13909] <... memfd_create resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 13909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... ioctl resumed>) = 0 [pid 13909] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] close(3 [pid 13860] <... munmap resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 13915 ./strace-static-x86_64: Process 13915 attached [pid 13915] set_robust_list(0x555557145760, 24 [pid 13860] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 13915] <... set_robust_list resumed>) = 0 [pid 13861] <... write resumed>) = 16777216 [pid 13860] <... openat resumed>) = 4 [pid 13915] chdir("./82" [pid 13860] ioctl(4, LOOP_SET_FD, 3 [pid 13915] <... chdir resumed>) = 0 [pid 13915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13915] setpgid(0, 0) = 0 [pid 13861] munmap(0x7fda9371b000, 138412032) = 0 [pid 13915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13860] <... ioctl resumed>) = 0 [pid 13915] <... openat resumed>) = 3 [pid 13860] close(3) = 0 [pid 13915] write(3, "1000", 4 [pid 13860] mkdir("./file0", 0777 [pid 13915] <... write resumed>) = 4 [pid 13915] close(3 [pid 13860] <... mkdir resumed>) = 0 [pid 13915] <... close resumed>) = 0 [pid 13860] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13915] memfd_create("syzkaller", 0) = 3 [ 251.304774][T13860] loop2: detected capacity change from 0 to 32768 [pid 13915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 251.366141][T13860] BTRFS: device /dev/loop2 using temp-fsid 97722b99-2c3b-4c19-b357-0eea86279872 [pid 13861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 13861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13861] close(3) = 0 [pid 13861] mkdir("./file0", 0777) = 0 [pid 13861] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13864] <... mount resumed>) = 0 [ 251.420993][T13861] loop0: detected capacity change from 0 to 32768 [ 251.445703][T13860] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13860) [pid 13864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13864] chdir("./file0") = 0 [pid 13864] ioctl(4, LOOP_CLR_FD) = 0 [pid 13864] close(4) = 0 [pid 13864] open("./file0", O_RDONLY) = 4 [pid 13864] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 251.519735][T13861] BTRFS: device /dev/loop0 using temp-fsid 6d52bde1-1c2f-437b-b650-2748ff6b06e9 [pid 13864] open("./file0", O_RDONLY) = 5 [pid 13864] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13864] <... ioctl resumed>) = 0 [pid 13864] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13864] exit_group(0) = ? [pid 13864] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13864, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [ 251.608882][T13861] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13861) [ 251.614054][ T1047] _btrfs_printk: 46 callbacks suppressed [ 251.614065][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./81/binderfs") = 0 [ 251.666152][T13861] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 251.675635][T13867] BTRFS info (device loop3): enabling ssd optimizations [ 251.681758][T13861] BTRFS info (device loop0): force clearing of disk cache [ 251.689941][T13861] BTRFS info (device loop0): setting nodatasum [ 251.696267][T13861] BTRFS info (device loop0): allowing degraded mounts [ 251.703307][T13861] BTRFS info (device loop0): enabling disk space caching [ 251.710985][T13861] BTRFS info (device loop0): disk space caching is enabled [pid 5068] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 251.738857][T13867] BTRFS info (device loop3): auto enabling async discard [ 251.746805][T13860] BTRFS info (device loop2): enabling ssd optimizations [ 251.765203][T13867] BTRFS info (device loop3): rebuilding free space tree [ 251.819578][T13860] BTRFS info (device loop2): auto enabling async discard [pid 13915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 251.898952][T13860] BTRFS info (device loop2): rebuilding free space tree [ 251.904338][T13861] BTRFS info (device loop0): enabling ssd optimizations [ 251.937277][T13861] BTRFS info (device loop0): auto enabling async discard [pid 5068] openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 251.938218][T13867] BTRFS info (device loop3): disabling free space tree [ 251.945684][T13860] BTRFS info (device loop2): disabling free space tree [ 251.969938][T13861] BTRFS info (device loop0): rebuilding free space tree [ 251.977434][T13860] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [ 251.998764][T13860] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 252.011008][T13861] BTRFS info (device loop0): disabling free space tree [ 252.017898][T13861] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 252.024091][T13867] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] rmdir("./81/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./81") = 0 [pid 5068] mkdir("./82", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [ 252.058750][T13861] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 252.080290][T13860] BTRFS info (device loop2): checking UUID tree [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13967 attached , child_tidptr=0x555557145750) = 13967 [pid 13967] set_robust_list(0x555557145760, 24) = 0 [pid 13967] chdir("./82" [pid 13860] <... mount resumed>) = 0 [pid 13860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13967] <... chdir resumed>) = 0 [pid 13860] <... openat resumed>) = 3 [pid 13967] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 13860] chdir("./file0" [pid 13967] <... prctl resumed>) = 0 [pid 13860] <... chdir resumed>) = 0 [pid 13967] setpgid(0, 0 [pid 13860] ioctl(4, LOOP_CLR_FD [pid 13967] <... setpgid resumed>) = 0 [pid 13860] <... ioctl resumed>) = 0 [pid 13967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 13860] close(4 [pid 13967] <... openat resumed>) = 3 [pid 13860] <... close resumed>) = 0 [pid 13860] open("./file0", O_RDONLY [pid 13967] write(3, "1000", 4 [pid 13860] <... open resumed>) = 4 [pid 13967] <... write resumed>) = 4 [pid 13967] close(3) = 0 [ 252.109705][T13867] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 252.130855][T13861] BTRFS info (device loop0): checking UUID tree [pid 13967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 13860] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13967] memfd_create("syzkaller", 0 [pid 13861] <... mount resumed>) = 0 [pid 13861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 13967] <... memfd_create resumed>) = 3 [pid 13861] <... openat resumed>) = 3 [pid 13967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 13861] chdir("./file0" [pid 13967] <... mmap resumed>) = 0x7fda9371b000 [pid 13861] <... chdir resumed>) = 0 [ 252.179756][T13867] BTRFS info (device loop3): checking UUID tree [pid 13861] ioctl(4, LOOP_CLR_FD) = 0 [pid 13860] <... ioctl resumed>) = 0 [pid 13861] close(4) = 0 [pid 13860] open("./file0", O_RDONLY [pid 13915] <... write resumed>) = 16777216 [pid 13861] open("./file0", O_RDONLY [pid 13860] <... open resumed>) = 5 [pid 13915] munmap(0x7fda9371b000, 138412032 [pid 13861] <... open resumed>) = 4 [pid 13860] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13915] <... munmap resumed>) = 0 [pid 13867] <... mount resumed>) = 0 [pid 13861] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13867] chdir("./file0") = 0 [pid 13867] ioctl(4, LOOP_CLR_FD) = 0 [pid 13860] <... ioctl resumed>) = 0 [pid 13867] close(4) = 0 [pid 13860] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13915] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 13860] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 13915] <... openat resumed>) = 4 [pid 13915] ioctl(4, LOOP_SET_FD, 3 [pid 13867] open("./file0", O_RDONLY [ 252.266224][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 13860] exit_group(0 [pid 13909] <... write resumed>) = 16777216 [pid 13867] <... open resumed>) = 4 [pid 13867] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13915] <... ioctl resumed>) = 0 [pid 13860] <... exit_group resumed>) = ? [pid 13867] <... ioctl resumed>) = 0 [pid 13867] open("./file0", O_RDONLY) = 5 [pid 13861] <... ioctl resumed>) = 0 [pid 13861] open("./file0", O_RDONLY [pid 13915] close(3 [pid 13861] <... open resumed>) = 5 [pid 13860] +++ exited with 0 +++ [pid 13915] <... close resumed>) = 0 [pid 13861] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13915] mkdir("./file0", 0777 [pid 13909] munmap(0x7fda9371b000, 138412032 [pid 13915] <... mkdir resumed>) = 0 [pid 13861] <... ioctl resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13860, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 13915] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13867] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 13861] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13861] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 252.309161][T13915] loop5: detected capacity change from 0 to 32768 [pid 13867] <... ioctl resumed>) = 0 [pid 13861] exit_group(0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13861] <... exit_group resumed>) = ? [pid 13909] <... munmap resumed>) = 0 [pid 13867] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 13861] +++ exited with 0 +++ [pid 5066] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 13867] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... openat resumed>) = 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13861, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [pid 13867] exit_group(0 [pid 5066] newfstatat(3, "", [pid 13867] <... exit_group resumed>) = ? [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13867] +++ exited with 0 +++ [pid 5066] getdents64(3, [pid 13909] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13909] <... openat resumed>) = 4 [pid 5066] umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13909] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13867, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 5066] newfstatat(AT_FDCWD, "./82/binderfs", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5066] unlink("./82/binderfs" [pid 5064] newfstatat(3, "", [pid 5066] <... unlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 5067] umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... openat resumed>) = 3 [pid 5064] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 252.361117][T13915] BTRFS: device /dev/loop5 using temp-fsid 1c00c4d5-b092-46a8-b2aa-4b135fe9742f [ 252.383510][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 252.392866][T13909] loop1: detected capacity change from 0 to 32768 [ 252.400350][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5067] getdents64(3, [pid 5064] unlink("./80/binderfs" [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13909] <... ioctl resumed>) = 0 [pid 13909] close(3) = 0 [pid 13909] mkdir("./file0", 0777) = 0 [pid 13909] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./81/binderfs") = 0 [ 252.424742][T13915] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (13915) [ 252.500596][T13915] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 252.529736][T13909] BTRFS: device /dev/loop1 using temp-fsid 1691084d-c7a0-44ab-82a5-48fda0f1801a [ 252.548858][T13915] BTRFS info (device loop5): force clearing of disk cache [ 252.566156][T13909] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (13909) [pid 5067] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 252.599148][T13915] BTRFS info (device loop5): setting nodatasum [ 252.606792][T13915] BTRFS info (device loop5): allowing degraded mounts [ 252.625186][T13909] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 13967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./82/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./82") = 0 [pid 5066] mkdir("./83", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [ 252.660624][T13915] BTRFS info (device loop5): enabling disk space caching [ 252.693004][T13909] BTRFS info (device loop1): force clearing of disk cache [ 252.698811][T13915] BTRFS info (device loop5): disk space caching is enabled [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13976 attached [pid 13976] set_robust_list(0x555557145760, 24) = 0 [pid 13976] chdir("./83") = 0 [pid 13976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13976] setpgid(0, 0) = 0 [pid 13976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13976] write(3, "1000", 4 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 13976 [pid 13976] <... write resumed>) = 4 [pid 13976] close(3) = 0 [pid 13976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 13976] memfd_create("syzkaller", 0 [pid 5064] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13976] <... memfd_create resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] newfstatat(AT_FDCWD, "./80/file0", [pid 13976] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 252.749476][T13909] BTRFS info (device loop1): setting nodatasum [ 252.755752][T13909] BTRFS info (device loop1): allowing degraded mounts [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./80/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./80") = 0 [pid 5064] mkdir("./81", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 13989 attached [pid 13989] set_robust_list(0x555557145760, 24) = 0 [ 252.801779][T13909] BTRFS info (device loop1): enabling disk space caching [ 252.810048][T13909] BTRFS info (device loop1): disk space caching is enabled [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 13989 [pid 13989] chdir("./81") = 0 [pid 13989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 13989] setpgid(0, 0) = 0 [pid 13989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 13989] write(3, "1000", 4) = 4 [pid 13989] close(3) = 0 [pid 13989] symlink("/dev/binderfs", "./binderfs") = 0 [ 252.918943][T13915] BTRFS info (device loop5): enabling ssd optimizations [ 252.936880][T13915] BTRFS info (device loop5): auto enabling async discard [pid 13989] memfd_create("syzkaller", 0) = 3 [pid 13989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 252.990987][T13915] BTRFS info (device loop5): rebuilding free space tree [pid 13967] <... write resumed>) = 16777216 [pid 13967] munmap(0x7fda9371b000, 138412032) = 0 [pid 13967] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 13967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13967] close(3) = 0 [pid 13967] mkdir("./file0", 0777) = 0 [ 253.085449][T13915] BTRFS info (device loop5): disabling free space tree [ 253.098832][T13909] BTRFS info (device loop1): enabling ssd optimizations [ 253.105788][T13909] BTRFS info (device loop1): auto enabling async discard [ 253.112142][T13967] loop4: detected capacity change from 0 to 32768 [ 253.142472][T13915] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 253.142517][T13967] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (13967) [ 253.203416][T13909] BTRFS info (device loop1): rebuilding free space tree [ 253.210998][T13915] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 13967] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 253.268898][T13967] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 253.285404][T13909] BTRFS info (device loop1): disabling free space tree [ 253.300103][T13915] BTRFS info (device loop5): checking UUID tree [ 253.305807][T13909] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 13976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./81/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./81") = 0 [ 253.331913][T13967] BTRFS info (device loop4): force clearing of disk cache [ 253.356752][T13967] BTRFS info (device loop4): setting nodatasum [ 253.358785][T13909] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] mkdir("./82", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14008 ./strace-static-x86_64: Process 14008 attached [pid 14008] set_robust_list(0x555557145760, 24) = 0 [pid 14008] chdir("./82") = 0 [pid 14008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14008] setpgid(0, 0) = 0 [pid 14008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14008] write(3, "1000", 4) = 4 [pid 13915] <... mount resumed>) = 0 [pid 14008] close(3 [pid 13915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14008] <... close resumed>) = 0 [pid 14008] symlink("/dev/binderfs", "./binderfs" [pid 13915] <... openat resumed>) = 3 [pid 14008] <... symlink resumed>) = 0 [pid 14008] memfd_create("syzkaller", 0 [pid 13915] chdir("./file0" [pid 14008] <... memfd_create resumed>) = 3 [pid 13915] <... chdir resumed>) = 0 [pid 14008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 13989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13915] ioctl(4, LOOP_CLR_FD) = 0 [pid 13915] close(4) = 0 [pid 13915] open("./file0", O_RDONLY) = 4 [ 253.389787][T13967] BTRFS info (device loop4): allowing degraded mounts [ 253.396565][T13967] BTRFS info (device loop4): enabling disk space caching [ 253.420935][T13967] BTRFS info (device loop4): disk space caching is enabled [pid 13915] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13915] open("./file0", O_RDONLY) = 5 [pid 13915] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 13915] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13915] exit_group(0) = ? [pid 13915] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13915, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5069] umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 253.486082][T13909] BTRFS info (device loop1): checking UUID tree [ 253.521356][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13909] <... mount resumed>) = 0 [pid 13909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] unlink("./82/binderfs") = 0 [pid 13909] <... openat resumed>) = 3 [pid 5069] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13909] chdir("./file0") = 0 [pid 13909] ioctl(4, LOOP_CLR_FD) = 0 [pid 13909] close(4) = 0 [pid 13909] open("./file0", O_RDONLY) = 4 [pid 13909] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 13909] open("./file0", O_RDONLY) = 5 [pid 13909] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 253.584055][T13967] BTRFS info (device loop4): enabling ssd optimizations [ 253.599036][T13967] BTRFS info (device loop4): auto enabling async discard [ 253.608384][T13967] BTRFS info (device loop4): rebuilding free space tree [pid 13909] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13909] exit_group(0) = ? [pid 13909] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13909, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 13989] <... write resumed>) = 16777216 [pid 13989] munmap(0x7fda9371b000, 138412032 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 253.643759][T13967] BTRFS info (device loop4): disabling free space tree [ 253.669158][T13967] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 253.681116][ T1047] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] unlink("./82/binderfs") = 0 [pid 13989] <... munmap resumed>) = 0 [pid 5065] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 13989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 13989] close(3) = 0 [ 253.712483][T13967] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 253.730157][T13989] loop0: detected capacity change from 0 to 32768 [pid 13989] mkdir("./file0", 0777) = 0 [ 253.768838][T13989] BTRFS: device /dev/loop0 using temp-fsid 0a02ac82-4779-4d56-b0ff-5acc232a0a5c [ 253.777927][T13989] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (13989) [ 253.794350][T13967] BTRFS info (device loop4): checking UUID tree [pid 13989] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13967] <... mount resumed>) = 0 [pid 13967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13967] chdir("./file0") = 0 [pid 13967] ioctl(4, LOOP_CLR_FD) = 0 [pid 13967] close(4) = 0 [pid 13967] open("./file0", O_RDONLY) = 4 [pid 13967] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13967] open("./file0", O_RDONLY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./82/file0") = 0 [pid 5065] getdents64(3, [pid 13967] <... open resumed>) = 5 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 13967] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] close(3) = 0 [pid 5065] rmdir("./82") = 0 [pid 5065] mkdir("./83", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14027 attached [pid 14027] set_robust_list(0x555557145760, 24) = 0 [ 253.861226][T13989] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14027] chdir("./83" [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 14027 [pid 13967] <... ioctl resumed>) = 0 [pid 13967] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13967] exit_group(0 [pid 14027] <... chdir resumed>) = 0 [pid 14027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14027] setpgid(0, 0) = 0 [pid 13967] <... exit_group resumed>) = ? [pid 14027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14027] write(3, "1000", 4 [pid 13967] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13967, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 14027] <... write resumed>) = 4 [pid 5068] <... restart_syscall resumed>) = 0 [pid 14027] close(3) = 0 [pid 14027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14027] memfd_create("syzkaller", 0 [pid 5068] umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14027] <... memfd_create resumed>) = 3 [pid 14027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 253.917283][T13989] BTRFS info (device loop0): force clearing of disk cache [ 253.920960][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 253.953363][T13989] BTRFS info (device loop0): setting nodatasum [pid 5068] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13976] <... write resumed>) = 16777216 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13976] munmap(0x7fda9371b000, 138412032 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 13976] <... munmap resumed>) = 0 [ 253.989694][T13989] BTRFS info (device loop0): allowing degraded mounts [ 253.996505][T13989] BTRFS info (device loop0): enabling disk space caching [pid 5068] unlink("./82/binderfs" [pid 5069] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... unlink resumed>) = 0 [pid 13976] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13976] <... openat resumed>) = 4 [pid 13976] ioctl(4, LOOP_SET_FD, 3 [pid 5069] newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13976] <... ioctl resumed>) = 0 [pid 13976] close(3) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 13976] mkdir("./file0", 0777 [pid 5069] openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 13976] <... mkdir resumed>) = 0 [pid 13976] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 254.048772][T13989] BTRFS info (device loop0): disk space caching is enabled [ 254.080449][T13976] loop2: detected capacity change from 0 to 32768 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./82/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./82") = 0 [ 254.103858][T13976] BTRFS: device /dev/loop2 using temp-fsid 7b255e25-4063-4de7-9072-12849486d3c9 [pid 5069] mkdir("./83", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14042 ./strace-static-x86_64: Process 14042 attached [pid 14042] set_robust_list(0x555557145760, 24) = 0 [pid 14042] chdir("./83") = 0 [pid 14042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14042] setpgid(0, 0) = 0 [pid 14042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14042] write(3, "1000", 4) = 4 [pid 14042] close(3) = 0 [pid 14042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14042] memfd_create("syzkaller", 0) = 3 [pid 14042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 254.170598][T13976] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (13976) [ 254.266004][T13976] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 254.306044][T13976] BTRFS info (device loop2): force clearing of disk cache [pid 14027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14008] <... write resumed>) = 16777216 [pid 5068] <... umount2 resumed>) = 0 [pid 14008] munmap(0x7fda9371b000, 138412032 [ 254.319576][T13989] BTRFS info (device loop0): enabling ssd optimizations [ 254.326606][T13989] BTRFS info (device loop0): auto enabling async discard [ 254.354493][T13976] BTRFS info (device loop2): setting nodatasum [pid 5068] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14008] <... munmap resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14008] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14008] ioctl(4, LOOP_SET_FD, 3 [pid 5068] openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, [pid 14008] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 14008] close(3 [pid 5068] rmdir("./82/file0") = 0 [pid 14008] <... close resumed>) = 0 [ 254.370080][T13976] BTRFS info (device loop2): allowing degraded mounts [ 254.391859][T14008] loop3: detected capacity change from 0 to 32768 [ 254.399207][T13989] BTRFS info (device loop0): rebuilding free space tree [ 254.408889][T13976] BTRFS info (device loop2): enabling disk space caching [pid 14008] mkdir("./file0", 0777) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./82") = 0 [pid 5068] mkdir("./83", 0777) = 0 [pid 14008] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14045 attached , child_tidptr=0x555557145750) = 14045 [pid 14045] set_robust_list(0x555557145760, 24) = 0 [pid 14045] chdir("./83") = 0 [pid 14045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14045] setpgid(0, 0) = 0 [pid 14045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14045] write(3, "1000", 4) = 4 [pid 14045] close(3) = 0 [pid 14045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14045] memfd_create("syzkaller", 0) = 3 [pid 14045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 254.442419][T13989] BTRFS info (device loop0): disabling free space tree [ 254.445718][T13976] BTRFS info (device loop2): disk space caching is enabled [ 254.457434][T14008] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14008) [ 254.482065][T13989] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 254.533505][T14008] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 254.549613][T13989] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 254.579836][T14008] BTRFS info (device loop3): force clearing of disk cache [ 254.586962][T14008] BTRFS info (device loop3): setting nodatasum [ 254.621548][T13989] BTRFS info (device loop0): checking UUID tree [pid 14042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 13989] <... mount resumed>) = 0 [pid 13989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13989] chdir("./file0") = 0 [ 254.656916][T14008] BTRFS info (device loop3): allowing degraded mounts [ 254.668832][T13976] BTRFS info (device loop2): enabling ssd optimizations [ 254.679985][T13976] BTRFS info (device loop2): auto enabling async discard [ 254.699695][T13976] BTRFS info (device loop2): rebuilding free space tree [pid 13989] ioctl(4, LOOP_CLR_FD) = 0 [pid 13989] close(4) = 0 [pid 13989] open("./file0", O_RDONLY) = 4 [pid 13989] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13976] <... mount resumed>) = 0 [pid 13976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 13976] chdir("./file0") = 0 [pid 13976] ioctl(4, LOOP_CLR_FD) = 0 [pid 13976] close(4) = 0 [pid 13976] open("./file0", O_RDONLY) = 4 [pid 13976] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 13989] <... ioctl resumed>) = 0 [pid 13989] open("./file0", O_RDONLY) = 5 [pid 14042] <... write resumed>) = 16777216 [ 254.713277][T14008] BTRFS info (device loop3): enabling disk space caching [pid 13989] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14042] munmap(0x7fda9371b000, 138412032 [pid 13989] <... ioctl resumed>) = 0 [pid 13989] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 13989] exit_group(0) = ? [pid 13989] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13989, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14042] <... munmap resumed>) = 0 [pid 14042] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5064] <... openat resumed>) = 3 [pid 14042] <... openat resumed>) = 4 [pid 13976] <... ioctl resumed>) = 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14042] ioctl(4, LOOP_SET_FD, 3 [pid 13976] open("./file0", O_RDONLY) = 5 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 13976] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./81/binderfs") = 0 [pid 5064] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 13976] <... ioctl resumed>) = 0 [pid 14042] <... ioctl resumed>) = 0 [pid 13976] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 254.819594][T14042] loop5: detected capacity change from 0 to 32768 [pid 14042] close(3 [pid 13976] exit_group(0 [pid 14042] <... close resumed>) = 0 [pid 14042] mkdir("./file0", 0777) = 0 [pid 14042] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 13976] <... exit_group resumed>) = ? [pid 13976] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = 0 [pid 14027] <... write resumed>) = 16777216 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13976, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5064] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./81/file0", [pid 14027] munmap(0x7fda9371b000, 138412032 [pid 5066] umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14027] <... munmap resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 5066] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 254.891236][T14042] BTRFS: device /dev/loop5 using temp-fsid 302e8d52-857a-4bc5-881f-1ac0f23fabf9 [pid 14045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... openat resumed>) = 3 [pid 5064] getdents64(4, [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./83/binderfs") = 0 [pid 5066] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14027] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] close(4) = 0 [ 254.936200][T14042] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14042) [pid 14027] <... openat resumed>) = 4 [pid 14027] ioctl(4, LOOP_SET_FD, 3 [pid 5064] rmdir("./81/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./81") = 0 [pid 5064] mkdir("./82", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 14027] <... ioctl resumed>) = 0 [pid 14008] <... mount resumed>) = 0 [pid 14008] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... ioctl resumed>) = 0 [pid 14008] <... openat resumed>) = 3 [pid 5064] close(3 [pid 14008] chdir("./file0") = 0 [pid 5064] <... close resumed>) = 0 [ 254.984584][T14027] loop1: detected capacity change from 0 to 32768 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14027] close(3 [pid 14008] ioctl(4, LOOP_CLR_FD [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 14084 [pid 14008] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 14084 attached [pid 14008] close(4 [pid 14084] set_robust_list(0x555557145760, 24 [pid 14027] <... close resumed>) = 0 [pid 14008] <... close resumed>) = 0 [pid 14084] <... set_robust_list resumed>) = 0 [pid 14027] mkdir("./file0", 0777 [pid 14084] chdir("./82" [pid 14027] <... mkdir resumed>) = 0 [pid 14008] open("./file0", O_RDONLY [pid 14084] <... chdir resumed>) = 0 [pid 14027] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14008] <... open resumed>) = 4 [pid 14084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14008] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14084] <... prctl resumed>) = 0 [pid 14084] setpgid(0, 0) = 0 [pid 14084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14084] write(3, "1000", 4) = 4 [pid 14084] close(3) = 0 [pid 14084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14084] memfd_create("syzkaller", 0) = 3 [pid 14084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14008] <... ioctl resumed>) = 0 [pid 14008] open("./file0", O_RDONLY) = 5 [pid 14008] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14008] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14008] exit_group(0) = ? [pid 14008] +++ exited with 0 +++ [ 255.060953][T14027] BTRFS: device /dev/loop1 using temp-fsid 296003c3-7c39-4f34-b90c-053a99d742be [ 255.088796][T14027] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14027) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14008, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", [pid 5066] <... umount2 resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] getdents64(3, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] newfstatat(AT_FDCWD, "./83/file0", [pid 5067] umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./82/binderfs", [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./82/binderfs" [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 5067] <... unlink resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./83/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./83") = 0 [pid 5066] mkdir("./84", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14111 attached [pid 14111] set_robust_list(0x555557145760, 24) = 0 [pid 14111] chdir("./84" [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 14111 [pid 14111] <... chdir resumed>) = 0 [pid 14111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14111] setpgid(0, 0) = 0 [pid 14111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14111] write(3, "1000", 4) = 4 [pid 14111] close(3) = 0 [pid 14111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14111] memfd_create("syzkaller", 0) = 3 [pid 14111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14042] <... mount resumed>) = 0 [pid 14042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14042] chdir("./file0") = 0 [pid 14042] ioctl(4, LOOP_CLR_FD) = 0 [pid 14042] close(4) = 0 [pid 14042] open("./file0", O_RDONLY [pid 14111] <... mmap resumed>) = 0x7fda9371b000 [pid 14042] <... open resumed>) = 4 [pid 5067] <... umount2 resumed>) = 0 [pid 14042] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14042] <... ioctl resumed>) = 0 [pid 14042] open("./file0", O_RDONLY) = 5 [pid 14042] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5067] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14042] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./82/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./82" [pid 14042] exit_group(0 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./83", 0777 [pid 14042] <... exit_group resumed>) = ? [pid 5067] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 14042] +++ exited with 0 +++ [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14116 ./strace-static-x86_64: Process 14116 attached [pid 14116] set_robust_list(0x555557145760, 24) = 0 [pid 14116] chdir("./83") = 0 [pid 14116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14116] setpgid(0, 0) = 0 [pid 14116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14116] write(3, "1000", 4) = 4 [pid 14116] close(3) = 0 [pid 14116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14116] memfd_create("syzkaller", 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14042, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 14116] <... memfd_create resumed>) = 3 [pid 14116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./83/binderfs") = 0 [pid 5069] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14027] <... mount resumed>) = 0 [pid 14027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14045] <... write resumed>) = 16777216 [pid 14027] chdir("./file0") = 0 [pid 14045] munmap(0x7fda9371b000, 138412032 [pid 14027] ioctl(4, LOOP_CLR_FD) = 0 [pid 14027] close(4) = 0 [pid 14045] <... munmap resumed>) = 0 [pid 14027] open("./file0", O_RDONLY) = 4 [pid 14027] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14045] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 14045] ioctl(4, LOOP_SET_FD, 3 [pid 14027] <... ioctl resumed>) = 0 [pid 14027] open("./file0", O_RDONLY) = 5 [pid 14027] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14045] <... ioctl resumed>) = 0 [pid 14045] close(3) = 0 [pid 14045] mkdir("./file0", 0777 [ 255.660096][T14045] loop4: detected capacity change from 0 to 32768 [pid 14027] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14027] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14045] <... mkdir resumed>) = 0 [pid 14027] exit_group(0) = ? [pid 14045] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14027] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14027, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [pid 5065] umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 255.772852][T14045] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14045) [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./83/binderfs" [pid 14111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./83/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] close(3) = 0 [pid 5069] rmdir("./83") = 0 [pid 5069] mkdir("./84", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 14116] <... write resumed>) = 16777216 [pid 14045] <... mount resumed>) = 0 [pid 14045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14045] chdir("./file0") = 0 [pid 14045] ioctl(4, LOOP_CLR_FD) = 0 [pid 14116] munmap(0x7fda9371b000, 138412032 [pid 14045] close(4) = 0 [pid 14116] <... munmap resumed>) = 0 [pid 14045] open("./file0", O_RDONLY) = 4 [pid 14116] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 14045] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14116] <... openat resumed>) = 4 [pid 14116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14116] close(3 [pid 14045] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 14116] <... close resumed>) = 0 [pid 14045] open("./file0", O_RDONLY [pid 14116] mkdir("./file0", 0777 [pid 14045] <... open resumed>) = 5 [pid 5065] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14045] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14116] <... mkdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14116] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 256.282617][T14116] loop3: detected capacity change from 0 to 32768 [pid 5065] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14045] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14045] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 14045] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14045] exit_group(0 [pid 5065] getdents64(4, [pid 14045] <... exit_group resumed>) = ? [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 14045] +++ exited with 0 +++ [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14045, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5065] close(4 [pid 5068] umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... close resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] rmdir("./83/file0" [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 5065] <... rmdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./83/binderfs") = 0 [pid 5068] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./83") = 0 [ 256.325352][T14116] BTRFS: device /dev/loop3 using temp-fsid e62d7ca3-dba4-4927-b0d5-0a3dc93a1fb3 [ 256.359303][T14116] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14116) [pid 5065] mkdir("./84", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3 [pid 14084] <... write resumed>) = 16777216 [pid 14084] munmap(0x7fda9371b000, 138412032 [pid 14111] <... write resumed>) = 16777216 [pid 14084] <... munmap resumed>) = 0 [pid 14084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 14084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14084] close(3) = 0 [pid 14084] mkdir("./file0", 0777) = 0 [pid 14084] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14111] munmap(0x7fda9371b000, 138412032) = 0 [ 256.511134][T14084] loop0: detected capacity change from 0 to 32768 [ 256.523296][T14084] BTRFS: device /dev/loop0 using temp-fsid f609e945-b54b-4772-b7ec-ba762ec7bab5 [pid 14111] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... ioctl resumed>) = 0 [pid 14111] <... openat resumed>) = 4 [pid 5069] close(3) = 0 [pid 14111] ioctl(4, LOOP_SET_FD, 3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14148 attached , child_tidptr=0x555557145750) = 14148 [pid 14148] set_robust_list(0x555557145760, 24) = 0 [pid 14148] chdir("./84") = 0 [ 256.557433][T14084] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14084) [ 256.582378][T14111] loop2: detected capacity change from 0 to 32768 [pid 14148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14148] setpgid(0, 0) = 0 [pid 14111] <... ioctl resumed>) = 0 [pid 14148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14111] close(3 [pid 14148] write(3, "1000", 4 [pid 14111] <... close resumed>) = 0 [pid 14148] <... write resumed>) = 4 [pid 14148] close(3 [pid 14111] mkdir("./file0", 0777 [pid 14148] <... close resumed>) = 0 [pid 14111] <... mkdir resumed>) = 0 [pid 14148] symlink("/dev/binderfs", "./binderfs" [pid 14111] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14148] <... symlink resumed>) = 0 [pid 14148] memfd_create("syzkaller", 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14148] <... memfd_create resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./83/file0", [pid 14148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14148] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./83/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./83") = 0 [pid 5068] mkdir("./84", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [ 256.645433][T14111] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14111) [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14156 ./strace-static-x86_64: Process 14156 attached [pid 14156] set_robust_list(0x555557145760, 24) = 0 [pid 14156] chdir("./84") = 0 [pid 14156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14156] setpgid(0, 0) = 0 [pid 14156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14156] write(3, "1000", 4) = 4 [pid 14156] close(3) = 0 [pid 14156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14156] memfd_create("syzkaller", 0) = 3 [pid 14156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 256.713573][T14116] _btrfs_printk: 69 callbacks suppressed [ 256.713587][T14116] BTRFS info (device loop3): enabling ssd optimizations [ 256.768047][T14116] BTRFS info (device loop3): auto enabling async discard [ 256.778843][T14111] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] <... close resumed>) = 0 [ 256.825717][T14116] BTRFS info (device loop3): rebuilding free space tree [ 256.839318][T14111] BTRFS info (device loop2): force clearing of disk cache [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14167 attached , child_tidptr=0x555557145750) = 14167 [pid 14167] set_robust_list(0x555557145760, 24) = 0 [pid 14167] chdir("./84") = 0 [pid 14167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 256.873362][T14116] BTRFS info (device loop3): disabling free space tree [ 256.880302][T14116] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 256.890556][T14116] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 256.903821][T14111] BTRFS info (device loop2): setting nodatasum [ 256.910598][T14111] BTRFS info (device loop2): allowing degraded mounts [pid 14167] setpgid(0, 0) = 0 [pid 14167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14167] write(3, "1000", 4) = 4 [pid 14167] close(3) = 0 [pid 14167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14167] memfd_create("syzkaller", 0) = 3 [pid 14167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 256.917524][T14111] BTRFS info (device loop2): enabling disk space caching [ 256.925515][T14116] BTRFS info (device loop3): checking UUID tree [ 256.928827][T14084] BTRFS info (device loop0): enabling ssd optimizations [ 256.932797][T14111] BTRFS info (device loop2): disk space caching is enabled [pid 14148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14116] <... mount resumed>) = 0 [pid 14116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14116] chdir("./file0") = 0 [pid 14116] ioctl(4, LOOP_CLR_FD) = 0 [pid 14116] close(4) = 0 [pid 14116] open("./file0", O_RDONLY) = 4 [ 256.983104][T14084] BTRFS info (device loop0): auto enabling async discard [pid 14116] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14116] open("./file0", O_RDONLY) = 5 [pid 14116] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 257.031310][T14084] BTRFS info (device loop0): rebuilding free space tree [pid 14156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14116] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14116] exit_group(0) = ? [pid 14116] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14116, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./83/binderfs") = 0 [ 257.133902][T14084] BTRFS info (device loop0): disabling free space tree [ 257.153882][ T2855] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 257.175859][T14084] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 257.192380][T14111] BTRFS info (device loop2): enabling ssd optimizations [ 257.208741][T14111] BTRFS info (device loop2): auto enabling async discard [ 257.220241][T14111] BTRFS info (device loop2): rebuilding free space tree [ 257.223103][T14084] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5067] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./83/file0") = 0 [ 257.263352][T14111] BTRFS info (device loop2): disabling free space tree [ 257.285187][T14111] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./83") = 0 [pid 5067] mkdir("./84", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14187 attached [pid 14187] set_robust_list(0x555557145760, 24) = 0 [pid 14187] chdir("./84" [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 14187 [pid 14187] <... chdir resumed>) = 0 [pid 14187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14187] setpgid(0, 0) = 0 [pid 14187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14187] write(3, "1000", 4) = 4 [pid 14187] close(3) = 0 [pid 14187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14187] memfd_create("syzkaller", 0) = 3 [pid 14187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14156] <... write resumed>) = 16777216 [pid 14084] <... mount resumed>) = 0 [pid 14156] munmap(0x7fda9371b000, 138412032) = 0 [pid 14084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14084] chdir("./file0") = 0 [ 257.310388][T14084] BTRFS info (device loop0): checking UUID tree [ 257.328822][T14111] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14084] ioctl(4, LOOP_CLR_FD) = 0 [pid 14084] close(4) = 0 [pid 14156] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 14084] open("./file0", O_RDONLY [pid 14156] <... openat resumed>) = 4 [pid 14084] <... open resumed>) = 4 [pid 14084] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14156] ioctl(4, LOOP_SET_FD, 3 [pid 14084] <... ioctl resumed>) = 0 [pid 14167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14084] open("./file0", O_RDONLY) = 5 [pid 14084] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14111] <... mount resumed>) = 0 [pid 14111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14111] chdir("./file0" [pid 14084] <... ioctl resumed>) = 0 [pid 14084] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14084] exit_group(0) = ? [pid 14156] <... ioctl resumed>) = 0 [pid 14111] <... chdir resumed>) = 0 [pid 14084] +++ exited with 0 +++ [pid 14156] close(3 [pid 14111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14084, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- [pid 14156] <... close resumed>) = 0 [ 257.379675][T14111] BTRFS info (device loop2): checking UUID tree [ 257.394465][T14156] loop4: detected capacity change from 0 to 32768 [pid 14111] close(4 [pid 5064] umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14111] <... close resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 14111] open("./file0", O_RDONLY [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14156] mkdir("./file0", 0777 [pid 14111] <... open resumed>) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14156] <... mkdir resumed>) = 0 [pid 14111] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] newfstatat(AT_FDCWD, "./82/binderfs", [pid 14156] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./82/binderfs") = 0 [pid 5064] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14111] <... ioctl resumed>) = 0 [pid 14111] open("./file0", O_RDONLY) = 5 [ 257.445017][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 257.461425][T14156] BTRFS: device /dev/loop4 using temp-fsid 5ebbfbc6-a95d-49ea-af18-49007c7c5d10 [pid 14111] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14148] <... write resumed>) = 16777216 [pid 14148] munmap(0x7fda9371b000, 138412032 [pid 14111] <... ioctl resumed>) = 0 [pid 14148] <... munmap resumed>) = 0 [pid 14111] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14148] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 14111] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14111] exit_group(0 [pid 14148] <... openat resumed>) = 4 [pid 14111] <... exit_group resumed>) = ? [ 257.505819][T14156] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14156) [pid 14111] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14111, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 14148] ioctl(4, LOOP_SET_FD, 3 [pid 5066] umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 257.547199][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 257.560296][T14148] loop5: detected capacity change from 0 to 32768 [pid 5066] umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14148] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14148] close(3 [pid 5066] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14148] <... close resumed>) = 0 [pid 5066] unlink("./84/binderfs" [pid 14148] mkdir("./file0", 0777 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14148] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 14148] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./82/file0") = 0 [ 257.589251][T14156] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 257.602548][T14156] BTRFS info (device loop4): force clearing of disk cache [ 257.621562][T14148] BTRFS: device /dev/loop5 using temp-fsid ae4c1113-89a7-46ea-b487-6e63de8d48e3 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./82") = 0 [pid 5064] mkdir("./83", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14192 attached , child_tidptr=0x555557145750) = 14192 [pid 14192] set_robust_list(0x555557145760, 24) = 0 [pid 14192] chdir("./83") = 0 [pid 14192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14192] setpgid(0, 0) = 0 [pid 14192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14192] write(3, "1000", 4) = 4 [pid 14192] close(3) = 0 [pid 14192] symlink("/dev/binderfs", "./binderfs") = 0 [ 257.642257][T14156] BTRFS info (device loop4): setting nodatasum [ 257.659389][T14148] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14148) [pid 14192] memfd_create("syzkaller", 0) = 3 [pid 14192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 257.689001][T14156] BTRFS info (device loop4): allowing degraded mounts [ 257.709152][T14156] BTRFS info (device loop4): enabling disk space caching [ 257.716280][T14156] BTRFS info (device loop4): disk space caching is enabled [ 257.755362][T14148] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./84/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./84") = 0 [ 257.815676][T14148] BTRFS info (device loop5): force clearing of disk cache [pid 5066] mkdir("./85", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14202 ./strace-static-x86_64: Process 14202 attached [pid 14187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14202] set_robust_list(0x555557145760, 24) = 0 [pid 14202] chdir("./85") = 0 [pid 14202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14202] setpgid(0, 0) = 0 [ 257.866065][T14148] BTRFS info (device loop5): setting nodatasum [ 257.889532][T14148] BTRFS info (device loop5): allowing degraded mounts [ 257.897527][T14148] BTRFS info (device loop5): enabling disk space caching [pid 14202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14202] write(3, "1000", 4) = 4 [pid 14202] close(3) = 0 [pid 14202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14202] memfd_create("syzkaller", 0) = 3 [pid 14202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 257.975085][T14148] BTRFS info (device loop5): disk space caching is enabled [ 258.028789][T14156] BTRFS info (device loop4): enabling ssd optimizations [ 258.035751][T14156] BTRFS info (device loop4): auto enabling async discard [pid 14167] <... write resumed>) = 16777216 [pid 14167] munmap(0x7fda9371b000, 138412032) = 0 [ 258.112514][T14156] BTRFS info (device loop4): rebuilding free space tree [pid 14187] <... write resumed>) = 16777216 [pid 14167] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 14167] ioctl(4, LOOP_SET_FD, 3 [pid 14187] munmap(0x7fda9371b000, 138412032) = 0 [ 258.200959][T14167] loop1: detected capacity change from 0 to 32768 [ 258.211050][T14156] BTRFS info (device loop4): disabling free space tree [ 258.217944][T14156] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 14167] <... ioctl resumed>) = 0 [pid 14167] close(3) = 0 [pid 14167] mkdir("./file0", 0777) = 0 [ 258.250890][T14148] BTRFS info (device loop5): enabling ssd optimizations [ 258.274869][T14167] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14167) [ 258.288496][T14148] BTRFS info (device loop5): auto enabling async discard [pid 14167] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14187] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 14192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14187] close(3) = 0 [pid 14187] mkdir("./file0", 0777) = 0 [pid 14156] <... mount resumed>) = 0 [ 258.296899][T14156] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 258.304486][T14187] loop3: detected capacity change from 0 to 32768 [ 258.321751][T14148] BTRFS info (device loop5): rebuilding free space tree [ 258.339199][T14156] BTRFS info (device loop4): checking UUID tree [pid 14187] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14156] chdir("./file0") = 0 [ 258.355700][T14187] BTRFS: device /dev/loop3 using temp-fsid 21884d9b-232a-4a18-bfcb-b1170c2d16ad [ 258.367694][T14167] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 258.382290][T14148] BTRFS info (device loop5): disabling free space tree [pid 14156] ioctl(4, LOOP_CLR_FD) = 0 [pid 14156] close(4) = 0 [pid 14156] open("./file0", O_RDONLY) = 4 [ 258.400334][T14148] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 258.418817][T14187] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14187) [ 258.419396][T14167] BTRFS info (device loop1): force clearing of disk cache [ 258.450002][T14148] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14156] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14156] open("./file0", O_RDONLY) = 5 [pid 14156] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14156] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14156] exit_group(0 [pid 14148] <... mount resumed>) = 0 [pid 14156] <... exit_group resumed>) = ? [pid 14148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14148] chdir("./file0") = 0 [pid 14148] ioctl(4, LOOP_CLR_FD) = 0 [pid 14148] close(4 [pid 14156] +++ exited with 0 +++ [pid 14148] <... close resumed>) = 0 [pid 14148] open("./file0", O_RDONLY) = 4 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14156, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 14148] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 258.480309][T14167] BTRFS info (device loop1): setting nodatasum [ 258.480921][T14187] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 258.493693][T14167] BTRFS info (device loop1): allowing degraded mounts [ 258.503853][T14148] BTRFS info (device loop5): checking UUID tree [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 14148] <... ioctl resumed>) = 0 [pid 14148] open("./file0", O_RDONLY) = 5 [pid 5068] umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14148] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14148] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5068] <... openat resumed>) = 3 [ 258.531651][T14187] BTRFS info (device loop3): force clearing of disk cache [ 258.541302][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 258.556841][T14167] BTRFS info (device loop1): enabling disk space caching [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14148] exit_group(0) = ? [pid 14148] +++ exited with 0 +++ [pid 5068] umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14148, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5069] umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] unlink("./84/binderfs" [ 258.579471][T14187] BTRFS info (device loop3): setting nodatasum [ 258.586406][T14187] BTRFS info (device loop3): allowing degraded mounts [ 258.591059][T14167] BTRFS info (device loop1): disk space caching is enabled [ 258.601520][ T2855] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 258.619084][T14187] BTRFS info (device loop3): enabling disk space caching [pid 5069] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] <... unlink resumed>) = 0 [pid 5069] newfstatat(3, "", [pid 5068] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./84/binderfs") = 0 [ 258.626262][T14187] BTRFS info (device loop3): disk space caching is enabled [pid 5069] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14202] <... write resumed>) = 16777216 [pid 14202] munmap(0x7fda9371b000, 138412032) = 0 [pid 14202] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 258.792606][T14167] BTRFS info (device loop1): enabling ssd optimizations [ 258.807080][T14167] BTRFS info (device loop1): auto enabling async discard [ 258.825366][T14202] loop2: detected capacity change from 0 to 32768 [ 258.827619][T14187] BTRFS info (device loop3): enabling ssd optimizations [pid 14202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14202] close(3) = 0 [pid 14202] mkdir("./file0", 0777) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 14202] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14192] <... write resumed>) = 16777216 [pid 5069] newfstatat(AT_FDCWD, "./84/file0", [pid 5068] newfstatat(AT_FDCWD, "./84/file0", [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14192] munmap(0x7fda9371b000, 138412032 [pid 5069] openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... openat resumed>) = 4 [pid 5068] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", [pid 5068] newfstatat(4, "", [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 5068] getdents64(4, [pid 14192] <... munmap resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 5068] getdents64(4, [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 5068] close(4 [pid 5069] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5069] rmdir("./84/file0" [pid 5068] rmdir("./84/file0" [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [ 258.840205][T14167] BTRFS info (device loop1): rebuilding free space tree [ 258.853739][T14187] BTRFS info (device loop3): auto enabling async discard [ 258.879667][T14167] BTRFS info (device loop1): disabling free space tree [pid 5068] getdents64(3, [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5068] close(3 [pid 5069] <... close resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5069] rmdir("./84") = 0 [pid 5068] rmdir("./84" [pid 5069] mkdir("./85", 0777 [pid 5068] <... rmdir resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5068] mkdir("./85", 0777 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] <... mkdir resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] <... openat resumed>) = 3 [pid 5069] <... ioctl resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5069] close(3 [pid 5068] <... ioctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5068] close(3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14258 attached , child_tidptr=0x555557145750) = 14259 ./strace-static-x86_64: Process 14259 attached [pid 14258] set_robust_list(0x555557145760, 24 [pid 14192] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 14258 [pid 14259] set_robust_list(0x555557145760, 24 [pid 14258] <... set_robust_list resumed>) = 0 [pid 14192] <... openat resumed>) = 4 [pid 14259] <... set_robust_list resumed>) = 0 [pid 14258] chdir("./85" [pid 14192] ioctl(4, LOOP_SET_FD, 3 [pid 14259] chdir("./85" [pid 14258] <... chdir resumed>) = 0 [pid 14259] <... chdir resumed>) = 0 [pid 14258] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14259] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14258] <... prctl resumed>) = 0 [pid 14258] setpgid(0, 0 [pid 14259] <... prctl resumed>) = 0 [pid 14258] <... setpgid resumed>) = 0 [pid 14259] setpgid(0, 0 [pid 14258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14259] <... setpgid resumed>) = 0 [pid 14258] write(3, "1000", 4 [pid 14259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14258] <... write resumed>) = 4 [pid 14258] close(3 [pid 14259] <... openat resumed>) = 3 [pid 14258] <... close resumed>) = 0 [pid 14259] write(3, "1000", 4 [pid 14258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14258] memfd_create("syzkaller", 0 [pid 14259] <... write resumed>) = 4 [pid 14258] <... memfd_create resumed>) = 3 [pid 14259] close(3 [pid 14258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14259] <... close resumed>) = 0 [ 258.886965][T14202] BTRFS: device /dev/loop2 using temp-fsid e9515277-5c6c-4046-9740-2e777f0624e7 [ 258.897835][T14187] BTRFS info (device loop3): rebuilding free space tree [ 258.906253][T14167] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 258.915083][T14192] loop0: detected capacity change from 0 to 32768 [ 258.918771][T14202] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14202) [pid 14259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14259] memfd_create("syzkaller", 0 [pid 14192] <... ioctl resumed>) = 0 [pid 14192] close(3) = 0 [pid 14192] mkdir("./file0", 0777 [pid 14259] <... memfd_create resumed>) = 3 [pid 14192] <... mkdir resumed>) = 0 [pid 14192] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 258.952814][T14167] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 258.971537][T14187] BTRFS info (device loop3): disabling free space tree [ 258.978442][T14187] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 259.000984][T14192] BTRFS: device /dev/loop0 using temp-fsid f66a026a-a04d-45ad-ba22-be7550175482 [ 259.012964][T14202] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 259.024020][T14167] BTRFS info (device loop1): checking UUID tree [ 259.032636][T14192] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14192) [pid 14167] <... mount resumed>) = 0 [pid 14167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 259.048930][T14202] BTRFS info (device loop2): force clearing of disk cache [ 259.056053][T14202] BTRFS info (device loop2): setting nodatasum [ 259.062822][T14187] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 259.081109][T14202] BTRFS info (device loop2): allowing degraded mounts [ 259.087882][T14202] BTRFS info (device loop2): enabling disk space caching [pid 14167] chdir("./file0") = 0 [pid 14167] ioctl(4, LOOP_CLR_FD) = 0 [pid 14167] close(4) = 0 [pid 14167] open("./file0", O_RDONLY) = 4 [pid 14167] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14167] open("./file0", O_RDONLY) = 5 [ 259.095301][T14192] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 259.108051][T14187] BTRFS info (device loop3): checking UUID tree [ 259.121080][T14192] BTRFS info (device loop0): force clearing of disk cache [ 259.130549][T14192] BTRFS info (device loop0): setting nodatasum [ 259.137075][T14192] BTRFS info (device loop0): allowing degraded mounts [pid 14167] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14187] <... mount resumed>) = 0 [pid 14167] <... ioctl resumed>) = 0 [pid 14187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [ 259.168586][T14202] BTRFS info (device loop2): disk space caching is enabled [ 259.176857][T14192] BTRFS info (device loop0): enabling disk space caching [pid 14167] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14187] <... openat resumed>) = 3 [pid 14167] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14167] exit_group(0 [pid 14187] chdir("./file0") = 0 [pid 14167] <... exit_group resumed>) = ? [pid 14187] ioctl(4, LOOP_CLR_FD) = 0 [pid 14187] close(4) = 0 [pid 14167] +++ exited with 0 +++ [pid 14187] open("./file0", O_RDONLY) = 4 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14167, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 14187] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./84/binderfs") = 0 [ 259.212761][T14192] BTRFS info (device loop0): disk space caching is enabled [ 259.229436][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14187] <... ioctl resumed>) = 0 [pid 14187] open("./file0", O_RDONLY) = 5 [pid 14187] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14187] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14187] exit_group(0) = ? [pid 14187] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14187, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=41 /* 0.41 s */} --- [pid 5067] umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... umount2 resumed>) = 0 [pid 5067] umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 259.346425][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 259.346616][T14192] BTRFS info (device loop0): enabling ssd optimizations [ 259.362658][T14192] BTRFS info (device loop0): auto enabling async discard [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./84/file0", [pid 5067] unlink("./84/binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5065] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./84/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./84") = 0 [pid 5065] mkdir("./85", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14296 attached [pid 14296] set_robust_list(0x555557145760, 24) = 0 [pid 14296] chdir("./85") = 0 [pid 14296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 14296 [pid 14296] <... prctl resumed>) = 0 [pid 14296] setpgid(0, 0) = 0 [pid 14296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14296] write(3, "1000", 4) = 4 [pid 14296] close(3) = 0 [pid 14296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14296] memfd_create("syzkaller", 0) = 3 [pid 14296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14202] <... mount resumed>) = 0 [pid 14192] <... mount resumed>) = 0 [pid 14202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14202] <... openat resumed>) = 3 [pid 14192] <... openat resumed>) = 3 [pid 14192] chdir("./file0") = 0 [pid 14192] ioctl(4, LOOP_CLR_FD [pid 14202] chdir("./file0" [pid 14192] <... ioctl resumed>) = 0 [pid 14202] <... chdir resumed>) = 0 [pid 14192] close(4 [pid 14202] ioctl(4, LOOP_CLR_FD) = 0 [pid 14202] close(4 [pid 14192] <... close resumed>) = 0 [pid 14296] <... mmap resumed>) = 0x7fda9371b000 [pid 14202] <... close resumed>) = 0 [pid 14192] open("./file0", O_RDONLY [pid 14202] open("./file0", O_RDONLY [pid 14192] <... open resumed>) = 4 [pid 14202] <... open resumed>) = 4 [pid 14192] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14202] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14202] <... ioctl resumed>) = 0 [pid 14202] open("./file0", O_RDONLY [pid 14192] <... ioctl resumed>) = 0 [pid 14202] <... open resumed>) = 5 [pid 14192] open("./file0", O_RDONLY) = 5 [pid 14192] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14202] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14192] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14192] exit_group(0) = ? [pid 14192] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14192, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5064] umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14202] <... ioctl resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 14202] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5064] newfstatat(3, "", [pid 14202] exit_group(0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14202] <... exit_group resumed>) = ? [pid 5064] getdents64(3, [pid 14202] +++ exited with 0 +++ [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14202, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... openat resumed>) = 3 [pid 5064] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./83/binderfs") = 0 [pid 5064] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./85/binderfs") = 0 [pid 5066] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./84/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./84") = 0 [pid 5067] mkdir("./85", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14297 ./strace-static-x86_64: Process 14297 attached [pid 14297] set_robust_list(0x555557145760, 24) = 0 [pid 14297] chdir("./85") = 0 [pid 14297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14297] setpgid(0, 0) = 0 [pid 14297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14297] write(3, "1000", 4) = 4 [pid 14297] close(3) = 0 [pid 14297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14297] memfd_create("syzkaller", 0) = 3 [pid 14297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14258] <... write resumed>) = 16777216 [pid 14258] munmap(0x7fda9371b000, 138412032) = 0 [pid 14258] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5064] <... umount2 resumed>) = 0 [pid 14258] ioctl(4, LOOP_SET_FD, 3 [pid 5064] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 5066] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] close(4 [pid 5066] newfstatat(AT_FDCWD, "./85/file0", [pid 5064] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] rmdir("./83/file0" [pid 5066] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... rmdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, [pid 5066] openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", [pid 5064] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./83" [pid 5066] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] mkdir("./84", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14300 attached [pid 5066] getdents64(4, [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 14300 [pid 14300] set_robust_list(0x555557145760, 24 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14300] <... set_robust_list resumed>) = 0 [pid 5066] close(4 [pid 14300] chdir("./84") = 0 [pid 14300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14258] <... ioctl resumed>) = 0 [pid 14300] setpgid(0, 0) = 0 [pid 5066] <... close resumed>) = 0 [pid 14258] close(3 [pid 14300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14258] <... close resumed>) = 0 [pid 14258] mkdir("./file0", 0777 [pid 5066] rmdir("./85/file0" [pid 14258] <... mkdir resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 14258] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 259.945964][T14258] loop5: detected capacity change from 0 to 32768 [pid 5066] getdents64(3, [pid 14300] <... openat resumed>) = 3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14300] write(3, "1000", 4 [pid 5066] close(3 [pid 14300] <... write resumed>) = 4 [pid 5066] <... close resumed>) = 0 [pid 14300] close(3 [pid 5066] rmdir("./85" [pid 14300] <... close resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 14300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] mkdir("./86", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14300] memfd_create("syzkaller", 0 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 14300] <... memfd_create resumed>) = 3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 14301 ./strace-static-x86_64: Process 14301 attached [pid 14301] set_robust_list(0x555557145760, 24 [ 259.994073][T14258] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14258) [pid 14296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14301] <... set_robust_list resumed>) = 0 [pid 14301] chdir("./86") = 0 [pid 14301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14301] setpgid(0, 0) = 0 [pid 14301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14301] write(3, "1000", 4) = 4 [pid 14301] close(3) = 0 [pid 14301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14301] memfd_create("syzkaller", 0) = 3 [pid 14301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14259] <... write resumed>) = 16777216 [pid 14259] munmap(0x7fda9371b000, 138412032) = 0 [pid 14259] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 14259] ioctl(4, LOOP_SET_FD, 3) = 0 [ 260.429046][T14259] loop4: detected capacity change from 0 to 32768 [pid 14297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14259] close(3) = 0 [pid 14259] mkdir("./file0", 0777) = 0 [pid 14259] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14258] <... mount resumed>) = 0 [pid 14258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14258] chdir("./file0") = 0 [pid 14258] ioctl(4, LOOP_CLR_FD) = 0 [ 260.499863][T14259] BTRFS: device /dev/loop4 using temp-fsid f3e2619a-f432-4872-8e1b-ff6826697e93 [pid 14258] close(4) = 0 [pid 14258] open("./file0", O_RDONLY) = 4 [pid 14258] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14258] open("./file0", O_RDONLY) = 5 [ 260.543722][T14259] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14259) [pid 14258] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14258] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14258] exit_group(0) = ? [pid 14258] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14258, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14296] <... write resumed>) = 16777216 [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14296] munmap(0x7fda9371b000, 138412032 [pid 5069] unlink("./85/binderfs") = 0 [pid 14296] <... munmap resumed>) = 0 [pid 5069] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 14296] ioctl(4, LOOP_SET_FD, 3 [pid 14301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14296] <... ioctl resumed>) = 0 [pid 14296] close(3) = 0 [ 260.694204][T14296] loop1: detected capacity change from 0 to 32768 [pid 14296] mkdir("./file0", 0777) = 0 [ 260.744653][T14296] BTRFS: device /dev/loop1 using temp-fsid 9d3a4023-6c5e-448d-86a8-b3118e10ea2b [pid 14296] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14300] <... write resumed>) = 16777216 [pid 14300] munmap(0x7fda9371b000, 138412032) = 0 [pid 14300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 14300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14300] close(3) = 0 [pid 14300] mkdir("./file0", 0777) = 0 [ 260.811342][T14296] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14296) [ 260.832272][T14300] loop0: detected capacity change from 0 to 32768 [pid 14300] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 260.859650][T14300] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14300) [pid 14297] <... write resumed>) = 16777216 [pid 5069] openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14297] munmap(0x7fda9371b000, 138412032 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14297] <... munmap resumed>) = 0 [pid 5069] close(4 [pid 14297] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] <... close resumed>) = 0 [pid 14297] <... openat resumed>) = 4 [pid 5069] rmdir("./85/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 14297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] rmdir("./85") = 0 [pid 5069] mkdir("./86", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 14259] <... mount resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 14259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] ioctl(3, LOOP_CLR_FD [pid 14259] <... openat resumed>) = 3 [pid 5069] <... ioctl resumed>) = 0 [pid 14259] chdir("./file0" [pid 5069] close(3 [pid 14259] <... chdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 14259] ioctl(4, LOOP_CLR_FD [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14354 attached [pid 14259] <... ioctl resumed>) = 0 [pid 14354] set_robust_list(0x555557145760, 24 [pid 14259] close(4) = 0 [pid 14259] open("./file0", O_RDONLY) = 4 [pid 14354] <... set_robust_list resumed>) = 0 [pid 14259] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14354] chdir("./86") = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 14354 [pid 14354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14297] close(3 [pid 14354] setpgid(0, 0 [pid 14297] <... close resumed>) = 0 [pid 14354] <... setpgid resumed>) = 0 [pid 14297] mkdir("./file0", 0777 [pid 14354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14297] <... mkdir resumed>) = 0 [pid 14259] <... ioctl resumed>) = 0 [ 260.960950][T14297] loop3: detected capacity change from 0 to 32768 [pid 14259] open("./file0", O_RDONLY [pid 14354] write(3, "1000", 4 [pid 14297] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14354] <... write resumed>) = 4 [pid 14259] <... open resumed>) = 5 [pid 14354] close(3 [pid 14259] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14354] <... close resumed>) = 0 [pid 14354] symlink("/dev/binderfs", "./binderfs" [pid 14259] <... ioctl resumed>) = 0 [pid 14354] <... symlink resumed>) = 0 [pid 14259] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14354] memfd_create("syzkaller", 0 [pid 14259] exit_group(0 [pid 14354] <... memfd_create resumed>) = 3 [pid 14259] <... exit_group resumed>) = ? [pid 14354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14259] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14259, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- [pid 5068] umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 261.030013][T14297] BTRFS: device /dev/loop3 using temp-fsid 446c70c2-5872-40d6-bdf9-c4c95e644af5 [ 261.039288][T14297] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14297) [pid 5068] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./85/binderfs") = 0 [pid 5068] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14296] <... mount resumed>) = 0 [pid 14296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14296] chdir("./file0") = 0 [pid 14296] ioctl(4, LOOP_CLR_FD) = 0 [pid 14296] close(4) = 0 [pid 14296] open("./file0", O_RDONLY [pid 14300] <... mount resumed>) = 0 [pid 14296] <... open resumed>) = 4 [pid 14300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14296] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14300] <... openat resumed>) = 3 [pid 14300] chdir("./file0") = 0 [pid 14300] ioctl(4, LOOP_CLR_FD) = 0 [pid 14300] close(4) = 0 [pid 14300] open("./file0", O_RDONLY) = 4 [pid 14296] <... ioctl resumed>) = 0 [pid 14296] open("./file0", O_RDONLY) = 5 [pid 14296] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14300] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14296] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14300] <... ioctl resumed>) = 0 [pid 14296] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14296] exit_group(0 [pid 14300] open("./file0", O_RDONLY [pid 14296] <... exit_group resumed>) = ? [pid 14300] <... open resumed>) = 5 [pid 14296] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14296, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [pid 14300] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14300] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", [pid 14300] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 14301] <... write resumed>) = 16777216 [pid 14300] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14301] munmap(0x7fda9371b000, 138412032 [pid 14300] exit_group(0 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14300] <... exit_group resumed>) = ? [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5068] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14300] +++ exited with 0 +++ [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./85/binderfs" [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14300, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [pid 5068] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... unlink resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", [pid 5064] umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14301] <... munmap resumed>) = 0 [pid 14297] <... mount resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14301] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14301] <... openat resumed>) = 4 [pid 14297] <... openat resumed>) = 3 [pid 5068] getdents64(4, [pid 5064] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14297] chdir("./file0") = 0 [pid 14297] ioctl(4, LOOP_CLR_FD [pid 5064] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] newfstatat(3, "", [pid 14297] <... ioctl resumed>) = 0 [pid 14297] close(4) = 0 [pid 14297] open("./file0", O_RDONLY) = 4 [pid 14297] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 14301] ioctl(4, LOOP_SET_FD, 3 [pid 5068] getdents64(4, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./84/binderfs" [pid 5068] <... close resumed>) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 5068] rmdir("./85/file0" [pid 5064] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./85") = 0 [pid 5068] mkdir("./86", 0777 [pid 14297] <... ioctl resumed>) = 0 [pid 14297] open("./file0", O_RDONLY) = 5 [pid 14297] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] <... mkdir resumed>) = 0 [pid 14297] <... ioctl resumed>) = 0 [pid 14297] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14297] exit_group(0) = ? [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 14297] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14297, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5068] <... openat resumed>) = 3 [pid 5067] umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] <... openat resumed>) = 3 [pid 5068] <... ioctl resumed>) = 0 [pid 5067] newfstatat(3, "", [pid 5068] close(3 [pid 14301] <... ioctl resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] getdents64(3, [pid 14301] close(3 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 14386 [pid 14301] <... close resumed>) = 0 ./strace-static-x86_64: Process 14386 attached [pid 14386] set_robust_list(0x555557145760, 24) = 0 [ 261.389292][T14301] loop2: detected capacity change from 0 to 32768 [pid 14386] chdir("./86" [pid 14301] mkdir("./file0", 0777 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14386] <... chdir resumed>) = 0 [pid 14386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14386] setpgid(0, 0) = 0 [pid 14301] <... mkdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14301] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] newfstatat(AT_FDCWD, "./85/binderfs", [pid 14386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./85/binderfs" [pid 14386] <... openat resumed>) = 3 [pid 5067] <... unlink resumed>) = 0 [pid 14386] write(3, "1000", 4 [pid 5067] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14386] <... write resumed>) = 4 [pid 14386] close(3) = 0 [pid 14386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14386] memfd_create("syzkaller", 0) = 3 [pid 14386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 261.457496][T14301] BTRFS: device /dev/loop2 using temp-fsid d7ccc794-7226-425f-98e3-537b41ae4799 [ 261.528110][T14301] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14301) [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5065] newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] newfstatat(4, "", [pid 5065] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5065] openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./85/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./85") = 0 [pid 5065] mkdir("./86", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] getdents64(4, [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 14396 ./strace-static-x86_64: Process 14396 attached [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 14396] set_robust_list(0x555557145760, 24 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14396] <... set_robust_list resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14396] chdir("./86" [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] rmdir("./84/file0" [pid 14396] <... chdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 14396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 14396] <... prctl resumed>) = 0 [pid 5064] getdents64(3, [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./85/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./85") = 0 [pid 5067] mkdir("./86", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14398 ./strace-static-x86_64: Process 14398 attached [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14396] setpgid(0, 0 [pid 5064] close(3 [pid 14396] <... setpgid resumed>) = 0 [pid 14398] set_robust_list(0x555557145760, 24) = 0 [pid 14398] chdir("./86") = 0 [pid 14398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14398] setpgid(0, 0) = 0 [pid 14398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14398] write(3, "1000", 4 [pid 14396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... close resumed>) = 0 [pid 14398] <... write resumed>) = 4 [pid 14396] <... openat resumed>) = 3 [pid 14398] close(3 [pid 14396] write(3, "1000", 4 [pid 5064] rmdir("./84" [pid 14396] <... write resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 14396] close(3) = 0 [pid 5064] mkdir("./85", 0777 [pid 14398] <... close resumed>) = 0 [pid 14396] symlink("/dev/binderfs", "./binderfs" [pid 14398] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... mkdir resumed>) = 0 [pid 14396] <... symlink resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 14398] <... symlink resumed>) = 0 [pid 14396] memfd_create("syzkaller", 0 [pid 5064] <... openat resumed>) = 3 [pid 14398] memfd_create("syzkaller", 0 [pid 14396] <... memfd_create resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 14396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5064] close(3 [pid 14396] <... mmap resumed>) = 0x7fda9371b000 [pid 14398] <... memfd_create resumed>) = 3 [pid 14398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... close resumed>) = 0 [pid 14398] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14402 ./strace-static-x86_64: Process 14402 attached [pid 14402] set_robust_list(0x555557145760, 24) = 0 [pid 14402] chdir("./85") = 0 [pid 14402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14402] setpgid(0, 0) = 0 [pid 14402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14402] write(3, "1000", 4) = 4 [pid 14402] close(3) = 0 [pid 14402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14402] memfd_create("syzkaller", 0) = 3 [pid 14402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 261.888843][T14301] _btrfs_printk: 90 callbacks suppressed [ 261.888858][T14301] BTRFS info (device loop2): enabling ssd optimizations [ 261.958741][T14301] BTRFS info (device loop2): auto enabling async discard [pid 14402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14354] <... write resumed>) = 16777216 [ 262.005855][T14301] BTRFS info (device loop2): rebuilding free space tree [pid 14354] munmap(0x7fda9371b000, 138412032) = 0 [pid 14354] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 262.065683][T14301] BTRFS info (device loop2): disabling free space tree [ 262.113493][T14301] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 262.113753][T14354] loop5: detected capacity change from 0 to 32768 [pid 14354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14354] close(3) = 0 [pid 14354] mkdir("./file0", 0777) = 0 [ 262.161685][T14301] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 262.197189][T14354] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14354) [pid 14354] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14301] <... mount resumed>) = 0 [pid 14301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 262.261196][T14301] BTRFS info (device loop2): checking UUID tree [ 262.295046][T14354] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14301] chdir("./file0") = 0 [pid 14301] ioctl(4, LOOP_CLR_FD) = 0 [pid 14301] close(4) = 0 [pid 14301] open("./file0", O_RDONLY) = 4 [pid 14301] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14301] open("./file0", O_RDONLY) = 5 [pid 14301] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14301] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14301] exit_group(0) = ? [pid 14301] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14301, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5066] umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 262.328798][T14354] BTRFS info (device loop5): force clearing of disk cache [ 262.335937][T14354] BTRFS info (device loop5): setting nodatasum [pid 5066] unlink("./86/binderfs") = 0 [ 262.387484][T14354] BTRFS info (device loop5): allowing degraded mounts [ 262.424979][T14354] BTRFS info (device loop5): enabling disk space caching [ 262.448795][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 262.478879][T14354] BTRFS info (device loop5): disk space caching is enabled [pid 5066] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5066] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./86/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./86") = 0 [pid 5066] mkdir("./87", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14424 attached [pid 14424] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 14424 [ 262.679733][T14354] BTRFS info (device loop5): enabling ssd optimizations [ 262.692760][T14354] BTRFS info (device loop5): auto enabling async discard [pid 14424] <... set_robust_list resumed>) = 0 [pid 14424] chdir("./87") = 0 [pid 14424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14424] setpgid(0, 0 [pid 14398] <... write resumed>) = 16777216 [pid 14424] <... setpgid resumed>) = 0 [pid 14398] munmap(0x7fda9371b000, 138412032 [pid 14424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 262.729378][T14354] BTRFS info (device loop5): rebuilding free space tree [pid 14424] write(3, "1000", 4) = 4 [pid 14386] <... write resumed>) = 16777216 [pid 14424] close(3 [pid 14402] <... write resumed>) = 16777216 [pid 14398] <... munmap resumed>) = 0 [pid 14424] <... close resumed>) = 0 [pid 14424] symlink("/dev/binderfs", "./binderfs" [pid 14398] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 14424] <... symlink resumed>) = 0 [pid 14386] munmap(0x7fda9371b000, 138412032 [pid 14398] <... openat resumed>) = 4 [pid 14424] memfd_create("syzkaller", 0 [pid 14398] ioctl(4, LOOP_SET_FD, 3 [pid 14424] <... memfd_create resumed>) = 3 [pid 14402] munmap(0x7fda9371b000, 138412032 [pid 14424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14386] <... munmap resumed>) = 0 [pid 14398] <... ioctl resumed>) = 0 [ 262.774183][T14354] BTRFS info (device loop5): disabling free space tree [ 262.789064][T14354] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 262.804317][T14398] loop3: detected capacity change from 0 to 32768 [pid 14398] close(3 [pid 14386] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 14386] ioctl(4, LOOP_SET_FD, 3 [pid 14398] <... close resumed>) = 0 [pid 14398] mkdir("./file0", 0777) = 0 [pid 14402] <... munmap resumed>) = 0 [pid 14398] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 14402] ioctl(4, LOOP_SET_FD, 3 [pid 14386] <... ioctl resumed>) = 0 [pid 14386] close(3) = 0 [pid 14386] mkdir("./file0", 0777) = 0 [ 262.822691][T14386] loop4: detected capacity change from 0 to 32768 [ 262.835464][T14354] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 262.842732][T14402] loop0: detected capacity change from 0 to 32768 [ 262.854933][T14398] BTRFS: device /dev/loop3 using temp-fsid b3e0d453-4a00-41d2-bedf-a7b3298fb5cf [pid 14386] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14402] <... ioctl resumed>) = 0 [pid 14402] close(3) = 0 [pid 14402] mkdir("./file0", 0777) = 0 [ 262.881444][T14398] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14398) [ 262.908422][T14354] BTRFS info (device loop5): checking UUID tree [pid 14402] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14354] <... mount resumed>) = 0 [pid 14354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14354] chdir("./file0" [pid 14396] <... write resumed>) = 16777216 [ 262.938515][T14386] BTRFS: device /dev/loop4 using temp-fsid bf90a550-e03a-43c1-8a01-b7ad312893e5 [ 262.951970][T14398] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14396] munmap(0x7fda9371b000, 138412032 [pid 14354] <... chdir resumed>) = 0 [pid 14396] <... munmap resumed>) = 0 [pid 14354] ioctl(4, LOOP_CLR_FD [pid 14396] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 14354] <... ioctl resumed>) = 0 [pid 14396] <... openat resumed>) = 4 [ 262.985131][T14398] BTRFS info (device loop3): force clearing of disk cache [ 262.985322][T14386] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14386) [ 262.998768][T14398] BTRFS info (device loop3): setting nodatasum [ 263.028782][T14398] BTRFS info (device loop3): allowing degraded mounts [pid 14396] ioctl(4, LOOP_SET_FD, 3 [pid 14354] close(4) = 0 [pid 14396] <... ioctl resumed>) = 0 [pid 14354] open("./file0", O_RDONLY) = 4 [pid 14396] close(3) = 0 [pid 14354] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14396] mkdir("./file0", 0777 [pid 14354] <... ioctl resumed>) = 0 [ 263.035968][T14396] loop1: detected capacity change from 0 to 32768 [ 263.042927][T14398] BTRFS info (device loop3): enabling disk space caching [ 263.050458][T14398] BTRFS info (device loop3): disk space caching is enabled [pid 14354] open("./file0", O_RDONLY) = 5 [pid 14424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14396] <... mkdir resumed>) = 0 [pid 14354] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14396] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14354] <... ioctl resumed>) = 0 [pid 14354] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 263.094423][T14402] BTRFS: device /dev/loop0 using temp-fsid 52b4044f-5090-48a4-b5d4-9494640a893f [ 263.104860][T14386] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 263.131296][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 14354] exit_group(0) = ? [pid 14354] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14354, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 5069] umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 263.149625][T14402] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14402) [ 263.169070][T14386] BTRFS info (device loop4): force clearing of disk cache [ 263.176188][T14386] BTRFS info (device loop4): setting nodatasum [pid 5069] umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./86/binderfs") = 0 [ 263.219370][T14386] BTRFS info (device loop4): allowing degraded mounts [ 263.220294][T14396] BTRFS: device /dev/loop1 using temp-fsid 53372a20-d9f8-4ef8-9795-4a2d8641f7c8 [ 263.226131][T14386] BTRFS info (device loop4): enabling disk space caching [ 263.226148][T14386] BTRFS info (device loop4): disk space caching is enabled [ 263.238116][T14402] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 263.299941][T14402] BTRFS info (device loop0): force clearing of disk cache [ 263.307724][T14396] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14396) [ 263.325132][T14402] BTRFS info (device loop0): setting nodatasum [ 263.335609][T14402] BTRFS info (device loop0): allowing degraded mounts [ 263.342700][T14402] BTRFS info (device loop0): enabling disk space caching [pid 5069] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 263.350008][T14402] BTRFS info (device loop0): disk space caching is enabled [ 263.357309][T14396] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 263.369700][T14396] BTRFS info (device loop1): force clearing of disk cache [ 263.378530][T14396] BTRFS info (device loop1): setting nodatasum [ 263.385858][T14398] BTRFS info (device loop3): enabling ssd optimizations [ 263.387199][T14396] BTRFS info (device loop1): allowing degraded mounts [pid 5069] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 263.405044][T14398] BTRFS info (device loop3): auto enabling async discard [ 263.423270][T14396] BTRFS info (device loop1): enabling disk space caching [ 263.436618][T14386] BTRFS info (device loop4): enabling ssd optimizations [pid 5069] close(4) = 0 [pid 5069] rmdir("./86/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./86") = 0 [pid 5069] mkdir("./87", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14469 ./strace-static-x86_64: Process 14469 attached [pid 14469] set_robust_list(0x555557145760, 24) = 0 [ 263.454404][T14398] BTRFS info (device loop3): rebuilding free space tree [ 263.462966][T14396] BTRFS info (device loop1): disk space caching is enabled [ 263.478775][T14386] BTRFS info (device loop4): auto enabling async discard [pid 14469] chdir("./87") = 0 [pid 14469] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14424] <... write resumed>) = 16777216 [pid 14469] <... prctl resumed>) = 0 [pid 14469] setpgid(0, 0) = 0 [ 263.511082][T14386] BTRFS info (device loop4): rebuilding free space tree [ 263.519575][T14398] BTRFS info (device loop3): disabling free space tree [ 263.540099][T14398] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 263.551346][T14398] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14424] munmap(0x7fda9371b000, 138412032 [pid 14469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14424] <... munmap resumed>) = 0 [pid 14469] <... openat resumed>) = 3 [pid 14424] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 14424] ioctl(4, LOOP_SET_FD, 3 [pid 14469] write(3, "1000", 4) = 4 [pid 14469] close(3) = 0 [pid 14469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14424] <... ioctl resumed>) = 0 [pid 14424] close(3) = 0 [pid 14424] mkdir("./file0", 0777) = 0 [ 263.555688][T14386] BTRFS info (device loop4): disabling free space tree [ 263.562590][T14424] loop2: detected capacity change from 0 to 32768 [ 263.578470][T14402] BTRFS info (device loop0): enabling ssd optimizations [ 263.585660][T14386] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 263.586494][T14398] BTRFS info (device loop3): checking UUID tree [ 263.597910][T14386] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14424] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14469] memfd_create("syzkaller", 0) = 3 [pid 14469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14398] <... mount resumed>) = 0 [pid 14398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14469] <... mmap resumed>) = 0x7fda9371b000 [pid 14398] <... openat resumed>) = 3 [pid 14398] chdir("./file0") = 0 [pid 14398] ioctl(4, LOOP_CLR_FD) = 0 [pid 14398] close(4) = 0 [pid 14398] open("./file0", O_RDONLY) = 4 [ 263.608737][T14402] BTRFS info (device loop0): auto enabling async discard [ 263.611993][T14424] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14424) [ 263.620076][T14402] BTRFS info (device loop0): rebuilding free space tree [ 263.655459][T14402] BTRFS info (device loop0): disabling free space tree [ 263.668947][T14402] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 263.678206][T14386] BTRFS info (device loop4): checking UUID tree [ 263.679539][T14402] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14398] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14398] open("./file0", O_RDONLY) = 5 [pid 14398] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14398] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14398] exit_group(0) = ? [pid 14398] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14398, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 263.705320][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./86/binderfs") = 0 [ 263.741464][T14424] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 263.769653][T14396] BTRFS info (device loop1): enabling ssd optimizations [ 263.776619][T14396] BTRFS info (device loop1): auto enabling async discard [pid 5067] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14386] <... mount resumed>) = 0 [pid 14386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14386] chdir("./file0") = 0 [pid 14386] ioctl(4, LOOP_CLR_FD) = 0 [pid 14386] close(4) = 0 [pid 14386] open("./file0", O_RDONLY) = 4 [pid 14386] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14386] open("./file0", O_RDONLY) = 5 [ 263.786398][T14402] BTRFS info (device loop0): checking UUID tree [ 263.800725][T14424] BTRFS info (device loop2): force clearing of disk cache [ 263.829876][T14424] BTRFS info (device loop2): setting nodatasum [pid 14386] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14386] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14386] exit_group(0) = ? [pid 14386] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14386, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- [pid 14402] <... mount resumed>) = 0 [pid 14402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14402] chdir("./file0" [pid 5068] umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14402] <... chdir resumed>) = 0 [pid 14402] ioctl(4, LOOP_CLR_FD [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14402] <... ioctl resumed>) = 0 [ 263.836047][T14424] BTRFS info (device loop2): allowing degraded mounts [ 263.857923][T14396] BTRFS info (device loop1): rebuilding free space tree [ 263.860029][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 14402] close(4) = 0 [pid 5068] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 14402] open("./file0", O_RDONLY) = 4 [pid 5068] newfstatat(3, "", [pid 5067] <... umount2 resumed>) = 0 [pid 14402] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./86/binderfs", [pid 5067] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] unlink("./86/binderfs" [pid 5067] openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] <... unlink resumed>) = 0 [pid 5067] newfstatat(4, "", [pid 5068] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 263.893243][T14424] BTRFS info (device loop2): enabling disk space caching [ 263.922299][T14396] BTRFS info (device loop1): disabling free space tree [ 263.929178][T14424] BTRFS info (device loop2): disk space caching is enabled [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14402] <... ioctl resumed>) = 0 [pid 14402] open("./file0", O_RDONLY [pid 5067] close(4) = 0 [pid 14402] <... open resumed>) = 5 [pid 5067] rmdir("./86/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 14402] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./86" [pid 14402] <... ioctl resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./87", 0777 [pid 14402] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 14402] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... openat resumed>) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 14402] exit_group(0 [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3 [pid 14402] <... exit_group resumed>) = ? [pid 14402] +++ exited with 0 +++ [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14402, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- [pid 5064] umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 263.970889][T14396] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 14500 [pid 5064] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 14500 attached [pid 14469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14500] set_robust_list(0x555557145760, 24) = 0 [pid 14500] chdir("./87") = 0 [pid 14500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14500] setpgid(0, 0) = 0 [pid 14500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14500] write(3, "1000", 4) = 4 [ 264.017069][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 14500] close(3) = 0 [pid 14500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] getdents64(3, [pid 14500] memfd_create("syzkaller", 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14500] <... memfd_create resumed>) = 3 [pid 5064] umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14500] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./85/binderfs") = 0 [ 264.065208][T14396] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 264.162333][T14424] BTRFS info (device loop2): enabling ssd optimizations [ 264.169572][T14424] BTRFS info (device loop2): auto enabling async discard [ 264.180458][T14396] BTRFS info (device loop1): checking UUID tree [ 264.180838][T14424] BTRFS info (device loop2): rebuilding free space tree [ 264.288432][T14424] BTRFS info (device loop2): disabling free space tree [pid 5064] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14396] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 14396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14396] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14396] chdir("./file0" [pid 5064] newfstatat(AT_FDCWD, "./85/file0", [pid 14396] <... chdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14396] ioctl(4, LOOP_CLR_FD) = 0 [ 264.338893][T14424] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 264.348559][T14424] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14396] close(4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14396] <... close resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14396] open("./file0", O_RDONLY [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./85/file0" [pid 14396] <... open resumed>) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 14396] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./85") = 0 [pid 5064] mkdir("./86", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14512 ./strace-static-x86_64: Process 14512 attached [pid 14512] set_robust_list(0x555557145760, 24) = 0 [pid 14512] chdir("./86") = 0 [pid 14512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14512] setpgid(0, 0) = 0 [pid 14512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14512] write(3, "1000", 4 [pid 14396] <... ioctl resumed>) = 0 [pid 14512] <... write resumed>) = 4 [pid 14396] open("./file0", O_RDONLY [pid 14512] close(3 [pid 14396] <... open resumed>) = 5 [pid 14512] <... close resumed>) = 0 [pid 14512] symlink("/dev/binderfs", "./binderfs" [pid 14396] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14512] <... symlink resumed>) = 0 [pid 14396] <... ioctl resumed>) = 0 [pid 14512] memfd_create("syzkaller", 0 [pid 14396] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 264.421078][T14424] BTRFS info (device loop2): checking UUID tree [pid 14396] exit_group(0) = ? [pid 14512] <... memfd_create resumed>) = 3 [pid 14512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14396] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14396, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=43 /* 0.43 s */} --- [pid 5065] umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./86/binderfs") = 0 [pid 5065] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14424] <... mount resumed>) = 0 [pid 14424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14424] chdir("./file0") = 0 [ 264.481574][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 14424] ioctl(4, LOOP_CLR_FD) = 0 [pid 14424] close(4) = 0 [pid 14424] open("./file0", O_RDONLY) = 4 [pid 14424] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14424] open("./file0", O_RDONLY) = 5 [pid 14424] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14424] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14424] exit_group(0) = ? [pid 14424] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14424, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [pid 5068] <... umount2 resumed>) = 0 [pid 5066] umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 264.619344][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] getdents64(3, [pid 5068] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... umount2 resumed>) = 0 [pid 5066] umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./87/binderfs") = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(AT_FDCWD, "./86/file0", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./86/file0", [pid 5068] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(4, "", [pid 5065] openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 5066] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] newfstatat(4, "", [pid 5068] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5065] close(4) = 0 [pid 5065] rmdir("./86/file0") = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./86/file0" [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./86" [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5068] close(3 [pid 5065] mkdir("./87", 0777 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./86" [pid 5065] <... mkdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] mkdir("./87", 0777 [pid 5065] <... openat resumed>) = 3 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5065] close(3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] <... close resumed>) = 0 [pid 5068] close(3 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14516 attached [pid 5068] <... close resumed>) = 0 [pid 14516] set_robust_list(0x555557145760, 24 [pid 14469] <... write resumed>) = 16777216 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 14516 [pid 14516] <... set_robust_list resumed>) = 0 [pid 14469] munmap(0x7fda9371b000, 138412032./strace-static-x86_64: Process 14517 attached [pid 14516] chdir("./87" [pid 5066] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14517] set_robust_list(0x555557145760, 24 [pid 14516] <... chdir resumed>) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 14517 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14517] <... set_robust_list resumed>) = 0 [pid 14516] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] newfstatat(AT_FDCWD, "./87/file0", [pid 14516] <... prctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14516] setpgid(0, 0 [pid 5066] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14517] chdir("./87" [pid 14516] <... setpgid resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14517] <... chdir resumed>) = 0 [pid 14517] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... openat resumed>) = 4 [pid 14517] <... prctl resumed>) = 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14517] setpgid(0, 0 [pid 14516] <... openat resumed>) = 3 [pid 5066] getdents64(4, [pid 14469] <... munmap resumed>) = 0 [pid 14469] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 14469] <... openat resumed>) = 4 [pid 14469] ioctl(4, LOOP_SET_FD, 3 [pid 14517] <... setpgid resumed>) = 0 [pid 14516] write(3, "1000", 4 [pid 14469] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14516] <... write resumed>) = 4 [pid 5066] close(4 [pid 14517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14516] close(3 [pid 5066] <... close resumed>) = 0 [pid 14516] <... close resumed>) = 0 [pid 5066] rmdir("./87/file0" [pid 14517] <... openat resumed>) = 3 [pid 14516] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, [pid 14517] write(3, "1000", 4 [pid 14516] <... symlink resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14517] <... write resumed>) = 4 [pid 14516] memfd_create("syzkaller", 0 [pid 5066] close(3 [pid 14517] close(3 [pid 14516] <... memfd_create resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 14517] <... close resumed>) = 0 [pid 14516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] rmdir("./87" [pid 14517] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... rmdir resumed>) = 0 [pid 14517] <... symlink resumed>) = 0 [pid 14516] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] mkdir("./88", 0777) = 0 [ 264.881046][T14469] loop5: detected capacity change from 0 to 32768 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14469] close(3 [pid 5066] <... openat resumed>) = 3 [pid 14517] memfd_create("syzkaller", 0 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 14469] <... close resumed>) = 0 [pid 14469] mkdir("./file0", 0777) = 0 [pid 14517] <... memfd_create resumed>) = 3 [pid 14469] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] close(3 [pid 14517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 14517] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14518 attached [ 264.962905][T14469] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14469) [pid 14518] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 14518 [pid 14518] chdir("./88") = 0 [pid 14518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14518] setpgid(0, 0) = 0 [pid 14518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14518] write(3, "1000", 4) = 4 [pid 14518] close(3) = 0 [pid 14518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14518] memfd_create("syzkaller", 0) = 3 [pid 14518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 265.014227][T14469] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 265.069934][T14469] BTRFS info (device loop5): force clearing of disk cache [ 265.102760][T14469] BTRFS info (device loop5): setting nodatasum [ 265.129927][T14469] BTRFS info (device loop5): allowing degraded mounts [ 265.165119][T14469] BTRFS info (device loop5): enabling disk space caching [ 265.189580][T14469] BTRFS info (device loop5): disk space caching is enabled [pid 14500] <... write resumed>) = 16777216 [pid 14500] munmap(0x7fda9371b000, 138412032) = 0 [ 265.301218][T14469] BTRFS info (device loop5): enabling ssd optimizations [ 265.308188][T14469] BTRFS info (device loop5): auto enabling async discard [pid 14500] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 14517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14500] <... openat resumed>) = 4 [pid 14500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14469] <... mount resumed>) = 0 [pid 14500] close(3 [pid 14469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14500] <... close resumed>) = 0 [pid 14500] mkdir("./file0", 0777) = 0 [pid 14469] <... openat resumed>) = 3 [pid 14500] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14469] chdir("./file0") = 0 [pid 14469] ioctl(4, LOOP_CLR_FD) = 0 [pid 14469] close(4) = 0 [ 265.395273][T14500] loop3: detected capacity change from 0 to 32768 [ 265.433649][T14500] BTRFS: device /dev/loop3 using temp-fsid 2b9e75d2-b929-44b3-939a-6259d96eafe6 [pid 14469] open("./file0", O_RDONLY) = 4 [pid 14469] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14469] open("./file0", O_RDONLY) = 5 [ 265.448935][T14500] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14500) [pid 14469] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14469] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14469] exit_group(0) = ? [pid 14469] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14469, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 14512] <... write resumed>) = 16777216 [pid 5069] umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 14512] munmap(0x7fda9371b000, 138412032) = 0 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14512] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] newfstatat(AT_FDCWD, "./87/binderfs", [pid 14512] <... openat resumed>) = 4 [pid 14512] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./87/binderfs") = 0 [pid 5069] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14512] <... ioctl resumed>) = 0 [pid 14512] close(3) = 0 [pid 14512] mkdir("./file0", 0777) = 0 [ 265.588959][T14512] loop0: detected capacity change from 0 to 32768 [ 265.638430][T14512] BTRFS: device /dev/loop0 using temp-fsid 31efc5d1-8b82-4f1c-bdcc-cefa401061ac [ 265.649290][T14512] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14512) [pid 14512] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14517] <... write resumed>) = 16777216 [pid 14516] <... write resumed>) = 16777216 [pid 5069] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14517] munmap(0x7fda9371b000, 138412032 [pid 5069] openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 14516] munmap(0x7fda9371b000, 138412032 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./87/file0") = 0 [pid 5069] getdents64(3, [pid 14517] <... munmap resumed>) = 0 [pid 14516] <... munmap resumed>) = 0 [pid 14500] <... mount resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14517] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 14500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] close(3 [pid 14517] <... openat resumed>) = 4 [pid 14500] <... openat resumed>) = 3 [pid 5069] <... close resumed>) = 0 [pid 14517] ioctl(4, LOOP_SET_FD, 3 [pid 14516] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 14500] chdir("./file0" [pid 5069] rmdir("./87" [pid 14500] <... chdir resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 14500] ioctl(4, LOOP_CLR_FD [pid 5069] mkdir("./88", 0777 [pid 14500] <... ioctl resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 14500] close(4 [pid 14516] <... openat resumed>) = 4 [pid 14500] <... close resumed>) = 0 [pid 14500] open("./file0", O_RDONLY) = 4 [pid 14500] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14517] <... ioctl resumed>) = 0 [pid 14516] ioctl(4, LOOP_SET_FD, 3 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 14517] close(3 [pid 5069] <... openat resumed>) = 3 [pid 14517] <... close resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 14517] mkdir("./file0", 0777 [pid 5069] <... ioctl resumed>) = 0 [pid 14517] <... mkdir resumed>) = 0 [pid 5069] close(3 [pid 14517] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14565 attached [pid 14516] <... ioctl resumed>) = 0 [pid 14516] close(3) = 0 [pid 14516] mkdir("./file0", 0777 [pid 14565] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 14565 [pid 14565] <... set_robust_list resumed>) = 0 [pid 14500] <... ioctl resumed>) = 0 [pid 14565] chdir("./88" [pid 14500] open("./file0", O_RDONLY) = 5 [pid 14500] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14565] <... chdir resumed>) = 0 [pid 14500] <... ioctl resumed>) = 0 [pid 14565] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14500] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14565] <... prctl resumed>) = 0 [pid 14500] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14565] setpgid(0, 0 [pid 14500] exit_group(0 [pid 14565] <... setpgid resumed>) = 0 [pid 14500] <... exit_group resumed>) = ? [pid 14565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14516] <... mkdir resumed>) = 0 [pid 14500] +++ exited with 0 +++ [pid 14565] <... openat resumed>) = 3 [pid 14516] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14500, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- [pid 14565] write(3, "1000", 4 [ 265.826274][T14517] loop4: detected capacity change from 0 to 32768 [ 265.841685][T14516] loop1: detected capacity change from 0 to 32768 [ 265.853958][T14517] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14517) [pid 5067] umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14565] <... write resumed>) = 4 [pid 14518] <... write resumed>) = 16777216 [pid 14565] close(3 [pid 5067] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14565] <... close resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 14565] symlink("/dev/binderfs", "./binderfs" [pid 5067] newfstatat(3, "", [pid 14565] <... symlink resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14565] memfd_create("syzkaller", 0 [pid 5067] getdents64(3, [pid 14565] <... memfd_create resumed>) = 3 [pid 14565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14565] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./87/binderfs", [pid 14518] munmap(0x7fda9371b000, 138412032 [pid 14512] <... mount resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] unlink("./87/binderfs" [pid 14512] <... openat resumed>) = 3 [pid 14512] chdir("./file0") = 0 [pid 5067] <... unlink resumed>) = 0 [pid 14512] ioctl(4, LOOP_CLR_FD [pid 5067] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14512] <... ioctl resumed>) = 0 [pid 14512] close(4) = 0 [pid 14512] open("./file0", O_RDONLY) = 4 [pid 14512] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14512] open("./file0", O_RDONLY) = 5 [pid 14512] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14518] <... munmap resumed>) = 0 [pid 14518] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14512] <... ioctl resumed>) = 0 [pid 14518] <... openat resumed>) = 4 [pid 14518] ioctl(4, LOOP_SET_FD, 3 [pid 14512] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14512] exit_group(0) = ? [pid 14512] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14512, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 265.944609][T14516] BTRFS: device /dev/loop1 using temp-fsid aacef9b9-9e24-41d6-9076-c6df6d7881c5 [ 265.973450][T14516] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14516) [ 265.984751][T14518] loop2: detected capacity change from 0 to 32768 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./86/binderfs") = 0 [pid 5064] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14518] <... ioctl resumed>) = 0 [pid 14518] close(3) = 0 [pid 14518] mkdir("./file0", 0777) = 0 [pid 14518] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 266.093969][T14518] BTRFS: device /dev/loop2 using temp-fsid 9c93ab33-e89a-4a36-819a-b3f144940a9d [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./87/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./87") = 0 [pid 5067] mkdir("./88", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14600 attached [pid 14517] <... mount resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 14600 [pid 14517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14600] set_robust_list(0x555557145760, 24 [pid 14517] <... openat resumed>) = 3 [pid 14600] <... set_robust_list resumed>) = 0 [pid 14517] chdir("./file0") = 0 [pid 14600] chdir("./88" [ 266.169006][T14518] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14518) [pid 14517] ioctl(4, LOOP_CLR_FD [pid 14600] <... chdir resumed>) = 0 [pid 14517] <... ioctl resumed>) = 0 [pid 14600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14600] setpgid(0, 0 [pid 14517] close(4 [pid 14600] <... setpgid resumed>) = 0 [pid 14600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14517] <... close resumed>) = 0 [pid 14600] <... openat resumed>) = 3 [pid 14517] open("./file0", O_RDONLY [pid 14600] write(3, "1000", 4 [pid 14517] <... open resumed>) = 4 [pid 14517] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14600] <... write resumed>) = 4 [pid 14600] close(3) = 0 [pid 14600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14517] <... ioctl resumed>) = 0 [pid 14600] memfd_create("syzkaller", 0 [pid 14517] open("./file0", O_RDONLY [pid 5064] <... umount2 resumed>) = 0 [pid 14600] <... memfd_create resumed>) = 3 [pid 14517] <... open resumed>) = 5 [pid 14600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14517] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14600] <... mmap resumed>) = 0x7fda9371b000 [pid 14517] <... ioctl resumed>) = 0 [pid 14517] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 5064] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14517] exit_group(0) = ? [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14517] +++ exited with 0 +++ [pid 5064] newfstatat(AT_FDCWD, "./86/file0", [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14517, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} --- [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] newfstatat(4, "", [pid 5068] umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] getdents64(4, [pid 5068] unlink("./87/binderfs") = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 14516] <... mount resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 14516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] rmdir("./86/file0" [pid 14516] <... openat resumed>) = 3 [pid 14516] chdir("./file0" [pid 5064] <... rmdir resumed>) = 0 [pid 14516] <... chdir resumed>) = 0 [pid 14516] ioctl(4, LOOP_CLR_FD [pid 5064] getdents64(3, [pid 14516] <... ioctl resumed>) = 0 [pid 14516] close(4 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14516] <... close resumed>) = 0 [pid 5064] close(3 [pid 14516] open("./file0", O_RDONLY) = 4 [pid 5064] <... close resumed>) = 0 [pid 14516] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] rmdir("./86") = 0 [pid 5064] mkdir("./87", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14516] <... ioctl resumed>) = 0 [pid 14516] open("./file0", O_RDONLY) = 5 [pid 14516] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}./strace-static-x86_64: Process 14617 attached [pid 14617] set_robust_list(0x555557145760, 24 [pid 14516] <... ioctl resumed>) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 14617 [pid 14617] <... set_robust_list resumed>) = 0 [pid 14516] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14617] chdir("./87" [pid 14516] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14617] <... chdir resumed>) = 0 [pid 14516] exit_group(0 [pid 14617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14516] <... exit_group resumed>) = ? [pid 14617] <... prctl resumed>) = 0 [pid 14516] +++ exited with 0 +++ [pid 14617] setpgid(0, 0) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14516, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- [pid 14617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14617] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", [pid 14617] write(3, "1000", 4) = 4 [pid 14617] close(3) = 0 [pid 14617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 14617] memfd_create("syzkaller", 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14617] <... memfd_create resumed>) = 3 [pid 5065] umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14617] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./87/binderfs") = 0 [pid 5065] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", [pid 14600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./87/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./87") = 0 [pid 5068] mkdir("./88", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14623 attached [pid 14518] <... mount resumed>) = 0 [pid 14518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 14623 [pid 14518] chdir("./file0") = 0 [pid 14518] ioctl(4, LOOP_CLR_FD) = 0 [pid 14623] set_robust_list(0x555557145760, 24 [pid 14518] close(4 [pid 14623] <... set_robust_list resumed>) = 0 [pid 14518] <... close resumed>) = 0 [pid 14623] chdir("./88" [pid 14518] open("./file0", O_RDONLY) = 4 [pid 14518] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14623] <... chdir resumed>) = 0 [pid 14623] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14518] <... ioctl resumed>) = 0 [pid 14518] open("./file0", O_RDONLY [pid 14623] <... prctl resumed>) = 0 [pid 14623] setpgid(0, 0 [pid 14518] <... open resumed>) = 5 [pid 14623] <... setpgid resumed>) = 0 [pid 14518] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14518] <... ioctl resumed>) = 0 [pid 14518] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14518] exit_group(0) = ? [pid 14518] +++ exited with 0 +++ [pid 14623] <... openat resumed>) = 3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14518, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- [pid 14623] write(3, "1000", 4) = 4 [pid 14623] close(3 [pid 5066] umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14623] <... close resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14623] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... openat resumed>) = 3 [pid 5066] newfstatat(3, "", [pid 14623] <... symlink resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14623] memfd_create("syzkaller", 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14623] <... memfd_create resumed>) = 3 [pid 5066] umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./88/binderfs") = 0 [pid 5066] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./87/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./87") = 0 [pid 5065] mkdir("./88", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14565] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 14625 attached [pid 14625] set_robust_list(0x555557145760, 24 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 14625 [pid 14625] <... set_robust_list resumed>) = 0 [pid 14625] chdir("./88") = 0 [pid 14565] munmap(0x7fda9371b000, 138412032 [pid 14625] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14565] <... munmap resumed>) = 0 [pid 14625] <... prctl resumed>) = 0 [pid 14625] setpgid(0, 0) = 0 [pid 14625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14565] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 14565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14625] write(3, "1000", 4) = 4 [pid 14625] close(3) = 0 [pid 14625] symlink("/dev/binderfs", "./binderfs" [pid 14565] close(3) = 0 [pid 14565] mkdir("./file0", 0777) = 0 [pid 14565] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14625] <... symlink resumed>) = 0 [ 266.929314][T14565] loop5: detected capacity change from 0 to 32768 [pid 14625] memfd_create("syzkaller", 0) = 3 [pid 14625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 266.976717][T14565] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14565) [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./88/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./88") = 0 [pid 5066] mkdir("./89", 0777) = 0 [ 267.068842][T14565] _btrfs_printk: 76 callbacks suppressed [ 267.068856][T14565] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [ 267.138788][T14565] BTRFS info (device loop5): force clearing of disk cache [ 267.145924][T14565] BTRFS info (device loop5): setting nodatasum [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 14626 ./strace-static-x86_64: Process 14626 attached [pid 14626] set_robust_list(0x555557145760, 24) = 0 [pid 14626] chdir("./89") = 0 [pid 14626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14626] setpgid(0, 0) = 0 [pid 14626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14626] write(3, "1000", 4) = 4 [pid 14600] <... write resumed>) = 16777216 [pid 14626] close(3) = 0 [pid 14626] symlink("/dev/binderfs", "./binderfs" [pid 14600] munmap(0x7fda9371b000, 138412032 [pid 14626] <... symlink resumed>) = 0 [ 267.228821][T14565] BTRFS info (device loop5): allowing degraded mounts [ 267.244484][T14565] BTRFS info (device loop5): enabling disk space caching [pid 14626] memfd_create("syzkaller", 0 [pid 14600] <... munmap resumed>) = 0 [pid 14626] <... memfd_create resumed>) = 3 [pid 14626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 267.285526][T14565] BTRFS info (device loop5): disk space caching is enabled [pid 14600] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 14600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14600] close(3) = 0 [pid 14600] mkdir("./file0", 0777) = 0 [pid 14600] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 267.349584][T14600] loop3: detected capacity change from 0 to 32768 [ 267.372401][T14600] BTRFS: device /dev/loop3 using temp-fsid d35066c0-90df-4bd2-b755-df4218ba7490 [ 267.458865][T14600] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14600) [ 267.524405][T14600] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 267.580091][T14600] BTRFS info (device loop3): force clearing of disk cache [ 267.602673][T14565] BTRFS info (device loop5): enabling ssd optimizations [ 267.645343][T14565] BTRFS info (device loop5): auto enabling async discard [ 267.653568][T14600] BTRFS info (device loop3): setting nodatasum [pid 14625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [ 267.689936][T14600] BTRFS info (device loop3): allowing degraded mounts [ 267.697652][T14565] BTRFS info (device loop5): rebuilding free space tree [pid 14625] munmap(0x7fda9371b000, 138412032) = 0 [pid 14625] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 267.735586][T14600] BTRFS info (device loop3): enabling disk space caching [ 267.750665][T14565] BTRFS info (device loop5): disabling free space tree [ 267.758266][T14625] loop1: detected capacity change from 0 to 32768 [ 267.770625][T14600] BTRFS info (device loop3): disk space caching is enabled [pid 14625] ioctl(4, LOOP_SET_FD, 3 [pid 14626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14625] <... ioctl resumed>) = 0 [pid 14617] <... write resumed>) = 16777216 [pid 14625] close(3) = 0 [pid 14625] mkdir("./file0", 0777) = 0 [ 267.772617][T14565] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 14625] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 267.808744][T14565] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 267.823544][T14625] BTRFS: device /dev/loop1 using temp-fsid 0438120b-ab96-4db3-9582-9462f74e691e [ 267.840096][T14625] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14625) [ 267.851813][T14617] loop0: detected capacity change from 0 to 32768 [pid 14617] munmap(0x7fda9371b000, 138412032) = 0 [pid 14617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 14617] ioctl(4, LOOP_SET_FD, 3 [pid 14623] <... write resumed>) = 16777216 [pid 14617] <... ioctl resumed>) = 0 [pid 14565] <... mount resumed>) = 0 [pid 14565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14623] munmap(0x7fda9371b000, 138412032 [pid 14565] <... openat resumed>) = 3 [pid 14565] chdir("./file0") = 0 [pid 14565] ioctl(4, LOOP_CLR_FD [pid 14617] close(3 [pid 14565] <... ioctl resumed>) = 0 [pid 14617] <... close resumed>) = 0 [pid 14565] close(4 [pid 14617] mkdir("./file0", 0777 [pid 14565] <... close resumed>) = 0 [pid 14617] <... mkdir resumed>) = 0 [pid 14565] open("./file0", O_RDONLY [pid 14617] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14623] <... munmap resumed>) = 0 [pid 14565] <... open resumed>) = 4 [ 267.853627][T14565] BTRFS info (device loop5): checking UUID tree [ 267.872747][T14625] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 267.895826][T14617] BTRFS: device /dev/loop0 using temp-fsid 0123a41c-9e4d-48f3-b58d-24f6bedee454 [pid 14565] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14623] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 14565] <... ioctl resumed>) = 0 [pid 14565] open("./file0", O_RDONLY) = 5 [pid 14565] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14623] ioctl(4, LOOP_SET_FD, 3 [pid 14565] <... ioctl resumed>) = 0 [pid 14565] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 267.912498][T14625] BTRFS info (device loop1): force clearing of disk cache [ 267.937538][T14623] loop4: detected capacity change from 0 to 32768 [ 267.950097][T14617] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14617) [pid 14565] exit_group(0) = ? [pid 14626] <... write resumed>) = 16777216 [pid 14623] <... ioctl resumed>) = 0 [pid 14565] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14565, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- [pid 5069] umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./88/binderfs") = 0 [pid 5069] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14626] munmap(0x7fda9371b000, 138412032 [pid 14623] close(3) = 0 [pid 14623] mkdir("./file0", 0777) = 0 [ 267.963142][T14625] BTRFS info (device loop1): setting nodatasum [ 267.981819][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 267.991295][T14625] BTRFS info (device loop1): allowing degraded mounts [ 268.005557][T14625] BTRFS info (device loop1): enabling disk space caching [pid 14623] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14626] <... munmap resumed>) = 0 [pid 14626] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 268.020797][T14623] BTRFS: device /dev/loop4 using temp-fsid 640e54b5-52a9-466f-b175-24c3135c3788 [ 268.033523][T14600] BTRFS info (device loop3): enabling ssd optimizations [ 268.041471][T14623] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14623) [ 268.041923][T14617] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14626] ioctl(4, LOOP_SET_FD, 3) = 0 [ 268.066646][T14625] BTRFS info (device loop1): disk space caching is enabled [ 268.075149][T14626] loop2: detected capacity change from 0 to 32768 [ 268.079221][T14600] BTRFS info (device loop3): auto enabling async discard [ 268.082622][T14617] BTRFS info (device loop0): force clearing of disk cache [ 268.096315][T14600] BTRFS info (device loop3): rebuilding free space tree [ 268.098000][T14617] BTRFS info (device loop0): setting nodatasum [ 268.110039][T14617] BTRFS info (device loop0): allowing degraded mounts [pid 14626] close(3) = 0 [pid 14626] mkdir("./file0", 0777) = 0 [ 268.110629][T14623] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 268.116800][T14617] BTRFS info (device loop0): enabling disk space caching [ 268.136883][T14626] BTRFS: device /dev/loop2 using temp-fsid 47cba94e-66fc-4eae-97c6-69ed8ecb80b8 [ 268.150735][T14623] BTRFS info (device loop4): force clearing of disk cache [ 268.155167][T14600] BTRFS info (device loop3): disabling free space tree [ 268.157888][T14623] BTRFS info (device loop4): setting nodatasum [ 268.164850][T14600] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 268.179672][T14617] BTRFS info (device loop0): disk space caching is enabled [ 268.192981][T14626] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14626) [ 268.193493][T14600] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14626] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14600] <... mount resumed>) = 0 [pid 14600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14600] chdir("./file0") = 0 [pid 14600] ioctl(4, LOOP_CLR_FD) = 0 [pid 14600] close(4) = 0 [pid 14600] open("./file0", O_RDONLY) = 4 [pid 14600] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14600] open("./file0", O_RDONLY) = 5 [pid 14600] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14600] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14600] exit_group(0) = ? [pid 14600] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14600, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=40 /* 0.40 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 268.222525][T14600] BTRFS info (device loop3): checking UUID tree [ 268.235044][T14623] BTRFS info (device loop4): allowing degraded mounts [ 268.241919][T14623] BTRFS info (device loop4): enabling disk space caching [ 268.252177][T14623] BTRFS info (device loop4): disk space caching is enabled [pid 5067] umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./88/binderfs") = 0 [pid 5067] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 268.332311][T14626] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 268.342599][T14617] BTRFS info (device loop0): enabling ssd optimizations [ 268.349916][T14623] BTRFS info (device loop4): enabling ssd optimizations [ 268.352226][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 268.356862][T14623] BTRFS info (device loop4): auto enabling async discard [ 268.357214][T14625] BTRFS info (device loop1): enabling ssd optimizations [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./88/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./88") = 0 [pid 5069] mkdir("./89", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14706 [ 268.381627][T14617] BTRFS info (device loop0): auto enabling async discard [ 268.386355][T14626] BTRFS info (device loop2): force clearing of disk cache [ 268.391931][T14623] BTRFS info (device loop4): rebuilding free space tree [ 268.420560][T14617] BTRFS info (device loop0): rebuilding free space tree ./strace-static-x86_64: Process 14706 attached [pid 14706] set_robust_list(0x555557145760, 24) = 0 [pid 14706] chdir("./89") = 0 [pid 14706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 268.432783][T14626] BTRFS info (device loop2): setting nodatasum [ 268.451671][T14617] BTRFS info (device loop0): disabling free space tree [ 268.460298][T14625] BTRFS info (device loop1): auto enabling async discard [ 268.469405][T14617] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 14706] setpgid(0, 0) = 0 [pid 14706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14706] write(3, "1000", 4 [pid 5067] <... umount2 resumed>) = 0 [pid 14706] <... write resumed>) = 4 [pid 5067] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14706] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14706] <... close resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./88/file0", [ 268.479372][T14623] BTRFS info (device loop4): disabling free space tree [ 268.479386][T14626] BTRFS info (device loop2): allowing degraded mounts [ 268.486252][T14623] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 268.497587][T14617] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 268.516026][T14625] BTRFS info (device loop1): rebuilding free space tree [ 268.525725][T14626] BTRFS info (device loop2): enabling disk space caching [pid 14706] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14706] <... symlink resumed>) = 0 [pid 5067] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14706] memfd_create("syzkaller", 0) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 14706] <... mmap resumed>) = 0x7fda9371b000 [ 268.540467][T14625] BTRFS info (device loop1): disabling free space tree [ 268.542846][T14623] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 268.547815][T14625] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 268.559640][T14626] BTRFS info (device loop2): disk space caching is enabled [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 14617] <... mount resumed>) = 0 [pid 14623] <... mount resumed>) = 0 [pid 14623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14623] chdir("./file0") = 0 [pid 14623] ioctl(4, LOOP_CLR_FD) = 0 [pid 14623] close(4 [pid 14617] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 14623] <... close resumed>) = 0 [pid 14617] <... openat resumed>) = 3 [pid 5067] getdents64(4, [pid 14623] open("./file0", O_RDONLY [pid 14617] chdir("./file0" [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14623] <... open resumed>) = 4 [pid 14617] <... chdir resumed>) = 0 [pid 5067] close(4 [pid 14623] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14617] ioctl(4, LOOP_CLR_FD [pid 5067] <... close resumed>) = 0 [pid 14617] <... ioctl resumed>) = 0 [pid 5067] rmdir("./88/file0" [pid 14617] close(4 [pid 5067] <... rmdir resumed>) = 0 [pid 14617] <... close resumed>) = 0 [ 268.601672][T14625] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 268.602551][T14623] BTRFS info (device loop4): checking UUID tree [ 268.613832][T14617] BTRFS info (device loop0): checking UUID tree [ 268.639877][T14625] BTRFS info (device loop1): checking UUID tree [pid 5067] getdents64(3, [pid 14623] <... ioctl resumed>) = 0 [pid 14617] open("./file0", O_RDONLY [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14623] open("./file0", O_RDONLY [pid 14617] <... open resumed>) = 4 [pid 5067] close(3 [pid 14623] <... open resumed>) = 5 [pid 14617] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... close resumed>) = 0 [pid 14623] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] rmdir("./88") = 0 [pid 5067] mkdir("./89", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 14625] <... mount resumed>) = 0 [pid 14617] <... ioctl resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 14625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14617] open("./file0", O_RDONLY [pid 5067] close(3 [pid 14625] <... openat resumed>) = 3 [pid 14617] <... open resumed>) = 5 [pid 5067] <... close resumed>) = 0 [pid 14625] chdir("./file0" [pid 14617] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14625] <... chdir resumed>) = 0 [pid 14625] ioctl(4, LOOP_CLR_FD) = 0 [pid 14625] close(4) = 0 [pid 14625] open("./file0", O_RDONLY) = 4 [pid 14625] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 14719 [pid 14617] <... ioctl resumed>) = 0 [pid 14617] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14617] exit_group(0) = ? [pid 14617] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14617, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=41 /* 0.41 s */} --- [pid 5064] umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, ./strace-static-x86_64: Process 14719 attached 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./87/binderfs") = 0 [pid 5064] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14719] set_robust_list(0x555557145760, 24 [pid 14625] <... ioctl resumed>) = 0 [pid 14719] <... set_robust_list resumed>) = 0 [ 268.721030][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 14719] chdir("./89" [pid 14625] open("./file0", O_RDONLY [pid 14719] <... chdir resumed>) = 0 [pid 14625] <... open resumed>) = 5 [pid 14719] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14625] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14719] <... prctl resumed>) = 0 [pid 14719] setpgid(0, 0) = 0 [pid 14719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14719] write(3, "1000", 4) = 4 [pid 14719] close(3) = 0 [pid 14719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14719] memfd_create("syzkaller", 0) = 3 [pid 14719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14625] <... ioctl resumed>) = 0 [pid 14623] <... ioctl resumed>) = 0 [pid 14623] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14623] exit_group(0) = ? [pid 14623] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14623, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 14625] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 268.762865][ T1047] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 268.784091][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./88/binderfs", [pid 14625] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14625] exit_group(0 [pid 5068] unlink("./88/binderfs") = 0 [pid 5068] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14625] <... exit_group resumed>) = ? [pid 14625] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14625, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 5065] umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 268.862941][T14626] BTRFS info (device loop2): enabling ssd optimizations [pid 5065] unlink("./88/binderfs") = 0 [pid 5065] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 268.946996][T14626] BTRFS info (device loop2): auto enabling async discard [pid 14706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5064] umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 269.006901][T14626] BTRFS info (device loop2): rebuilding free space tree [pid 5064] openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5068] newfstatat(AT_FDCWD, "./88/file0", [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5068] openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4 [pid 5068] <... openat resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 5068] newfstatat(4, "", [pid 5064] rmdir("./87/file0" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5068] getdents64(4, [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 5068] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./88/file0", [pid 5064] <... close resumed>) = 0 [ 269.071679][T14626] BTRFS info (device loop2): disabling free space tree [ 269.095670][T14626] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] rmdir("./87" [pid 5068] close(4 [pid 5065] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... rmdir resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] mkdir("./88", 0777 [pid 5065] openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5068] rmdir("./88/file0" [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./88/file0" [pid 5068] <... rmdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5068] getdents64(3, [pid 5065] <... rmdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] getdents64(3, [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5068] close(3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] close(3 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 14729 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./88" [pid 5068] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./89", 0777) = 0 ./strace-static-x86_64: Process 14729 attached [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 14729] set_robust_list(0x555557145760, 24 [pid 5065] <... openat resumed>) = 3 [pid 14729] <... set_robust_list resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 14729] chdir("./88" [pid 5065] <... ioctl resumed>) = 0 [pid 14729] <... chdir resumed>) = 0 [pid 5065] close(3 [pid 14729] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... close resumed>) = 0 [pid 14729] <... prctl resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14729] setpgid(0, 0 [pid 5068] rmdir("./88" [pid 14729] <... setpgid resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 14730 ./strace-static-x86_64: Process 14730 attached [pid 14729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./89", 0777 [pid 14730] set_robust_list(0x555557145760, 24) = 0 [pid 14729] <... openat resumed>) = 3 [pid 5068] <... mkdir resumed>) = 0 [pid 14729] write(3, "1000", 4 [pid 14730] chdir("./89" [pid 14729] <... write resumed>) = 4 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 14730] <... chdir resumed>) = 0 [pid 14729] close(3 [pid 5068] <... openat resumed>) = 3 [pid 14730] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14729] <... close resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 14730] <... prctl resumed>) = 0 [pid 14729] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 14730] setpgid(0, 0 [pid 14729] <... symlink resumed>) = 0 [pid 5068] close(3 [pid 14730] <... setpgid resumed>) = 0 [pid 14729] memfd_create("syzkaller", 0 [pid 5068] <... close resumed>) = 0 [ 269.149818][T14626] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14729] <... memfd_create resumed>) = 3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14730] <... openat resumed>) = 3 [pid 14729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 14731 attached [pid 14730] write(3, "1000", 4 [pid 14729] <... mmap resumed>) = 0x7fda9371b000 [pid 14719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14731] set_robust_list(0x555557145760, 24 [pid 14730] <... write resumed>) = 4 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 14731 [pid 14731] <... set_robust_list resumed>) = 0 [pid 14730] close(3 [pid 14731] chdir("./89" [pid 14730] <... close resumed>) = 0 [pid 14730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14731] <... chdir resumed>) = 0 [pid 14731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14730] memfd_create("syzkaller", 0 [pid 14731] setpgid(0, 0 [ 269.222233][T14626] BTRFS info (device loop2): checking UUID tree [pid 14730] <... memfd_create resumed>) = 3 [pid 14731] <... setpgid resumed>) = 0 [pid 14730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14731] write(3, "1000", 4) = 4 [pid 14731] close(3) = 0 [pid 14731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14731] memfd_create("syzkaller", 0) = 3 [pid 14731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14626] <... mount resumed>) = 0 [pid 14626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14626] chdir("./file0") = 0 [pid 14626] ioctl(4, LOOP_CLR_FD) = 0 [pid 14626] close(4) = 0 [pid 14626] open("./file0", O_RDONLY) = 4 [pid 14626] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14626] open("./file0", O_RDONLY) = 5 [pid 14626] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14626] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14626] exit_group(0) = ? [pid 14626] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14626, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5066] umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./89/binderfs") = 0 [ 269.431386][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14706] <... write resumed>) = 16777216 [pid 14706] munmap(0x7fda9371b000, 138412032) = 0 [pid 14706] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 269.684636][T14706] loop5: detected capacity change from 0 to 32768 [pid 14706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14706] close(3) = 0 [pid 14706] mkdir("./file0", 0777 [pid 14729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14706] <... mkdir resumed>) = 0 [pid 14706] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 269.766631][T14706] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14706) [pid 5066] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./89/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./89") = 0 [pid 5066] mkdir("./90", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14734 ./strace-static-x86_64: Process 14734 attached [pid 14734] set_robust_list(0x555557145760, 24) = 0 [pid 14734] chdir("./90") = 0 [ 269.869750][T14706] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 269.900931][T14706] BTRFS info (device loop5): force clearing of disk cache [pid 14734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14734] setpgid(0, 0) = 0 [pid 14734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14734] write(3, "1000", 4) = 4 [pid 14734] close(3) = 0 [pid 14734] symlink("/dev/binderfs", "./binderfs") = 0 [ 269.940237][T14706] BTRFS info (device loop5): setting nodatasum [ 269.967598][T14706] BTRFS info (device loop5): allowing degraded mounts [pid 14734] memfd_create("syzkaller", 0) = 3 [pid 14734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14719] <... write resumed>) = 16777216 [ 269.993523][T14706] BTRFS info (device loop5): enabling disk space caching [pid 14719] munmap(0x7fda9371b000, 138412032) = 0 [pid 14719] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 14719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14719] close(3) = 0 [pid 14719] mkdir("./file0", 0777) = 0 [ 270.055237][T14706] BTRFS info (device loop5): disk space caching is enabled [ 270.068592][T14719] loop3: detected capacity change from 0 to 32768 [ 270.107361][T14719] BTRFS: device /dev/loop3 using temp-fsid 2c7ee6a0-5ebd-48fe-bb14-74a604916908 [ 270.168498][T14719] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14719) [ 270.228406][T14719] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14719] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14730] <... write resumed>) = 16777216 [pid 14730] munmap(0x7fda9371b000, 138412032) = 0 [pid 14730] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 270.279433][T14719] BTRFS info (device loop3): force clearing of disk cache [ 270.286688][T14706] BTRFS info (device loop5): enabling ssd optimizations [ 270.309937][T14706] BTRFS info (device loop5): auto enabling async discard [ 270.323049][T14730] loop1: detected capacity change from 0 to 32768 [pid 14730] ioctl(4, LOOP_SET_FD, 3 [pid 14731] <... write resumed>) = 16777216 [pid 14730] <... ioctl resumed>) = 0 [pid 14731] munmap(0x7fda9371b000, 138412032 [pid 14730] close(3) = 0 [pid 14730] mkdir("./file0", 0777) = 0 [ 270.331346][T14719] BTRFS info (device loop3): setting nodatasum [ 270.359111][T14706] BTRFS info (device loop5): rebuilding free space tree [ 270.360157][T14719] BTRFS info (device loop3): allowing degraded mounts [pid 14730] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14731] <... munmap resumed>) = 0 [pid 14731] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 14731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14729] <... write resumed>) = 16777216 [ 270.383693][T14730] BTRFS: device /dev/loop1 using temp-fsid 9c955037-2802-417d-8690-b675ff682bea [ 270.405490][T14731] loop4: detected capacity change from 0 to 32768 [ 270.407829][T14719] BTRFS info (device loop3): enabling disk space caching [ 270.418776][T14730] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14730) [pid 14729] munmap(0x7fda9371b000, 138412032 [pid 14731] close(3) = 0 [pid 14729] <... munmap resumed>) = 0 [pid 14729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 14729] ioctl(4, LOOP_SET_FD, 3 [pid 14731] mkdir("./file0", 0777) = 0 [pid 14731] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14729] <... ioctl resumed>) = 0 [pid 14729] close(3) = 0 [pid 14729] mkdir("./file0", 0777) = 0 [pid 14729] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14706] <... mount resumed>) = 0 [pid 14706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 270.433411][T14706] BTRFS info (device loop5): disabling free space tree [ 270.441066][T14706] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 270.446676][T14729] loop0: detected capacity change from 0 to 32768 [ 270.462861][T14731] BTRFS: device /dev/loop4 using temp-fsid c45c9f93-0643-4c38-a9b9-858c7de15b3b [pid 14706] chdir("./file0") = 0 [pid 14706] ioctl(4, LOOP_CLR_FD) = 0 [pid 14706] close(4) = 0 [pid 14706] open("./file0", O_RDONLY) = 4 [ 270.499124][T14731] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14731) [ 270.522316][T14729] BTRFS: device /dev/loop0 using temp-fsid d6c77e24-513c-401d-b80d-abfc99770e66 [pid 14706] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14706] open("./file0", O_RDONLY) = 5 [pid 14706] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14706] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14706] exit_group(0) = ? [pid 14706] +++ exited with 0 +++ [ 270.548933][T14729] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14729) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14706, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 5069] umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./89/binderfs") = 0 [pid 5069] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14730] <... mount resumed>) = 0 [pid 14730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14730] chdir("./file0") = 0 [pid 14730] ioctl(4, LOOP_CLR_FD) = 0 [pid 14730] close(4) = 0 [pid 14730] open("./file0", O_RDONLY) = 4 [pid 14730] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14734] <... write resumed>) = 16777216 [pid 14734] munmap(0x7fda9371b000, 138412032 [pid 14730] <... ioctl resumed>) = 0 [pid 14734] <... munmap resumed>) = 0 [pid 14730] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = 0 [pid 14734] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 14730] <... open resumed>) = 5 [pid 5069] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14734] ioctl(4, LOOP_SET_FD, 3 [pid 14730] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14734] <... ioctl resumed>) = 0 [pid 14734] close(3) = 0 [pid 14734] mkdir("./file0", 0777 [pid 5069] openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, [pid 14734] <... mkdir resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 14734] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 14730] <... ioctl resumed>) = 0 [pid 14730] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14730] exit_group(0) = ? [pid 14730] +++ exited with 0 +++ [pid 14719] <... mount resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 14719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] rmdir("./89/file0" [pid 14731] <... mount resumed>) = 0 [pid 14719] <... openat resumed>) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14730, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5069] getdents64(3, [pid 5065] umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] close(3 [pid 5065] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14719] chdir("./file0" [pid 5069] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 14731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14719] <... chdir resumed>) = 0 [pid 5069] rmdir("./89" [pid 5065] newfstatat(3, "", [pid 14731] <... openat resumed>) = 3 [pid 14719] ioctl(4, LOOP_CLR_FD [pid 5069] <... rmdir resumed>) = 0 [pid 14731] chdir("./file0" [pid 14719] <... ioctl resumed>) = 0 [pid 5069] mkdir("./90", 0777 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14731] <... chdir resumed>) = 0 [pid 14719] close(4 [pid 5069] <... mkdir resumed>) = 0 [pid 5065] getdents64(3, [ 270.751164][T14734] loop2: detected capacity change from 0 to 32768 [ 270.773761][T14734] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14734) [pid 14731] ioctl(4, LOOP_CLR_FD [pid 14719] <... close resumed>) = 0 [pid 14731] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14731] close(4 [pid 5069] <... openat resumed>) = 3 [pid 5065] umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14731] <... close resumed>) = 0 [pid 14719] open("./file0", O_RDONLY [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14719] <... open resumed>) = 4 [pid 5069] <... ioctl resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5069] close(3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... close resumed>) = 0 [pid 5065] unlink("./89/binderfs" [pid 14731] open("./file0", O_RDONLY [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... unlink resumed>) = 0 [pid 14731] <... open resumed>) = 4 [pid 5065] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 14816 attached [pid 14731] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14719] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 14816 [pid 14816] set_robust_list(0x555557145760, 24) = 0 [pid 14816] chdir("./90") = 0 [pid 14816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14731] <... ioctl resumed>) = 0 [pid 14816] setpgid(0, 0 [pid 14731] open("./file0", O_RDONLY [pid 14816] <... setpgid resumed>) = 0 [pid 14816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14731] <... open resumed>) = 5 [pid 14816] <... openat resumed>) = 3 [pid 14731] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14816] write(3, "1000", 4 [pid 14731] <... ioctl resumed>) = 0 [pid 14816] <... write resumed>) = 4 [pid 14816] close(3) = 0 [pid 14816] symlink("/dev/binderfs", "./binderfs" [pid 14731] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14719] <... ioctl resumed>) = 0 [pid 14816] <... symlink resumed>) = 0 [pid 14731] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14729] <... mount resumed>) = 0 [pid 14816] memfd_create("syzkaller", 0) = 3 [pid 14816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14719] open("./file0", O_RDONLY [pid 14731] exit_group(0 [pid 14729] <... openat resumed>) = 3 [pid 14719] <... open resumed>) = 5 [pid 14731] <... exit_group resumed>) = ? [pid 14729] chdir("./file0" [pid 14719] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14731] +++ exited with 0 +++ [pid 14729] <... chdir resumed>) = 0 [pid 14719] <... ioctl resumed>) = 0 [pid 14729] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14731, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- [pid 14729] close(4 [pid 14719] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 14729] <... close resumed>) = 0 [pid 14719] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... restart_syscall resumed>) = 0 [pid 14729] open("./file0", O_RDONLY [pid 14719] exit_group(0 [pid 14729] <... open resumed>) = 4 [pid 14719] <... exit_group resumed>) = ? [pid 14719] +++ exited with 0 +++ [pid 5068] umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14729] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14719, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5068] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5067] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] unlink("./89/binderfs") = 0 [pid 5067] umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./89/binderfs") = 0 [pid 14729] <... ioctl resumed>) = 0 [pid 5067] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14729] open("./file0", O_RDONLY) = 5 [pid 14729] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14729] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14729] exit_group(0) = ? [pid 14729] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14729, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- [pid 5064] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5064] umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./88/binderfs") = 0 [pid 5064] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14734] <... mount resumed>) = 0 [pid 5065] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 14734] <... openat resumed>) = 3 [pid 5065] newfstatat(4, "", [pid 14734] chdir("./file0" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 14734] <... chdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 14734] ioctl(4, LOOP_CLR_FD [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14734] <... ioctl resumed>) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./89/file0" [pid 14734] close(4 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14734] <... close resumed>) = 0 [pid 5065] close(3 [pid 14734] open("./file0", O_RDONLY [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./89" [pid 14734] <... open resumed>) = 4 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./90", 0777 [pid 14734] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... mkdir resumed>) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5065] close(3) = 0 [pid 14734] <... ioctl resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 14837 attached [pid 14734] open("./file0", O_RDONLY [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 14837 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 14734] <... open resumed>) = 5 [pid 14734] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14837] set_robust_list(0x555557145760, 24) = 0 [pid 14734] <... ioctl resumed>) = 0 [pid 5067] rmdir("./89/file0" [pid 14837] chdir("./90" [pid 14734] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... rmdir resumed>) = 0 [pid 14837] <... chdir resumed>) = 0 [pid 14734] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./89") = 0 [pid 5067] mkdir("./90", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 14837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14734] exit_group(0 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 14734] <... exit_group resumed>) = ? [pid 5067] close(3 [pid 14837] <... prctl resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14837] setpgid(0, 0 [pid 14734] +++ exited with 0 +++ [pid 14837] <... setpgid resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14734, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 14837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 14838 [pid 5066] umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14837] <... openat resumed>) = 3 [pid 5066] umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 14838 attached ) = -1 EINVAL (Invalid argument) [pid 14838] set_robust_list(0x555557145760, 24 [pid 14837] write(3, "1000", 4 [pid 5066] newfstatat(AT_FDCWD, "./90/binderfs", [pid 14838] <... set_robust_list resumed>) = 0 [pid 14837] <... write resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./90/binderfs") = 0 [pid 5066] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14838] chdir("./90") = 0 [pid 14838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14837] close(3 [pid 5068] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 14837] <... close resumed>) = 0 [pid 5068] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14837] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./89/file0", [pid 5064] newfstatat(AT_FDCWD, "./88/file0", [pid 14838] <... prctl resumed>) = 0 [pid 14837] <... symlink resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14838] setpgid(0, 0) = 0 [pid 5068] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14837] memfd_create("syzkaller", 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14838] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14838] write(3, "1000", 4 [pid 14837] <... memfd_create resumed>) = 3 [pid 5068] <... openat resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14838] <... write resumed>) = 4 [pid 14837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] newfstatat(4, "", [pid 14838] close(3 [pid 14837] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, [pid 14838] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14838] symlink("/dev/binderfs", "./binderfs" [pid 5068] getdents64(4, [pid 5064] close(4) = 0 [pid 5064] rmdir("./88/file0" [pid 14838] <... symlink resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... rmdir resumed>) = 0 [pid 14838] memfd_create("syzkaller", 0 [pid 5068] getdents64(4, [pid 5064] getdents64(3, [pid 14838] <... memfd_create resumed>) = 3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] close(4 [pid 14838] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... close resumed>) = 0 [pid 5064] close(3 [pid 5068] rmdir("./89/file0" [pid 5064] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5064] rmdir("./88" [pid 5068] getdents64(3, [pid 5064] <... rmdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] mkdir("./89", 0777 [pid 5068] close(3 [pid 5064] <... mkdir resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./89") = 0 [pid 5068] mkdir("./90", 0777 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5068] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5068] <... openat resumed>) = 3 [pid 5064] <... ioctl resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5064] close(3) = 0 [pid 14816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 14839 attached [pid 5068] close(3 [pid 14839] set_robust_list(0x555557145760, 24) = 0 [pid 14839] chdir("./89" [pid 5068] <... close resumed>) = 0 [pid 14839] <... chdir resumed>) = 0 [pid 14839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 14839 [pid 14839] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 14840 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 14840 [pid 14840] set_robust_list(0x555557145760, 24) = 0 [pid 14839] setpgid(0, 0) = 0 [pid 14839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14840] chdir("./90" [pid 14839] write(3, "1000", 4) = 4 [pid 14840] <... chdir resumed>) = 0 [pid 14839] close(3 [pid 14840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14839] <... close resumed>) = 0 [pid 14840] <... prctl resumed>) = 0 [pid 14839] symlink("/dev/binderfs", "./binderfs" [pid 14840] setpgid(0, 0 [pid 14839] <... symlink resumed>) = 0 [pid 14840] <... setpgid resumed>) = 0 [pid 14839] memfd_create("syzkaller", 0 [pid 14840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14839] <... memfd_create resumed>) = 3 [pid 14840] <... openat resumed>) = 3 [pid 14839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14840] write(3, "1000", 4) = 4 [pid 14840] close(3) = 0 [pid 14840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14840] memfd_create("syzkaller", 0) = 3 [pid 14840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./90/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./90") = 0 [pid 5066] mkdir("./91", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 14842 ./strace-static-x86_64: Process 14842 attached [pid 14842] set_robust_list(0x555557145760, 24) = 0 [pid 14842] chdir("./91") = 0 [pid 14842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14842] setpgid(0, 0) = 0 [pid 14842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 14842] write(3, "1000", 4) = 4 [pid 14842] close(3) = 0 [pid 14842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14842] memfd_create("syzkaller", 0) = 3 [pid 14842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14816] <... write resumed>) = 16777216 [pid 14816] munmap(0x7fda9371b000, 138412032) = 0 [pid 14816] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 14816] ioctl(4, LOOP_SET_FD, 3 [ 272.331207][T14816] loop5: detected capacity change from 0 to 32768 [pid 14842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14816] <... ioctl resumed>) = 0 [pid 14816] close(3) = 0 [pid 14816] mkdir("./file0", 0777) = 0 [pid 14816] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14837] <... write resumed>) = 16777216 [pid 14837] munmap(0x7fda9371b000, 138412032) = 0 [pid 14837] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 14837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14837] close(3) = 0 [pid 14837] mkdir("./file0", 0777) = 0 [ 272.380892][T14816] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14816) [ 272.409370][T14837] loop1: detected capacity change from 0 to 32768 [ 272.433981][T14837] BTRFS: device /dev/loop1 using temp-fsid cf0d19eb-8dc3-4c70-bc13-bde6ad2b3e18 [ 272.460001][T14816] _btrfs_printk: 68 callbacks suppressed [ 272.460013][T14816] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14837] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14838] <... write resumed>) = 16777216 [pid 14838] munmap(0x7fda9371b000, 138412032) = 0 [pid 14838] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 272.489777][T14837] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14837) [ 272.515187][T14816] BTRFS info (device loop5): force clearing of disk cache [ 272.531158][T14838] loop3: detected capacity change from 0 to 32768 [pid 14838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14838] close(3) = 0 [pid 14838] mkdir("./file0", 0777) = 0 [ 272.545430][T14837] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 272.555807][T14816] BTRFS info (device loop5): setting nodatasum [ 272.565265][T14838] BTRFS: device /dev/loop3 using temp-fsid 3a405c96-c228-44a3-b48e-88f3f3e6f9ba [ 272.574845][T14816] BTRFS info (device loop5): allowing degraded mounts [ 272.583118][T14838] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14838) [ 272.588895][T14837] BTRFS info (device loop1): force clearing of disk cache [ 272.609603][T14816] BTRFS info (device loop5): enabling disk space caching [ 272.617581][T14816] BTRFS info (device loop5): disk space caching is enabled [ 272.625181][T14838] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14838] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14840] <... write resumed>) = 16777216 [pid 14842] <... write resumed>) = 16777216 [ 272.648751][T14838] BTRFS info (device loop3): force clearing of disk cache [ 272.654764][T14837] BTRFS info (device loop1): setting nodatasum [ 272.659295][T14838] BTRFS info (device loop3): setting nodatasum [ 272.662464][T14837] BTRFS info (device loop1): allowing degraded mounts [ 272.669590][T14838] BTRFS info (device loop3): allowing degraded mounts [ 272.683583][T14838] BTRFS info (device loop3): enabling disk space caching [ 272.685324][T14840] loop4: detected capacity change from 0 to 32768 [pid 14840] munmap(0x7fda9371b000, 138412032 [pid 14842] munmap(0x7fda9371b000, 138412032 [pid 14840] <... munmap resumed>) = 0 [pid 14840] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 14840] ioctl(4, LOOP_SET_FD, 3 [pid 14842] <... munmap resumed>) = 0 [pid 14839] <... write resumed>) = 16777216 [pid 14840] <... ioctl resumed>) = 0 [pid 14842] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14839] munmap(0x7fda9371b000, 138412032 [pid 14840] close(3) = 0 [pid 14840] mkdir("./file0", 0777) = 0 [pid 14840] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14842] <... openat resumed>) = 4 [pid 14839] <... munmap resumed>) = 0 [pid 14842] ioctl(4, LOOP_SET_FD, 3 [pid 14839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 272.696424][T14837] BTRFS info (device loop1): enabling disk space caching [ 272.697712][T14838] BTRFS info (device loop3): disk space caching is enabled [ 272.705106][T14837] BTRFS info (device loop1): disk space caching is enabled [ 272.713843][T14840] BTRFS: device /dev/loop4 using temp-fsid 75f59142-c0e9-4e15-a404-bdfc3f83f1a2 [ 272.727909][T14842] loop2: detected capacity change from 0 to 32768 [ 272.734541][T14840] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14840) [pid 14839] ioctl(4, LOOP_SET_FD, 3 [pid 14842] <... ioctl resumed>) = 0 [pid 14842] close(3) = 0 [pid 14842] mkdir("./file0", 0777) = 0 [pid 14842] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14839] <... ioctl resumed>) = 0 [pid 14839] close(3) = 0 [pid 14839] mkdir("./file0", 0777) = 0 [ 272.740712][T14839] loop0: detected capacity change from 0 to 32768 [ 272.758980][T14840] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 272.768462][T14840] BTRFS info (device loop4): force clearing of disk cache [ 272.768551][T14842] BTRFS: device /dev/loop2 using temp-fsid 4945df17-ef2a-4c33-a64f-06d13eeea701 [ 272.775603][T14840] BTRFS info (device loop4): setting nodatasum [ 272.775622][T14840] BTRFS info (device loop4): allowing degraded mounts [ 272.790380][T14842] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14842) [ 272.791360][T14840] BTRFS info (device loop4): enabling disk space caching [ 272.818101][T14840] BTRFS info (device loop4): disk space caching is enabled [ 272.825856][T14839] BTRFS: device /dev/loop0 using temp-fsid 6ec4852a-d6b2-47cb-95ea-7f68f2824bda [ 272.835423][T14839] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14839) [ 272.835466][T14842] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 272.857463][T14842] BTRFS info (device loop2): force clearing of disk cache [ 272.859356][T14839] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 272.867043][T14842] BTRFS info (device loop2): setting nodatasum [ 272.880069][T14842] BTRFS info (device loop2): allowing degraded mounts [ 272.886846][T14842] BTRFS info (device loop2): enabling disk space caching [ 272.894072][T14842] BTRFS info (device loop2): disk space caching is enabled [ 272.901641][T14839] BTRFS info (device loop0): force clearing of disk cache [ 272.911800][T14839] BTRFS info (device loop0): setting nodatasum [ 272.913061][T14838] BTRFS info (device loop3): enabling ssd optimizations [ 272.917952][T14839] BTRFS info (device loop0): allowing degraded mounts [ 272.925808][T14838] BTRFS info (device loop3): auto enabling async discard [ 272.938992][T14839] BTRFS info (device loop0): enabling disk space caching [ 272.946395][T14839] BTRFS info (device loop0): disk space caching is enabled [ 272.951882][T14838] BTRFS info (device loop3): rebuilding free space tree [ 272.957736][T14837] BTRFS info (device loop1): enabling ssd optimizations [ 272.963616][T14816] BTRFS info (device loop5): enabling ssd optimizations [ 272.969840][T14837] BTRFS info (device loop1): auto enabling async discard [ 272.979135][T14816] BTRFS info (device loop5): auto enabling async discard [ 272.982969][T14837] BTRFS info (device loop1): rebuilding free space tree [ 273.001375][T14838] BTRFS info (device loop3): disabling free space tree [ 273.006016][T14840] BTRFS info (device loop4): enabling ssd optimizations [ 273.009058][T14838] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 273.016920][T14840] BTRFS info (device loop4): auto enabling async discard [ 273.026174][T14838] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 273.033138][T14816] BTRFS info (device loop5): rebuilding free space tree [pid 14839] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14838] <... mount resumed>) = 0 [pid 14838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14838] chdir("./file0") = 0 [pid 14838] ioctl(4, LOOP_CLR_FD) = 0 [pid 14838] close(4) = 0 [pid 14838] open("./file0", O_RDONLY) = 4 [pid 14838] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14838] open("./file0", O_RDONLY) = 5 [pid 14838] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14838] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 273.044911][T14838] BTRFS info (device loop3): checking UUID tree [ 273.056679][T14837] BTRFS info (device loop1): disabling free space tree [ 273.057335][T14840] BTRFS info (device loop4): rebuilding free space tree [ 273.067523][T14837] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 14838] exit_group(0) = ? [pid 14838] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14838, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./90/binderfs") = 0 [ 273.104592][T14839] BTRFS info (device loop0): enabling ssd optimizations [ 273.105638][T14840] BTRFS info (device loop4): disabling free space tree [ 273.111727][T14816] BTRFS info (device loop5): disabling free space tree [ 273.111785][T14816] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 273.111805][T14816] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 273.133559][T14816] BTRFS info (device loop5): checking UUID tree [ 273.135635][T14840] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 273.155958][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 273.162100][T14840] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 273.181262][T14842] BTRFS info (device loop2): enabling ssd optimizations [ 273.181345][T14839] BTRFS info (device loop0): auto enabling async discard [ 273.188277][T14842] BTRFS info (device loop2): auto enabling async discard [pid 5067] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14816] <... mount resumed>) = 0 [pid 14816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14816] chdir("./file0") = 0 [pid 14816] ioctl(4, LOOP_CLR_FD) = 0 [pid 14816] close(4) = 0 [pid 14816] open("./file0", O_RDONLY) = 4 [pid 14816] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14816] open("./file0", O_RDONLY) = 5 [pid 14816] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14816] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14816] exit_group(0) = ? [ 273.198786][T14837] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 273.222043][T14839] BTRFS info (device loop0): rebuilding free space tree [ 273.229703][T14840] BTRFS info (device loop4): checking UUID tree [ 273.241547][T14842] BTRFS info (device loop2): rebuilding free space tree [ 273.242908][T14837] BTRFS info (device loop1): checking UUID tree [pid 14816] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14816, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5069] umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14840] <... mount resumed>) = 0 [pid 14837] <... mount resumed>) = 0 [pid 5069] umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14840] <... openat resumed>) = 3 [pid 14837] <... openat resumed>) = 3 [pid 14840] chdir("./file0" [pid 14837] chdir("./file0" [pid 14840] <... chdir resumed>) = 0 [pid 14837] <... chdir resumed>) = 0 [pid 14840] ioctl(4, LOOP_CLR_FD [pid 14837] ioctl(4, LOOP_CLR_FD [pid 14840] <... ioctl resumed>) = 0 [pid 14837] <... ioctl resumed>) = 0 [ 273.293197][T14839] BTRFS info (device loop0): disabling free space tree [ 273.307396][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 273.325788][T14842] BTRFS info (device loop2): disabling free space tree [pid 14840] close(4 [pid 14837] close(4 [pid 14840] <... close resumed>) = 0 [pid 14837] <... close resumed>) = 0 [pid 14840] open("./file0", O_RDONLY [pid 14837] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = 0 [pid 14840] <... open resumed>) = 4 [pid 14837] <... open resumed>) = 4 [pid 14840] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14837] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5067] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./90/file0", [pid 14840] <... ioctl resumed>) = 0 [pid 5069] unlink("./90/binderfs" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14840] open("./file0", O_RDONLY [pid 5069] <... unlink resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14840] <... open resumed>) = 5 [pid 14837] <... ioctl resumed>) = 0 [pid 5069] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14840] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14837] open("./file0", O_RDONLY) = 5 [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", [pid 14837] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14837] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] getdents64(4, [pid 14837] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 273.334457][T14839] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 273.346198][T14842] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 273.356600][T14842] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 14837] exit_group(0) = ? [pid 14837] +++ exited with 0 +++ [pid 14840] <... ioctl resumed>) = 0 [pid 5067] getdents64(4, [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14837, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=41 /* 0.41 s */} --- [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14840] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] close(4) = 0 [pid 14840] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] rmdir("./90/file0" [pid 14840] exit_group(0) = ? [pid 5067] <... rmdir resumed>) = 0 [pid 5065] umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14840] +++ exited with 0 +++ [pid 5067] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14840, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=42 /* 0.42 s */} --- [pid 5067] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5068] umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... close resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] rmdir("./90" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5068] <... openat resumed>) = 3 [pid 5067] mkdir("./91", 0777 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] newfstatat(3, "", [pid 5067] <... mkdir resumed>) = 0 [pid 5065] umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 273.398186][ T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 273.404082][T14839] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 273.426489][T14842] BTRFS info (device loop2): checking UUID tree [pid 5068] getdents64(3, [pid 5067] <... openat resumed>) = 3 [pid 5065] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... ioctl resumed>) = 0 [pid 5065] unlink("./90/binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] close(3 [pid 5065] <... unlink resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5067] <... close resumed>) = 0 [pid 5065] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] unlink("./90/binderfs") = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 14938 [pid 5068] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 14938 attached [pid 14938] set_robust_list(0x555557145760, 24) = 0 [pid 14938] chdir("./91") = 0 [pid 14938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14938] setpgid(0, 0) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 14938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14938] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./90/file0", [pid 14938] write(3, "1000", 4) = 4 [ 273.457990][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 14938] close(3) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14938] symlink("/dev/binderfs", "./binderfs" [pid 5069] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 14938] <... symlink resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14938] memfd_create("syzkaller", 0 [pid 5069] <... openat resumed>) = 4 [pid 14938] <... memfd_create resumed>) = 3 [pid 14842] <... mount resumed>) = 0 [pid 5069] newfstatat(4, "", [pid 14842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14842] <... openat resumed>) = 3 [pid 5069] getdents64(4, [pid 14938] <... mmap resumed>) = 0x7fda9371b000 [pid 14842] chdir("./file0" [pid 14839] <... mount resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 14842] <... chdir resumed>) = 0 [pid 14839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14842] ioctl(4, LOOP_CLR_FD [pid 14839] <... openat resumed>) = 3 [pid 5069] close(4) = 0 [pid 14842] <... ioctl resumed>) = 0 [pid 14842] close(4 [pid 14839] chdir("./file0") = 0 [pid 5069] rmdir("./90/file0") = 0 [ 273.503806][T14839] BTRFS info (device loop0): checking UUID tree [pid 5069] getdents64(3, [pid 14842] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14839] ioctl(4, LOOP_CLR_FD [pid 14842] open("./file0", O_RDONLY [pid 14839] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 14839] close(4 [pid 5069] <... close resumed>) = 0 [pid 14839] <... close resumed>) = 0 [pid 5069] rmdir("./90" [pid 14839] open("./file0", O_RDONLY [pid 14842] <... open resumed>) = 4 [pid 14839] <... open resumed>) = 4 [pid 14839] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... umount2 resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 14842] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] mkdir("./91", 0777 [pid 5068] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] newfstatat(AT_FDCWD, "./90/file0", [pid 5069] <... openat resumed>) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14839] <... ioctl resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] <... ioctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 14839] open("./file0", O_RDONLY [pid 5069] close(3 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... close resumed>) = 0 [pid 14839] <... open resumed>) = 5 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14839] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 14944 ./strace-static-x86_64: Process 14944 attached [pid 14839] <... ioctl resumed>) = 0 [pid 5068] getdents64(4, [pid 14944] set_robust_list(0x555557145760, 24) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 14944] chdir("./91" [pid 14842] <... ioctl resumed>) = 0 [pid 14944] <... chdir resumed>) = 0 [pid 14842] open("./file0", O_RDONLY [pid 14839] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] getdents64(4, [pid 14944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14944] setpgid(0, 0 [pid 14842] <... open resumed>) = 5 [pid 14839] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] close(4 [pid 5065] <... umount2 resumed>) = 0 [pid 14944] <... setpgid resumed>) = 0 [pid 14839] exit_group(0 [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./90/file0" [pid 14944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14839] <... exit_group resumed>) = ? [pid 14839] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14839, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 14944] <... openat resumed>) = 3 [pid 5068] <... rmdir resumed>) = 0 [pid 14944] write(3, "1000", 4 [pid 14842] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] getdents64(3, [pid 5065] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14944] <... write resumed>) = 4 [pid 5068] close(3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14944] close(3 [pid 5068] <... close resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./90/file0", [pid 14944] <... close resumed>) = 0 [ 273.646801][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5068] rmdir("./90" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14944] symlink("/dev/binderfs", "./binderfs" [pid 14842] <... ioctl resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14944] <... symlink resumed>) = 0 [pid 14842] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] mkdir("./91", 0777 [pid 5065] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14944] memfd_create("syzkaller", 0 [pid 14842] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] <... mkdir resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(3, "", [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 14842] exit_group(0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14944] <... memfd_create resumed>) = 3 [pid 14842] <... exit_group resumed>) = ? [pid 5068] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 4 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] newfstatat(4, "", [pid 5068] ioctl(3, LOOP_CLR_FD [pid 14944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14842] +++ exited with 0 +++ [pid 5068] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14944] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] close(3 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14842, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=42 /* 0.42 s */} --- [pid 5065] getdents64(4, [pid 5064] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] getdents64(4, [pid 5068] <... close resumed>) = 0 [pid 5064] unlink("./89/binderfs" [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5064] <... unlink resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./90/file0" [pid 5066] umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 14946 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 14946 [pid 14946] set_robust_list(0x555557145760, 24 [pid 5066] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] getdents64(3, [pid 14946] <... set_robust_list resumed>) = 0 [pid 14946] chdir("./91" [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] <... openat resumed>) = 3 [pid 14946] <... chdir resumed>) = 0 [pid 5066] newfstatat(3, "", [ 273.722001][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5065] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./90" [pid 5066] getdents64(3, [pid 14946] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... rmdir resumed>) = 0 [pid 5066] umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] mkdir("./91", 0777 [pid 14946] <... prctl resumed>) = 0 [pid 14946] setpgid(0, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... mkdir resumed>) = 0 [pid 14946] <... setpgid resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./91/binderfs", [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 14946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 14946] <... openat resumed>) = 3 [pid 5066] unlink("./91/binderfs" [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 5066] <... unlink resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14947 attached , child_tidptr=0x555557145750) = 14947 [pid 14947] set_robust_list(0x555557145760, 24) = 0 [pid 14947] chdir("./91" [pid 5066] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14947] <... chdir resumed>) = 0 [pid 14946] write(3, "1000", 4) = 4 [pid 14946] close(3) = 0 [pid 14946] symlink("/dev/binderfs", "./binderfs" [pid 14947] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 14946] <... symlink resumed>) = 0 [pid 14947] <... prctl resumed>) = 0 [pid 14947] setpgid(0, 0) = 0 [pid 14947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14946] memfd_create("syzkaller", 0) = 3 [pid 14947] <... openat resumed>) = 3 [pid 14946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14947] write(3, "1000", 4 [pid 14946] <... mmap resumed>) = 0x7fda9371b000 [pid 14947] <... write resumed>) = 4 [pid 14947] close(3) = 0 [pid 14947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14947] memfd_create("syzkaller", 0) = 3 [pid 14947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5064] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./89/file0" [pid 5066] newfstatat(AT_FDCWD, "./91/file0", [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./89" [pid 5066] openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 5064] mkdir("./90", 0777 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5066] getdents64(4, [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5066] getdents64(4, [pid 5064] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 14949 attached [pid 5066] close(4 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 14949 [pid 14949] set_robust_list(0x555557145760, 24 [pid 5066] <... close resumed>) = 0 [pid 14949] <... set_robust_list resumed>) = 0 [pid 5066] rmdir("./91/file0" [pid 14949] chdir("./90" [pid 5066] <... rmdir resumed>) = 0 [pid 14949] <... chdir resumed>) = 0 [pid 5066] getdents64(3, [pid 14949] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 14949] <... prctl resumed>) = 0 [pid 14949] setpgid(0, 0 [pid 5066] close(3 [pid 14949] <... setpgid resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 14949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] rmdir("./91") = 0 [pid 5066] mkdir("./92", 0777) = 0 [pid 14949] <... openat resumed>) = 3 [pid 14944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14949] write(3, "1000", 4 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14949] <... write resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 14949] close(3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 14949] <... close resumed>) = 0 [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 14949] symlink("/dev/binderfs", "./binderfs" [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 14949] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 14950 attached [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 14950 [pid 14950] set_robust_list(0x555557145760, 24) = 0 [pid 14950] chdir("./92") = 0 [pid 14950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 14950] setpgid(0, 0 [pid 14949] memfd_create("syzkaller", 0 [pid 14950] <... setpgid resumed>) = 0 [pid 14950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 14949] <... memfd_create resumed>) = 3 [pid 14950] <... openat resumed>) = 3 [pid 14949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 14950] write(3, "1000", 4) = 4 [pid 14950] close(3) = 0 [pid 14950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 14950] memfd_create("syzkaller", 0) = 3 [pid 14950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 14946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14950] <... mmap resumed>) = 0x7fda9371b000 [pid 14947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14938] <... write resumed>) = 16777216 [pid 14938] munmap(0x7fda9371b000, 138412032) = 0 [pid 14938] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 14938] ioctl(4, LOOP_SET_FD, 3 [pid 14949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14938] <... ioctl resumed>) = 0 [pid 14938] close(3) = 0 [pid 14938] mkdir("./file0", 0777) = 0 [ 274.847910][T14938] loop3: detected capacity change from 0 to 32768 [pid 14938] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 274.900808][T14938] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (14938) [ 274.968995][T14938] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 14944] <... write resumed>) = 16777216 [pid 14944] munmap(0x7fda9371b000, 138412032) = 0 [pid 14944] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 275.009909][T14938] BTRFS info (device loop3): force clearing of disk cache [ 275.049319][T14938] BTRFS info (device loop3): setting nodatasum [pid 14944] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 14944] close(3) = 0 [pid 14944] mkdir("./file0", 0777) = 0 [pid 14944] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14946] <... write resumed>) = 16777216 [ 275.058071][T14944] loop5: detected capacity change from 0 to 32768 [ 275.078742][T14938] BTRFS info (device loop3): allowing degraded mounts [ 275.085513][T14938] BTRFS info (device loop3): enabling disk space caching [ 275.097256][T14944] BTRFS: device /dev/loop5 using temp-fsid ab8b457b-9249-4625-afa7-6748956880aa [pid 14946] munmap(0x7fda9371b000, 138412032 [pid 14947] <... write resumed>) = 16777216 [pid 14947] munmap(0x7fda9371b000, 138412032) = 0 [pid 14947] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 14947] ioctl(4, LOOP_SET_FD, 3 [pid 14946] <... munmap resumed>) = 0 [ 275.111171][T14938] BTRFS info (device loop3): disk space caching is enabled [ 275.119072][T14944] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (14944) [ 275.141415][T14947] loop1: detected capacity change from 0 to 32768 [pid 14947] <... ioctl resumed>) = 0 [pid 14946] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 14946] ioctl(4, LOOP_SET_FD, 3 [pid 14947] close(3) = 0 [pid 14947] mkdir("./file0", 0777) = 0 [pid 14947] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14946] <... ioctl resumed>) = 0 [pid 14946] close(3) = 0 [ 275.154685][T14944] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 275.165593][T14946] loop4: detected capacity change from 0 to 32768 [ 275.173835][T14947] BTRFS: device /dev/loop1 using temp-fsid 7c1dbd0b-b345-4449-bd70-0bb7759dacc6 [ 275.188771][T14944] BTRFS info (device loop5): force clearing of disk cache [ 275.195889][T14944] BTRFS info (device loop5): setting nodatasum [pid 14946] mkdir("./file0", 0777) = 0 [pid 14949] <... write resumed>) = 16777216 [pid 14946] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 275.208860][T14947] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (14947) [ 275.233583][T14944] BTRFS info (device loop5): allowing degraded mounts [ 275.235515][T14946] BTRFS: device /dev/loop4 using temp-fsid 869a6069-1aa2-4297-a92c-5f8784ca7c37 [ 275.241591][T14947] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 14949] munmap(0x7fda9371b000, 138412032) = 0 [pid 14949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 14949] ioctl(4, LOOP_SET_FD, 3 [pid 14950] <... write resumed>) = 16777216 [ 275.259069][T14947] BTRFS info (device loop1): force clearing of disk cache [ 275.266406][T14947] BTRFS info (device loop1): setting nodatasum [ 275.269257][T14949] loop0: detected capacity change from 0 to 32768 [ 275.273096][T14947] BTRFS info (device loop1): allowing degraded mounts [ 275.286393][T14947] BTRFS info (device loop1): enabling disk space caching [ 275.289597][T14944] BTRFS info (device loop5): enabling disk space caching [pid 14950] munmap(0x7fda9371b000, 138412032) = 0 [pid 14949] <... ioctl resumed>) = 0 [pid 14949] close(3 [pid 14950] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 14949] <... close resumed>) = 0 [pid 14950] <... openat resumed>) = 4 [pid 14949] mkdir("./file0", 0777 [pid 14950] ioctl(4, LOOP_SET_FD, 3 [pid 14949] <... mkdir resumed>) = 0 [pid 14949] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14950] <... ioctl resumed>) = 0 [pid 14950] close(3) = 0 [pid 14950] mkdir("./file0", 0777) = 0 [ 275.294436][T14946] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (14946) [ 275.319231][T14950] loop2: detected capacity change from 0 to 32768 [ 275.327256][T14949] BTRFS: device /dev/loop0 using temp-fsid decba2df-69f4-48fe-967d-6ebe1cbb03a6 [ 275.337224][T14949] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (14949) [ 275.352635][T14950] BTRFS: device /dev/loop2 using temp-fsid 65ef573e-f060-4daa-8fd3-5901498d400d [pid 14950] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 14938] <... mount resumed>) = 0 [pid 14938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14938] chdir("./file0") = 0 [pid 14938] ioctl(4, LOOP_CLR_FD) = 0 [pid 14938] close(4) = 0 [pid 14938] open("./file0", O_RDONLY) = 4 [pid 14938] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 14938] open("./file0", O_RDONLY) = 5 [ 275.363536][T14950] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (14950) [pid 14938] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 14938] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14938] exit_group(0) = ? [pid 14938] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14938, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 14944] <... mount resumed>) = 0 [pid 5067] <... restart_syscall resumed>) = 0 [pid 14944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14944] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14944] chdir("./file0" [pid 5067] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14944] <... chdir resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 14944] ioctl(4, LOOP_CLR_FD [pid 5067] newfstatat(3, "", [pid 14947] <... mount resumed>) = 0 [pid 14944] <... ioctl resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14944] close(4 [pid 14947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14944] <... close resumed>) = 0 [pid 14947] <... openat resumed>) = 3 [pid 14944] open("./file0", O_RDONLY) = 4 [pid 5067] getdents64(3, [pid 14947] chdir("./file0" [pid 14944] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14947] <... chdir resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14947] ioctl(4, LOOP_CLR_FD [pid 5067] umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14947] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14947] close(4 [pid 14946] <... mount resumed>) = 0 [pid 5067] newfstatat(AT_FDCWD, "./91/binderfs", [pid 14944] <... ioctl resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14944] open("./file0", O_RDONLY [pid 14947] <... close resumed>) = 0 [pid 14946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 14944] <... open resumed>) = 5 [pid 5067] unlink("./91/binderfs" [pid 14946] <... openat resumed>) = 3 [pid 5067] <... unlink resumed>) = 0 [pid 14946] chdir("./file0" [pid 5067] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14946] <... chdir resumed>) = 0 [pid 14946] ioctl(4, LOOP_CLR_FD) = 0 [pid 14946] close(4) = 0 [pid 14946] open("./file0", O_RDONLY) = 4 [pid 14946] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14947] open("./file0", O_RDONLY [pid 14944] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14947] <... open resumed>) = 4 [pid 14944] <... ioctl resumed>) = 0 [pid 14947] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14944] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 14944] exit_group(0) = ? [pid 14946] <... ioctl resumed>) = 0 [pid 14944] +++ exited with 0 +++ [pid 14946] open("./file0", O_RDONLY) = 5 [pid 14946] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14944, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- [pid 14946] <... ioctl resumed>) = 0 [pid 14947] <... ioctl resumed>) = 0 [pid 5069] umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14947] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14947] <... open resumed>) = 5 [pid 5069] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 14946] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... openat resumed>) = 3 [pid 14947] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14946] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] newfstatat(3, "", [pid 14947] <... ioctl resumed>) = 0 [pid 14946] exit_group(0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 14946] <... exit_group resumed>) = ? [pid 5069] getdents64(3, [pid 14947] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14946] +++ exited with 0 +++ [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14947] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14946, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- [pid 14947] exit_group(0) = ? [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14947] +++ exited with 0 +++ [pid 5069] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14947, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=26 /* 0.26 s */} --- [pid 5069] unlink("./91/binderfs" [pid 5068] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5069] <... unlink resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5065] <... restart_syscall resumed>) = 0 [pid 5069] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(3, "", [pid 14949] <... mount resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 14949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 14949] <... openat resumed>) = 3 [pid 5068] umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 14949] chdir("./file0" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(3, "", [pid 14949] <... chdir resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./91/binderfs", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14949] ioctl(4, LOOP_CLR_FD [pid 5068] unlink("./91/binderfs" [pid 5065] getdents64(3, [pid 5068] <... unlink resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14949] <... ioctl resumed>) = 0 [pid 14949] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./91/binderfs", [pid 14949] <... close resumed>) = 0 [pid 14949] open("./file0", O_RDONLY [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 14949] <... open resumed>) = 4 [pid 14949] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] unlink("./91/binderfs" [pid 14950] <... mount resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 14950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 14950] chdir("./file0") = 0 [pid 14950] ioctl(4, LOOP_CLR_FD) = 0 [pid 14950] close(4) = 0 [pid 14950] open("./file0", O_RDONLY) = 4 [pid 14950] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 14949] <... ioctl resumed>) = 0 [pid 14949] open("./file0", O_RDONLY) = 5 [pid 5067] <... umount2 resumed>) = 0 [pid 14949] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 14950] <... ioctl resumed>) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 14950] open("./file0", O_RDONLY [pid 14949] <... ioctl resumed>) = 0 [pid 5067] getdents64(4, [pid 14950] <... open resumed>) = 5 [pid 14949] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 14950] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 14949] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14949] exit_group(0 [pid 14950] <... ioctl resumed>) = 0 [pid 14950] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 14949] <... exit_group resumed>) = ? [pid 5067] close(4 [pid 14950] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 14949] +++ exited with 0 +++ [pid 14950] exit_group(0 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./91/file0" [pid 14950] <... exit_group resumed>) = ? [pid 5067] <... rmdir resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14949, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- [pid 14950] +++ exited with 0 +++ [pid 5067] getdents64(3, [pid 5064] restart_syscall(<... resuming interrupted clone ...> [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14950, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 5064] <... restart_syscall resumed>) = 0 [pid 5067] close(3) = 0 [pid 5066] umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] rmdir("./91") = 0 [pid 5066] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] getdents64(3, [pid 5064] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... openat resumed>) = 3 [pid 5067] mkdir("./92", 0777 [pid 5064] newfstatat(3, "", [pid 5067] <... mkdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... openat resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./92/binderfs", [pid 5064] umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... ioctl resumed>) = 0 [pid 5066] unlink("./92/binderfs" [pid 5064] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5067] close(3 [pid 5066] <... unlink resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... close resumed>) = 0 [pid 5066] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15051 attached [pid 5064] unlink("./90/binderfs") = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 15051 [pid 5064] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15051] set_robust_list(0x555557145760, 24) = 0 [pid 15051] chdir("./92") = 0 [pid 15051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15051] setpgid(0, 0) = 0 [pid 15051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15051] write(3, "1000", 4) = 4 [pid 15051] close(3) = 0 [pid 15051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15051] memfd_create("syzkaller", 0) = 3 [pid 15051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5069] newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] getdents64(4, [pid 5069] openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5065] close(4) = 0 [pid 5065] rmdir("./91/file0") = 0 [pid 5069] newfstatat(4, "", [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./91") = 0 [pid 5069] getdents64(4, [pid 5065] mkdir("./92", 0777 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... mkdir resumed>) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] close(4 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5069] <... close resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5065] close(3 [pid 5069] rmdir("./91/file0" [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... rmdir resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 15052 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 ./strace-static-x86_64: Process 15052 attached [pid 5069] rmdir("./91" [pid 15052] set_robust_list(0x555557145760, 24) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 15052] chdir("./92" [pid 5069] mkdir("./92", 0777 [pid 15052] <... chdir resumed>) = 0 [pid 15052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 15052] setpgid(0, 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] <... umount2 resumed>) = 0 [pid 15052] <... setpgid resumed>) = 0 [pid 15052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15052] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15052] write(3, "1000", 4 [pid 5068] newfstatat(AT_FDCWD, "./91/file0", [pid 15052] <... write resumed>) = 4 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15052] close(3 [pid 5068] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15052] <... close resumed>) = 0 [pid 15052] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15052] <... symlink resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 15052] memfd_create("syzkaller", 0 [pid 5069] <... ioctl resumed>) = 0 [pid 15052] <... memfd_create resumed>) = 3 [pid 5068] openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 15052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] close(4) = 0 [pid 5068] rmdir("./91/file0") = 0 ./strace-static-x86_64: Process 15054 attached [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 15054 [pid 5068] getdents64(3, [pid 15054] set_robust_list(0x555557145760, 24 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15054] <... set_robust_list resumed>) = 0 [pid 5068] close(3 [pid 15054] chdir("./92" [pid 5068] <... close resumed>) = 0 [pid 15054] <... chdir resumed>) = 0 [pid 5068] rmdir("./91" [pid 15054] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... rmdir resumed>) = 0 [pid 15054] <... prctl resumed>) = 0 [pid 15054] setpgid(0, 0) = 0 [pid 5068] mkdir("./92", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 15054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... openat resumed>) = 3 [pid 15054] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3 [pid 15054] write(3, "1000", 4 [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15054] <... write resumed>) = 4 [pid 5066] <... umount2 resumed>) = 0 [pid 15054] close(3) = 0 [pid 15054] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 15056 attached ) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 15056 [pid 5066] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15054] memfd_create("syzkaller", 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15054] <... memfd_create resumed>) = 3 [pid 5066] newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15054] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15056] set_robust_list(0x555557145760, 24 [pid 5066] <... openat resumed>) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15056] <... set_robust_list resumed>) = 0 [pid 5066] getdents64(4, [pid 15056] chdir("./92" [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 15056] <... chdir resumed>) = 0 [pid 15056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] rmdir("./92/file0" [pid 15056] <... prctl resumed>) = 0 [pid 15056] setpgid(0, 0) = 0 [pid 15056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 15056] write(3, "1000", 4) = 4 [pid 5066] getdents64(3, [pid 15056] close(3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15056] <... close resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./92" [pid 15056] symlink("/dev/binderfs", "./binderfs" [pid 5066] <... rmdir resumed>) = 0 [pid 15056] <... symlink resumed>) = 0 [pid 5066] mkdir("./93", 0777) = 0 [pid 15056] memfd_create("syzkaller", 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 15056] <... memfd_create resumed>) = 3 [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 15056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... ioctl resumed>) = 0 [pid 15056] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15057 ./strace-static-x86_64: Process 15057 attached [pid 15057] set_robust_list(0x555557145760, 24) = 0 [pid 15057] chdir("./93") = 0 [pid 15057] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... umount2 resumed>) = 0 [pid 15057] <... prctl resumed>) = 0 [pid 5064] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15057] setpgid(0, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15057] <... setpgid resumed>) = 0 [pid 15057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15057] <... openat resumed>) = 3 [pid 5064] umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15057] write(3, "1000", 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15057] <... write resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15057] close(3 [pid 5064] <... openat resumed>) = 4 [pid 15057] <... close resumed>) = 0 [pid 5064] newfstatat(4, "", [pid 15057] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15057] <... symlink resumed>) = 0 [pid 5064] getdents64(4, [pid 15057] memfd_create("syzkaller", 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15057] <... memfd_create resumed>) = 3 [pid 5064] getdents64(4, [pid 15057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15057] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] close(4) = 0 [pid 5064] rmdir("./90/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./90") = 0 [pid 5064] mkdir("./91", 0777 [pid 15051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15058 ./strace-static-x86_64: Process 15058 attached [pid 15058] set_robust_list(0x555557145760, 24) = 0 [pid 15058] chdir("./91") = 0 [pid 15058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15058] setpgid(0, 0) = 0 [pid 15058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15058] write(3, "1000", 4) = 4 [pid 15058] close(3) = 0 [pid 15058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15058] memfd_create("syzkaller", 0) = 3 [pid 15058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15051] <... write resumed>) = 16777216 [pid 15051] munmap(0x7fda9371b000, 138412032) = 0 [pid 15051] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 15051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15051] close(3) = 0 [pid 15051] mkdir("./file0", 0777) = 0 [pid 15051] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15052] <... write resumed>) = 16777216 [ 277.201045][T15051] loop3: detected capacity change from 0 to 32768 [ 277.235582][T15051] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15051) [pid 15052] munmap(0x7fda9371b000, 138412032) = 0 [pid 15052] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 15052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15054] <... write resumed>) = 16777216 [pid 15054] munmap(0x7fda9371b000, 138412032 [pid 15052] close(3 [pid 15056] <... write resumed>) = 16777216 [pid 15052] <... close resumed>) = 0 [pid 15052] mkdir("./file0", 0777) = 0 [ 277.313954][T15052] loop1: detected capacity change from 0 to 32768 [pid 15052] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15056] munmap(0x7fda9371b000, 138412032 [pid 15054] <... munmap resumed>) = 0 [pid 15056] <... munmap resumed>) = 0 [pid 15056] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 15054] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 15056] <... openat resumed>) = 4 [pid 15054] <... openat resumed>) = 4 [ 277.359342][T15052] BTRFS: device /dev/loop1 using temp-fsid 39721878-a410-4cb2-8e1a-6ddfa7ab4a17 [ 277.368581][T15052] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15052) [ 277.398857][T15056] loop4: detected capacity change from 0 to 32768 [pid 15056] ioctl(4, LOOP_SET_FD, 3 [pid 15054] ioctl(4, LOOP_SET_FD, 3 [pid 15058] <... write resumed>) = 16777216 [pid 15056] <... ioctl resumed>) = 0 [pid 15056] close(3) = 0 [pid 15058] munmap(0x7fda9371b000, 138412032 [pid 15056] mkdir("./file0", 0777) = 0 [pid 15056] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15054] <... ioctl resumed>) = 0 [pid 15058] <... munmap resumed>) = 0 [pid 15058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 277.398856][T15054] loop5: detected capacity change from 0 to 32768 [ 277.421144][T15056] BTRFS: device /dev/loop4 using temp-fsid ceb06763-4abd-4570-9bc0-d99c52d339f6 [ 277.433773][T15056] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15056) [ 277.448495][T15058] loop0: detected capacity change from 0 to 32768 [pid 15058] ioctl(4, LOOP_SET_FD, 3 [pid 15054] close(3) = 0 [pid 15054] mkdir("./file0", 0777) = 0 [pid 15054] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15058] <... ioctl resumed>) = 0 [pid 15058] close(3 [pid 15057] <... write resumed>) = 16777216 [pid 15057] munmap(0x7fda9371b000, 138412032 [pid 15058] <... close resumed>) = 0 [pid 15058] mkdir("./file0", 0777) = 0 [pid 15051] <... mount resumed>) = 0 [pid 15058] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15057] <... munmap resumed>) = 0 [pid 15051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15057] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 15051] <... openat resumed>) = 3 [pid 15057] <... openat resumed>) = 4 [pid 15051] chdir("./file0" [pid 15057] ioctl(4, LOOP_SET_FD, 3 [pid 15051] <... chdir resumed>) = 0 [ 277.460947][T15054] BTRFS: device /dev/loop5 using temp-fsid 59b0cfd6-f82d-44a9-80a8-6194b555b711 [ 277.472370][T15056] _btrfs_printk: 87 callbacks suppressed [ 277.472380][T15056] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 277.473089][T15054] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15054) [ 277.478936][T15056] BTRFS info (device loop4): force clearing of disk cache [pid 15057] <... ioctl resumed>) = 0 [pid 15051] ioctl(4, LOOP_CLR_FD [pid 15057] close(3 [pid 15051] <... ioctl resumed>) = 0 [pid 15057] <... close resumed>) = 0 [ 277.492343][T15057] loop2: detected capacity change from 0 to 32768 [ 277.500988][T15056] BTRFS info (device loop4): setting nodatasum [ 277.510117][T15054] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 277.514096][T15058] BTRFS: device /dev/loop0 using temp-fsid 0abfe09f-c5be-44e7-8d0e-75535dd7d70d [ 277.520131][T15054] BTRFS info (device loop5): force clearing of disk cache [ 277.533742][T15056] BTRFS info (device loop4): allowing degraded mounts [ 277.539030][T15054] BTRFS info (device loop5): setting nodatasum [pid 15051] close(4 [pid 15057] mkdir("./file0", 0777 [pid 15051] <... close resumed>) = 0 [pid 15057] <... mkdir resumed>) = 0 [pid 15051] open("./file0", O_RDONLY [pid 15057] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15051] <... open resumed>) = 4 [ 277.546708][T15058] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15058) [ 277.553548][T15054] BTRFS info (device loop5): allowing degraded mounts [ 277.577528][T15056] BTRFS info (device loop4): enabling disk space caching [ 277.577544][T15056] BTRFS info (device loop4): disk space caching is enabled [ 277.586380][T15054] BTRFS info (device loop5): enabling disk space caching [ 277.600293][T15054] BTRFS info (device loop5): disk space caching is enabled [pid 15051] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15051] open("./file0", O_RDONLY) = 5 [pid 15051] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15051] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15051] exit_group(0) = ? [ 277.615473][T15058] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 277.618830][T15057] BTRFS: device /dev/loop2 using temp-fsid fe43d076-c351-4c7f-8980-8e57697d2bea [ 277.628447][T15058] BTRFS info (device loop0): force clearing of disk cache [ 277.637773][T15057] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15057) [ 277.656486][T15058] BTRFS info (device loop0): setting nodatasum [pid 15051] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15051, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [ 277.662969][T15058] BTRFS info (device loop0): allowing degraded mounts [ 277.672368][T15057] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 277.674487][T15052] BTRFS info (device loop1): enabling ssd optimizations [ 277.687919][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 277.692133][T15058] BTRFS info (device loop0): enabling disk space caching [ 277.697922][T15052] BTRFS info (device loop1): auto enabling async discard [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./92/binderfs") = 0 [ 277.705266][T15058] BTRFS info (device loop0): disk space caching is enabled [ 277.719947][T15057] BTRFS info (device loop2): force clearing of disk cache [ 277.733786][T15052] BTRFS info (device loop1): rebuilding free space tree [ 277.745703][T15057] BTRFS info (device loop2): setting nodatasum [ 277.752222][T15057] BTRFS info (device loop2): allowing degraded mounts [ 277.759232][T15057] BTRFS info (device loop2): enabling disk space caching [ 277.769465][T15057] BTRFS info (device loop2): disk space caching is enabled [ 277.787807][T15052] BTRFS info (device loop1): disabling free space tree [ 277.798313][T15056] BTRFS info (device loop4): enabling ssd optimizations [ 277.803210][T15054] BTRFS info (device loop5): enabling ssd optimizations [ 277.813697][T15054] BTRFS info (device loop5): auto enabling async discard [ 277.820292][T15056] BTRFS info (device loop4): auto enabling async discard [ 277.822951][T15052] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 277.831164][T15054] BTRFS info (device loop5): rebuilding free space tree [ 277.837402][T15052] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5067] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 277.872049][T15058] BTRFS info (device loop0): enabling ssd optimizations [ 277.881396][T15052] BTRFS info (device loop1): checking UUID tree [ 277.893822][T15056] BTRFS info (device loop4): rebuilding free space tree [ 277.903708][T15054] BTRFS info (device loop5): disabling free space tree [ 277.911765][T15054] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./92/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [ 277.913246][T15058] BTRFS info (device loop0): auto enabling async discard [ 277.921773][T15054] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 277.950722][T15056] BTRFS info (device loop4): disabling free space tree [ 277.955484][T15054] BTRFS info (device loop5): checking UUID tree [pid 5067] rmdir("./92" [pid 15052] <... mount resumed>) = 0 [pid 15052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15052] chdir("./file0") = 0 [pid 15052] ioctl(4, LOOP_CLR_FD) = 0 [pid 15052] close(4) = 0 [pid 15052] open("./file0", O_RDONLY) = 4 [pid 15052] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5067] mkdir("./93", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 15052] open("./file0", O_RDONLY [pid 5067] <... ioctl resumed>) = 0 [pid 15052] <... open resumed>) = 5 [pid 5067] close(3 [pid 15052] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5067] <... close resumed>) = 0 [pid 15052] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15052] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15052] exit_group(0) = ? [pid 15052] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15052, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 15151 [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5065] umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 277.966262][T15058] BTRFS info (device loop0): rebuilding free space tree [ 277.973605][T15056] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 277.999820][T15058] BTRFS info (device loop0): disabling free space tree [ 278.007416][T15056] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) ./strace-static-x86_64: Process 15151 attached [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./92/binderfs") = 0 [pid 5065] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15151] set_robust_list(0x555557145760, 24) = 0 [pid 15151] chdir("./93") = 0 [pid 15151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15151] setpgid(0, 0) = 0 [pid 15151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15151] write(3, "1000", 4) = 4 [pid 15151] close(3) = 0 [pid 15151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15151] memfd_create("syzkaller", 0 [pid 15054] <... mount resumed>) = 0 [pid 15151] <... memfd_create resumed>) = 3 [pid 15054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15054] <... openat resumed>) = 3 [pid 15054] chdir("./file0") = 0 [pid 15054] ioctl(4, LOOP_CLR_FD) = 0 [ 278.020864][T15058] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 278.031392][T15057] BTRFS info (device loop2): enabling ssd optimizations [ 278.044072][T15057] BTRFS info (device loop2): auto enabling async discard [ 278.046592][T15056] BTRFS info (device loop4): checking UUID tree [ 278.051510][T15058] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15054] close(4) = 0 [pid 15054] open("./file0", O_RDONLY) = 4 [pid 15054] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15056] <... mount resumed>) = 0 [pid 15056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15056] chdir("./file0") = 0 [ 278.071437][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 278.089576][T15057] BTRFS info (device loop2): rebuilding free space tree [pid 15056] ioctl(4, LOOP_CLR_FD) = 0 [pid 15054] <... ioctl resumed>) = 0 [ 278.113709][T15058] BTRFS info (device loop0): checking UUID tree [ 278.129749][T15057] BTRFS info (device loop2): disabling free space tree [pid 15056] close(4 [pid 15054] open("./file0", O_RDONLY [pid 15056] <... close resumed>) = 0 [pid 15054] <... open resumed>) = 5 [pid 15056] open("./file0", O_RDONLY [pid 15054] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15056] <... open resumed>) = 4 [pid 15054] <... ioctl resumed>) = 0 [pid 15056] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15054] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15054] exit_group(0) = ? [pid 15054] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15054, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 5069] umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./92/binderfs" [pid 15056] <... ioctl resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 15056] open("./file0", O_RDONLY [pid 5069] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15056] <... open resumed>) = 5 [pid 15056] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15056] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15056] exit_group(0) = ? [pid 15056] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15056, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [ 278.155866][T15057] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 278.180217][ T48] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 15058] <... mount resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5068] newfstatat(AT_FDCWD, "./92/binderfs", [pid 15058] <... openat resumed>) = 3 [pid 15058] chdir("./file0" [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15058] <... chdir resumed>) = 0 [pid 5068] unlink("./92/binderfs") = 0 [pid 5068] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15058] ioctl(4, LOOP_CLR_FD) = 0 [pid 15058] close(4 [pid 5065] <... umount2 resumed>) = 0 [pid 15058] <... close resumed>) = 0 [pid 15058] open("./file0", O_RDONLY) = 4 [pid 15058] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 278.213649][T15057] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5065] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./92/file0", [pid 15058] <... ioctl resumed>) = 0 [pid 15058] open("./file0", O_RDONLY) = 5 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15058] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15058] <... ioctl resumed>) = 0 [pid 15058] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15058] exit_group(0) = ? [pid 5065] <... openat resumed>) = 4 [pid 15058] +++ exited with 0 +++ [pid 5065] newfstatat(4, "", [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15058, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [ 278.283042][T15057] BTRFS info (device loop2): checking UUID tree [ 278.307750][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5064] newfstatat(AT_FDCWD, "./91/binderfs", [pid 15151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./91/binderfs") = 0 [pid 5064] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] rmdir("./92/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15057] <... mount resumed>) = 0 [pid 5065] close(3) = 0 [pid 15057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [ 278.352966][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5065] rmdir("./92" [pid 15057] <... openat resumed>) = 3 [pid 5065] <... rmdir resumed>) = 0 [pid 15057] chdir("./file0") = 0 [pid 5065] mkdir("./93", 0777 [pid 15057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 15057] close(4 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 15057] <... close resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 15057] open("./file0", O_RDONLY [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 5069] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./92/file0", [pid 15057] <... open resumed>) = 4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15057] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 5069] openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] <... close resumed>) = 0 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./92/file0" [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 15161 attached [pid 15057] <... ioctl resumed>) = 0 [pid 15161] set_robust_list(0x555557145760, 24 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] getdents64(3, [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 15161 [pid 15057] open("./file0", O_RDONLY) = 5 [pid 15057] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15161] <... set_robust_list resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] newfstatat(AT_FDCWD, "./92/file0", [pid 5064] <... umount2 resumed>) = 0 [pid 5069] close(3 [pid 15161] chdir("./93" [pid 5069] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] rmdir("./92" [pid 15161] <... chdir resumed>) = 0 [pid 5068] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15057] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15161] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15057] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... rmdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./91/file0", [pid 15161] <... prctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15161] setpgid(0, 0 [pid 15057] exit_group(0 [pid 5068] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15161] <... setpgid resumed>) = 0 [pid 5068] newfstatat(4, "", [pid 15057] <... exit_group resumed>) = ? [pid 5064] umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15057] +++ exited with 0 +++ [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15057, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- [pid 5064] <... openat resumed>) = 4 [pid 15161] <... openat resumed>) = 3 [pid 5069] mkdir("./93", 0777 [pid 5068] getdents64(4, [pid 5066] umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] getdents64(4, [pid 15161] write(3, "1000", 4 [pid 5066] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15161] <... write resumed>) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] getdents64(4, [pid 15161] close(3 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15161] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] close(4 [pid 15161] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... openat resumed>) = 3 [pid 5068] <... close resumed>) = 0 [pid 5066] newfstatat(3, "", [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] rmdir("./92/file0" [pid 15161] <... symlink resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] <... rmdir resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(4 [pid 5068] getdents64(3, [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./91/file0") = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5066] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5064] rmdir("./91") = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./93/binderfs") = 0 [pid 5064] mkdir("./92", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15162 [pid 5069] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15161] memfd_create("syzkaller", 0 [pid 5068] close(3./strace-static-x86_64: Process 15162 attached [pid 5069] close(3 [pid 5068] <... close resumed>) = 0 [pid 15162] set_robust_list(0x555557145760, 24) = 0 [pid 15162] chdir("./92") = 0 [pid 15162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15162] setpgid(0, 0) = 0 [pid 15162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15162] write(3, "1000", 4) = 4 [pid 15162] close(3) = 0 [pid 15162] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... close resumed>) = 0 [pid 5068] rmdir("./92" [pid 15162] <... symlink resumed>) = 0 [pid 15161] <... memfd_create resumed>) = 3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15162] memfd_create("syzkaller", 0 [pid 5068] <... rmdir resumed>) = 0 [ 278.523754][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) ./strace-static-x86_64: Process 15163 attached [pid 15161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] mkdir("./93", 0777 [pid 15163] set_robust_list(0x555557145760, 24 [pid 15162] <... memfd_create resumed>) = 3 [pid 15161] <... mmap resumed>) = 0x7fda9371b000 [pid 15163] <... set_robust_list resumed>) = 0 [pid 15162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 15163 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 15162] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 15163] chdir("./93" [pid 5068] <... ioctl resumed>) = 0 [pid 15163] <... chdir resumed>) = 0 [pid 5068] close(3 [pid 15163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] <... close resumed>) = 0 [pid 15163] setpgid(0, 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15163] <... setpgid resumed>) = 0 [pid 15163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15163] write(3, "1000", 4./strace-static-x86_64: Process 15164 attached ) = 4 [pid 15163] close(3 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 15164 [pid 15163] <... close resumed>) = 0 [pid 15163] symlink("/dev/binderfs", "./binderfs" [pid 15164] set_robust_list(0x555557145760, 24 [pid 15163] <... symlink resumed>) = 0 [pid 15163] memfd_create("syzkaller", 0 [pid 15164] <... set_robust_list resumed>) = 0 [pid 15164] chdir("./93" [pid 15163] <... memfd_create resumed>) = 3 [pid 15164] <... chdir resumed>) = 0 [pid 15163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15164] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15163] <... mmap resumed>) = 0x7fda9371b000 [pid 15164] <... prctl resumed>) = 0 [pid 15164] setpgid(0, 0) = 0 [pid 15164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15164] write(3, "1000", 4) = 4 [pid 15164] close(3) = 0 [pid 15164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15164] memfd_create("syzkaller", 0) = 3 [pid 15164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15151] <... write resumed>) = 16777216 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 15151] munmap(0x7fda9371b000, 138412032 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15151] <... munmap resumed>) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./93/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./93") = 0 [pid 5066] mkdir("./94", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 15151] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] <... openat resumed>) = 3 [pid 15151] <... openat resumed>) = 4 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 15151] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15166 attached , child_tidptr=0x555557145750) = 15166 [pid 15166] set_robust_list(0x555557145760, 24) = 0 [pid 15166] chdir("./94") = 0 [pid 15166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15166] setpgid(0, 0) = 0 [pid 15151] <... ioctl resumed>) = 0 [ 279.216407][T15151] loop3: detected capacity change from 0 to 32768 [pid 15166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15151] close(3 [pid 15166] <... openat resumed>) = 3 [pid 15151] <... close resumed>) = 0 [pid 15166] write(3, "1000", 4 [pid 15151] mkdir("./file0", 0777 [pid 15166] <... write resumed>) = 4 [pid 15151] <... mkdir resumed>) = 0 [pid 15166] close(3 [pid 15151] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15166] <... close resumed>) = 0 [pid 15164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15166] memfd_create("syzkaller", 0) = 3 [ 279.258392][T15151] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15151) [pid 15166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 279.343477][T15151] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 279.402444][T15151] BTRFS info (device loop3): force clearing of disk cache [ 279.442303][T15151] BTRFS info (device loop3): setting nodatasum [ 279.448475][T15151] BTRFS info (device loop3): allowing degraded mounts [ 279.528962][T15151] BTRFS info (device loop3): enabling disk space caching [ 279.536007][T15151] BTRFS info (device loop3): disk space caching is enabled [pid 15164] <... write resumed>) = 16777216 [pid 15164] munmap(0x7fda9371b000, 138412032) = 0 [pid 15164] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 15164] ioctl(4, LOOP_SET_FD, 3 [pid 15161] <... write resumed>) = 16777216 [pid 15164] <... ioctl resumed>) = 0 [ 279.729902][T15151] BTRFS info (device loop3): enabling ssd optimizations [ 279.730672][T15164] loop4: detected capacity change from 0 to 32768 [pid 15166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15164] close(3 [pid 15163] <... write resumed>) = 16777216 [pid 15162] <... write resumed>) = 16777216 [pid 15164] <... close resumed>) = 0 [pid 15163] munmap(0x7fda9371b000, 138412032 [pid 15162] munmap(0x7fda9371b000, 138412032 [pid 15161] munmap(0x7fda9371b000, 138412032 [pid 15164] mkdir("./file0", 0777 [pid 15163] <... munmap resumed>) = 0 [pid 15164] <... mkdir resumed>) = 0 [pid 15164] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15161] <... munmap resumed>) = 0 [pid 15163] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 15162] <... munmap resumed>) = 0 [ 279.783277][T15151] BTRFS info (device loop3): auto enabling async discard [ 279.804806][T15164] BTRFS: device /dev/loop4 using temp-fsid a4fba4d2-4e2b-489d-a883-0ab257b17ccd [ 279.805751][T15151] BTRFS info (device loop3): rebuilding free space tree [pid 15163] <... openat resumed>) = 4 [pid 15162] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 15161] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 15161] ioctl(4, LOOP_SET_FD, 3 [pid 15163] ioctl(4, LOOP_SET_FD, 3 [pid 15162] <... openat resumed>) = 4 [pid 15162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15163] <... ioctl resumed>) = 0 [pid 15163] close(3) = 0 [pid 15163] mkdir("./file0", 0777) = 0 [pid 15162] close(3 [pid 15163] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15162] <... close resumed>) = 0 [pid 15162] mkdir("./file0", 0777 [pid 15161] <... ioctl resumed>) = 0 [pid 15162] <... mkdir resumed>) = 0 [pid 15161] close(3 [pid 15162] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15161] <... close resumed>) = 0 [ 279.821909][T15164] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15164) [ 279.830037][T15161] loop1: detected capacity change from 0 to 32768 [ 279.842217][T15163] loop5: detected capacity change from 0 to 32768 [ 279.849161][T15162] loop0: detected capacity change from 0 to 32768 [pid 15161] mkdir("./file0", 0777) = 0 [ 279.877455][T15163] BTRFS: device /dev/loop5 using temp-fsid 70b056a9-415e-469a-8972-a67d2562f61a [ 279.889726][T15164] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 279.904726][T15163] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15163) [ 279.911467][T15151] BTRFS info (device loop3): disabling free space tree [ 279.924590][T15164] BTRFS info (device loop4): force clearing of disk cache [ 279.927742][T15151] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 279.942421][T15164] BTRFS info (device loop4): setting nodatasum [ 279.944700][T15151] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 279.955030][T15163] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 279.968986][T15162] BTRFS: device /dev/loop0 using temp-fsid bb8d66f0-eda9-4c04-b71a-0414d94151aa [ 279.974948][T15151] BTRFS info (device loop3): checking UUID tree [ 279.984468][T15164] BTRFS info (device loop4): allowing degraded mounts [ 279.996796][T15163] BTRFS info (device loop5): force clearing of disk cache [ 280.004704][T15162] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15162) [ 280.008738][T15164] BTRFS info (device loop4): enabling disk space caching [ 280.026013][T15163] BTRFS info (device loop5): setting nodatasum [ 280.029945][T15162] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 280.041663][T15163] BTRFS info (device loop5): allowing degraded mounts [ 280.044956][T15161] BTRFS: device /dev/loop1 using temp-fsid 79ec81bd-668f-4d15-8e9e-524fd91041c7 [ 280.057777][T15164] BTRFS info (device loop4): disk space caching is enabled [ 280.059010][T15162] BTRFS info (device loop0): force clearing of disk cache [pid 15161] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15151] <... mount resumed>) = 0 [pid 15151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15151] chdir("./file0") = 0 [pid 15151] ioctl(4, LOOP_CLR_FD) = 0 [pid 15151] close(4) = 0 [pid 15151] open("./file0", O_RDONLY) = 4 [pid 15151] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15151] open("./file0", O_RDONLY) = 5 [pid 15151] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15151] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15151] exit_group(0) = ? [pid 15151] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15151, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5067] umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 280.065389][T15163] BTRFS info (device loop5): enabling disk space caching [ 280.073797][T15161] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15161) [ 280.092068][T15163] BTRFS info (device loop5): disk space caching is enabled [pid 5067] umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15166] <... write resumed>) = 16777216 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15166] munmap(0x7fda9371b000, 138412032 [pid 5067] newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./93/binderfs") = 0 [pid 5067] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15166] <... munmap resumed>) = 0 [ 280.133566][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 280.143947][T15162] BTRFS info (device loop0): setting nodatasum [ 280.151407][T15162] BTRFS info (device loop0): allowing degraded mounts [ 280.158484][T15162] BTRFS info (device loop0): enabling disk space caching [ 280.166174][T15162] BTRFS info (device loop0): disk space caching is enabled [pid 15166] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 15166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15166] close(3) = 0 [pid 15166] mkdir("./file0", 0777) = 0 [ 280.190874][T15161] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 280.191346][T15166] loop2: detected capacity change from 0 to 32768 [ 280.210286][T15161] BTRFS info (device loop1): force clearing of disk cache [ 280.234097][T15161] BTRFS info (device loop1): setting nodatasum [pid 15166] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 280.256181][T15166] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15166) [pid 5067] openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./93/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./93") = 0 [pid 15162] <... mount resumed>) = 0 [pid 5067] mkdir("./94", 0777 [pid 15163] <... mount resumed>) = 0 [pid 15162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15162] <... openat resumed>) = 3 [pid 15162] chdir("./file0" [pid 15163] <... openat resumed>) = 3 [pid 15162] <... chdir resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 15162] ioctl(4, LOOP_CLR_FD [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 15163] chdir("./file0" [pid 15162] <... ioctl resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 15162] close(4 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 15163] <... chdir resumed>) = 0 [pid 15162] <... close resumed>) = 0 [pid 15162] open("./file0", O_RDONLY) = 4 [pid 15162] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15163] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 15163] close(4 [pid 5067] close(3 [pid 15163] <... close resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 15163] open("./file0", O_RDONLY [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15257 attached [pid 15163] <... open resumed>) = 4 [pid 15257] set_robust_list(0x555557145760, 24 [pid 15163] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15162] <... ioctl resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 15257 [pid 15257] <... set_robust_list resumed>) = 0 [pid 15257] chdir("./94") = 0 [pid 15257] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15164] <... mount resumed>) = 0 [pid 15162] open("./file0", O_RDONLY [pid 15257] <... prctl resumed>) = 0 [pid 15164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15162] <... open resumed>) = 5 [pid 15257] setpgid(0, 0 [pid 15164] <... openat resumed>) = 3 [pid 15163] <... ioctl resumed>) = 0 [pid 15162] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15257] <... setpgid resumed>) = 0 [pid 15164] chdir("./file0" [pid 15163] open("./file0", O_RDONLY [pid 15162] <... ioctl resumed>) = 0 [pid 15164] <... chdir resumed>) = 0 [pid 15164] ioctl(4, LOOP_CLR_FD [pid 15162] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15163] <... open resumed>) = 5 [pid 15257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15164] <... ioctl resumed>) = 0 [pid 15162] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15164] close(4 [pid 15162] exit_group(0 [pid 15164] <... close resumed>) = 0 [pid 15162] <... exit_group resumed>) = ? [pid 15164] open("./file0", O_RDONLY [pid 15163] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15162] +++ exited with 0 +++ [pid 15164] <... open resumed>) = 4 [pid 15164] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15163] <... ioctl resumed>) = 0 [pid 15257] <... openat resumed>) = 3 [pid 15163] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15257] write(3, "1000", 4 [pid 15163] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15257] <... write resumed>) = 4 [pid 15163] exit_group(0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15162, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- [pid 15257] close(3 [pid 15163] <... exit_group resumed>) = ? [pid 15257] <... close resumed>) = 0 [pid 5064] umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15257] memfd_create("syzkaller", 0 [pid 15163] +++ exited with 0 +++ [pid 15257] <... memfd_create resumed>) = 3 [pid 15164] <... ioctl resumed>) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15163, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=29 /* 0.29 s */} --- [pid 5064] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15164] open("./file0", O_RDONLY [pid 5064] <... openat resumed>) = 3 [pid 15257] <... mmap resumed>) = 0x7fda9371b000 [pid 15164] <... open resumed>) = 5 [pid 15161] <... mount resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 15161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15161] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15161] chdir("./file0" [pid 5069] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15161] <... chdir resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5064] getdents64(3, [pid 15161] ioctl(4, LOOP_CLR_FD [pid 5069] newfstatat(3, "", [pid 15164] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15161] <... ioctl resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15161] close(4 [pid 5069] getdents64(3, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15161] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] newfstatat(AT_FDCWD, "./92/binderfs", [pid 15161] open("./file0", O_RDONLY [pid 5069] umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15161] <... open resumed>) = 4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] unlink("./92/binderfs" [pid 15164] <... ioctl resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5064] <... unlink resumed>) = 0 [pid 15161] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15164] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] unlink("./93/binderfs" [pid 15164] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15164] exit_group(0) = ? [pid 15164] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15164, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- [pid 5068] umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 15161] <... ioctl resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15161] open("./file0", O_RDONLY [pid 5068] getdents64(3, [pid 15161] <... open resumed>) = 5 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15161] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./93/binderfs", [pid 15161] <... ioctl resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./93/binderfs" [pid 15161] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... unlink resumed>) = 0 [pid 15161] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15161] exit_group(0) = ? [pid 15161] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15161, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5065] umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./93/binderfs") = 0 [pid 5065] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15166] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 15166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15166] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15166] chdir("./file0" [pid 5064] newfstatat(AT_FDCWD, "./92/file0", [pid 15166] <... chdir resumed>) = 0 [pid 15166] ioctl(4, LOOP_CLR_FD [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15166] <... ioctl resumed>) = 0 [pid 5064] umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15166] close(4) = 0 [pid 15166] open("./file0", O_RDONLY) = 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15166] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./92/file0" [pid 15166] <... ioctl resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 15166] open("./file0", O_RDONLY) = 5 [pid 5064] getdents64(3, [pid 15166] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15166] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] close(3 [pid 15166] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15166] exit_group(0 [pid 5064] <... close resumed>) = 0 [pid 15166] <... exit_group resumed>) = ? [pid 5064] rmdir("./92" [pid 15166] +++ exited with 0 +++ [pid 5064] <... rmdir resumed>) = 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15166, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [pid 5064] mkdir("./93", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5066] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... ioctl resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5064] close(3 [pid 5066] newfstatat(3, "", [pid 5064] <... close resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 15269 ./strace-static-x86_64: Process 15269 attached [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15269] set_robust_list(0x555557145760, 24 [pid 5066] newfstatat(AT_FDCWD, "./94/binderfs", [pid 15269] <... set_robust_list resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./94/binderfs") = 0 [pid 5066] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15269] chdir("./93") = 0 [pid 15269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15269] setpgid(0, 0) = 0 [pid 15269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15269] write(3, "1000", 4) = 4 [pid 15269] close(3) = 0 [pid 15269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15269] memfd_create("syzkaller", 0) = 3 [pid 15269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] <... umount2 resumed>) = 0 [pid 15269] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./93/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./93") = 0 [pid 5068] mkdir("./94", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15271 ./strace-static-x86_64: Process 15271 attached [pid 15271] set_robust_list(0x555557145760, 24) = 0 [pid 5069] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15271] chdir("./94") = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15271] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] newfstatat(AT_FDCWD, "./93/file0", [pid 15271] <... prctl resumed>) = 0 [pid 15271] setpgid(0, 0) = 0 [pid 15271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] <... umount2 resumed>) = 0 [pid 15271] <... openat resumed>) = 3 [pid 15271] write(3, "1000", 4) = 4 [pid 15271] close(3) = 0 [pid 15271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15271] memfd_create("syzkaller", 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15271] <... memfd_create resumed>) = 3 [pid 15271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... openat resumed>) = 4 [pid 5065] newfstatat(AT_FDCWD, "./93/file0", [pid 5069] newfstatat(4, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5069] getdents64(4, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] close(4) = 0 [pid 5065] getdents64(4, [pid 5069] rmdir("./93/file0" [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5069] <... rmdir resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5069] getdents64(3, [pid 5065] rmdir("./93/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./93") = 0 [pid 5065] mkdir("./94", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 15272 ./strace-static-x86_64: Process 15272 attached [pid 15272] set_robust_list(0x555557145760, 24) = 0 [pid 15272] chdir("./94") = 0 [pid 15272] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] close(3 [pid 15272] <... prctl resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 15272] setpgid(0, 0) = 0 [pid 15272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15272] write(3, "1000", 4) = 4 [pid 15272] close(3) = 0 [pid 5069] rmdir("./93" [pid 5066] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15272] memfd_create("syzkaller", 0) = 3 [pid 15272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... rmdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] mkdir("./94", 0777 [pid 5066] newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... mkdir resumed>) = 0 [pid 5066] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5066] close(4) = 0 [pid 5066] rmdir("./94/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./94") = 0 [pid 5066] mkdir("./95", 0777) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] close(3 [pid 5066] <... openat resumed>) = 3 [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15273 ./strace-static-x86_64: Process 15273 attached [pid 15273] set_robust_list(0x555557145760, 24) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15274 attached [pid 15274] set_robust_list(0x555557145760, 24) = 0 [pid 15274] chdir("./95" [pid 15273] chdir("./94" [pid 15274] <... chdir resumed>) = 0 [pid 15274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 15274 [pid 15273] <... chdir resumed>) = 0 [pid 15274] setpgid(0, 0 [pid 15273] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15274] <... setpgid resumed>) = 0 [pid 15273] <... prctl resumed>) = 0 [pid 15274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15274] write(3, "1000", 4) = 4 [pid 15273] setpgid(0, 0 [pid 15274] close(3) = 0 [pid 15274] symlink("/dev/binderfs", "./binderfs" [pid 15273] <... setpgid resumed>) = 0 [pid 15274] <... symlink resumed>) = 0 [pid 15273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15274] memfd_create("syzkaller", 0) = 3 [pid 15274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15273] <... openat resumed>) = 3 [pid 15273] write(3, "1000", 4) = 4 [pid 15273] close(3) = 0 [pid 15273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15273] memfd_create("syzkaller", 0) = 3 [pid 15273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15257] <... write resumed>) = 16777216 [pid 15257] munmap(0x7fda9371b000, 138412032) = 0 [pid 15257] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 15257] ioctl(4, LOOP_SET_FD, 3 [pid 15273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15257] <... ioctl resumed>) = 0 [pid 15257] close(3) = 0 [pid 15257] mkdir("./file0", 0777) = 0 [ 281.863431][T15257] loop3: detected capacity change from 0 to 32768 [ 281.926259][T15257] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15257) [pid 15257] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15269] <... write resumed>) = 16777216 [pid 15269] munmap(0x7fda9371b000, 138412032) = 0 [pid 15272] <... write resumed>) = 16777216 [pid 15269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15269] ioctl(4, LOOP_SET_FD, 3 [pid 15272] munmap(0x7fda9371b000, 138412032) = 0 [pid 15272] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 15272] ioctl(4, LOOP_SET_FD, 3 [pid 15269] <... ioctl resumed>) = 0 [pid 15269] close(3) = 0 [pid 15269] mkdir("./file0", 0777) = 0 [ 282.156519][T15269] loop0: detected capacity change from 0 to 32768 [ 282.191653][T15272] loop1: detected capacity change from 0 to 32768 [pid 15269] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15272] <... ioctl resumed>) = 0 [pid 15271] <... write resumed>) = 16777216 [pid 15272] close(3 [pid 15271] munmap(0x7fda9371b000, 138412032 [pid 15272] <... close resumed>) = 0 [pid 15271] <... munmap resumed>) = 0 [pid 15272] mkdir("./file0", 0777) = 0 [pid 15272] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15271] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 282.202736][T15269] BTRFS: device /dev/loop0 using temp-fsid 0032ad83-e86c-4551-a8ef-094ae3d81d60 [pid 15271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15271] close(3) = 0 [pid 15271] mkdir("./file0", 0777) = 0 [ 282.239477][T15271] loop4: detected capacity change from 0 to 32768 [ 282.243400][T15269] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15269) [pid 15271] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15274] <... write resumed>) = 16777216 [ 282.293573][T15272] BTRFS: device /dev/loop1 using temp-fsid 976c7545-dbdf-483e-adf8-b83ba7d62600 [ 282.319905][T15272] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15272) [pid 15274] munmap(0x7fda9371b000, 138412032) = 0 [pid 15274] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 15274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15273] <... write resumed>) = 16777216 [pid 15274] close(3 [pid 15273] munmap(0x7fda9371b000, 138412032 [pid 15274] <... close resumed>) = 0 [pid 15274] mkdir("./file0", 0777) = 0 [ 282.367237][T15271] BTRFS: device /dev/loop4 using temp-fsid 4c4a7f5f-cbb6-425b-a2b6-3919b8ed864e [ 282.384427][T15274] loop2: detected capacity change from 0 to 32768 [ 282.392787][T15271] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15271) [pid 15274] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15273] <... munmap resumed>) = 0 [pid 15273] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 15273] ioctl(4, LOOP_SET_FD, 3 [pid 15257] <... mount resumed>) = 0 [pid 15273] <... ioctl resumed>) = 0 [pid 15257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15273] close(3 [pid 15257] <... openat resumed>) = 3 [pid 15257] chdir("./file0") = 0 [pid 15257] ioctl(4, LOOP_CLR_FD [pid 15273] <... close resumed>) = 0 [pid 15257] <... ioctl resumed>) = 0 [pid 15257] close(4) = 0 [pid 15257] open("./file0", O_RDONLY [pid 15273] mkdir("./file0", 0777 [pid 15257] <... open resumed>) = 4 [pid 15273] <... mkdir resumed>) = 0 [ 282.413128][T15274] BTRFS: device /dev/loop2 using temp-fsid 233037d6-70fd-400a-9f56-6b9c30ed5353 [ 282.426065][T15274] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15274) [ 282.427307][T15273] loop5: detected capacity change from 0 to 32768 [pid 15273] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15257] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15257] open("./file0", O_RDONLY) = 5 [pid 15257] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15257] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15257] exit_group(0) = ? [pid 15257] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15257, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 5067] umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 282.470649][T15273] BTRFS: device /dev/loop5 using temp-fsid 2a42abdb-044b-4f06-9937-d92e5edbee27 [ 282.483493][T15273] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15273) [ 282.492132][T15269] _btrfs_printk: 91 callbacks suppressed [ 282.492143][T15269] BTRFS info (device loop0): disabling free space tree [ 282.510083][T15272] BTRFS info (device loop1): rebuilding free space tree [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 282.532405][ T2855] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 282.532603][T15273] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 282.544762][T15269] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 282.551561][T15273] BTRFS info (device loop5): force clearing of disk cache [ 282.568163][T15273] BTRFS info (device loop5): setting nodatasum [ 282.572981][T15272] BTRFS info (device loop1): disabling free space tree [pid 5067] umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./94/binderfs") = 0 [ 282.575007][T15273] BTRFS info (device loop5): allowing degraded mounts [ 282.588962][T15269] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 282.610613][T15269] BTRFS info (device loop0): checking UUID tree [ 282.611468][T15272] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15269] <... mount resumed>) = 0 [pid 15269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15269] chdir("./file0") = 0 [pid 15269] ioctl(4, LOOP_CLR_FD) = 0 [pid 15269] close(4) = 0 [pid 15269] open("./file0", O_RDONLY) = 4 [ 282.626743][T15273] BTRFS info (device loop5): enabling disk space caching [ 282.643354][T15271] BTRFS info (device loop4): enabling ssd optimizations [ 282.648053][T15272] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 282.673248][T15271] BTRFS info (device loop4): auto enabling async discard [pid 15269] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15269] open("./file0", O_RDONLY) = 5 [pid 15269] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15269] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15269] exit_group(0) = ? [pid 15269] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15269, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 5064] umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 282.687688][ T2855] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 282.697281][T15273] BTRFS info (device loop5): disk space caching is enabled [ 282.708299][T15274] BTRFS info (device loop2): enabling ssd optimizations [pid 5064] newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./93/binderfs") = 0 [pid 5064] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [ 282.749057][T15271] BTRFS info (device loop4): rebuilding free space tree [ 282.759649][T15274] BTRFS info (device loop2): auto enabling async discard [ 282.760415][T15272] BTRFS info (device loop1): checking UUID tree [ 282.782213][T15274] BTRFS info (device loop2): rebuilding free space tree [pid 5067] close(4) = 0 [pid 5067] rmdir("./94/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [ 282.819840][T15274] BTRFS info (device loop2): disabling free space tree [ 282.826752][T15274] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 282.840575][T15271] BTRFS info (device loop4): disabling free space tree [ 282.847481][T15271] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] close(3) = 0 [pid 5067] rmdir("./94") = 0 [pid 5067] mkdir("./95", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15368 ./strace-static-x86_64: Process 15368 attached [pid 15272] <... mount resumed>) = 0 [pid 15368] set_robust_list(0x555557145760, 24 [pid 15272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15368] <... set_robust_list resumed>) = 0 [pid 15368] chdir("./95" [pid 15272] chdir("./file0" [pid 15368] <... chdir resumed>) = 0 [pid 15368] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15272] <... chdir resumed>) = 0 [pid 15272] ioctl(4, LOOP_CLR_FD) = 0 [pid 15272] close(4) = 0 [pid 15272] open("./file0", O_RDONLY) = 4 [pid 15368] <... prctl resumed>) = 0 [pid 15272] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15368] setpgid(0, 0) = 0 [pid 15368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15368] write(3, "1000", 4 [pid 15272] <... ioctl resumed>) = 0 [ 282.880325][T15274] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 282.888754][T15271] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 282.910993][T15273] BTRFS info (device loop5): enabling ssd optimizations [ 282.918161][T15273] BTRFS info (device loop5): auto enabling async discard [pid 15272] open("./file0", O_RDONLY [pid 15368] <... write resumed>) = 4 [pid 15368] close(3) = 0 [pid 15368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15272] <... open resumed>) = 5 [pid 15272] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15272] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15272] exit_group(0) = ? [pid 15368] memfd_create("syzkaller", 0 [pid 15272] +++ exited with 0 +++ [pid 15368] <... memfd_create resumed>) = 3 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15272, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 15368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15368] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./93/file0", [pid 5065] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 282.950540][T15273] BTRFS info (device loop5): rebuilding free space tree [ 282.966437][T15274] BTRFS info (device loop2): checking UUID tree [ 282.974252][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5064] openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] unlink("./94/binderfs") = 0 [pid 5065] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 15274] <... mount resumed>) = 0 [pid 5064] rmdir("./93/file0" [pid 15274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] getdents64(3, [pid 15274] chdir("./file0") = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15274] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(3 [pid 15274] close(4) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] rmdir("./93") = 0 [pid 15274] open("./file0", O_RDONLY [pid 5064] mkdir("./94", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15274] <... open resumed>) = 4 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 15373 ./strace-static-x86_64: Process 15373 attached [pid 15373] set_robust_list(0x555557145760, 24 [pid 15274] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15373] <... set_robust_list resumed>) = 0 [pid 15373] chdir("./94") = 0 [pid 15373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15373] setpgid(0, 0) = 0 [pid 15373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 283.017556][T15271] BTRFS info (device loop4): checking UUID tree [ 283.022830][T15273] BTRFS info (device loop5): disabling free space tree [pid 15373] write(3, "1000", 4) = 4 [pid 15373] close(3) = 0 [pid 15373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15274] <... ioctl resumed>) = 0 [pid 15373] memfd_create("syzkaller", 0) = 3 [pid 15373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15274] open("./file0", O_RDONLY) = 5 [ 283.078413][T15273] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 15274] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15271] <... mount resumed>) = 0 [pid 15274] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15274] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15271] <... openat resumed>) = 3 [pid 15274] exit_group(0 [pid 15271] chdir("./file0") = 0 [pid 15271] ioctl(4, LOOP_CLR_FD [pid 15274] <... exit_group resumed>) = ? [pid 15271] <... ioctl resumed>) = 0 [pid 15274] +++ exited with 0 +++ [pid 15271] close(4 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15274, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 15271] <... close resumed>) = 0 [pid 5066] umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15271] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15271] <... open resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 15271] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15271] <... ioctl resumed>) = 0 [pid 5066] umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 283.119330][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 283.139943][T15273] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15271] open("./file0", O_RDONLY [pid 5066] newfstatat(AT_FDCWD, "./95/binderfs", [pid 15271] <... open resumed>) = 5 [pid 15271] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./95/binderfs" [pid 15271] <... ioctl resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 15271] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = 0 [pid 15271] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15271] exit_group(0 [pid 5065] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15271] <... exit_group resumed>) = ? [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15271] +++ exited with 0 +++ [pid 5065] newfstatat(AT_FDCWD, "./94/file0", [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15271, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5068] unlink("./94/binderfs" [pid 5065] newfstatat(4, "", [pid 5068] <... unlink resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./94/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [ 283.223903][ T48] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 283.238060][T15273] BTRFS info (device loop5): checking UUID tree [pid 5065] close(3) = 0 [pid 5065] rmdir("./94") = 0 [pid 5065] mkdir("./95", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15377 attached , child_tidptr=0x555557145750) = 15377 [pid 15377] set_robust_list(0x555557145760, 24) = 0 [pid 15377] chdir("./95") = 0 [pid 15377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15273] <... mount resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 15377] setpgid(0, 0 [pid 15273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15377] <... setpgid resumed>) = 0 [pid 15273] <... openat resumed>) = 3 [pid 15377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15273] chdir("./file0") = 0 [pid 15273] ioctl(4, LOOP_CLR_FD [pid 15377] <... openat resumed>) = 3 [pid 15377] write(3, "1000", 4 [pid 15273] <... ioctl resumed>) = 0 [pid 5066] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15273] close(4) = 0 [pid 15273] open("./file0", O_RDONLY) = 4 [pid 15273] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15377] <... write resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15377] close(3) = 0 [pid 5066] newfstatat(AT_FDCWD, "./95/file0", [pid 15377] symlink("/dev/binderfs", "./binderfs" [pid 15273] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15273] open("./file0", O_RDONLY [pid 15377] <... symlink resumed>) = 0 [pid 15273] <... open resumed>) = 5 [pid 5066] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15377] memfd_create("syzkaller", 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15377] <... memfd_create resumed>) = 3 [pid 5066] openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15273] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... openat resumed>) = 4 [pid 15273] <... ioctl resumed>) = 0 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, [pid 15273] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15273] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15273] exit_group(0) = ? [pid 15273] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15273, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=35 /* 0.35 s */} --- [pid 5069] umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./94/binderfs" [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5066] close(4) = 0 [pid 15368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] rmdir("./95/file0" [pid 5068] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] <... rmdir resumed>) = 0 [ 283.440662][ T12] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5068] newfstatat(AT_FDCWD, "./94/file0", [pid 5066] getdents64(3, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5068] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rmdir("./95" [pid 5068] openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] <... rmdir resumed>) = 0 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] mkdir("./96", 0777 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./94/file0" [pid 5066] <... mkdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5068] getdents64(3, [pid 5066] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./94") = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5068] mkdir("./95", 0777) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5066] close(3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15380 ./strace-static-x86_64: Process 15380 attached [pid 5068] <... ioctl resumed>) = 0 [pid 15380] set_robust_list(0x555557145760, 24) = 0 [pid 15380] chdir("./96") = 0 [pid 5068] close(3 [pid 15380] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... close resumed>) = 0 [pid 15380] <... prctl resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15380] setpgid(0, 0) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 15381 [pid 15380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15380] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 15381 attached [pid 15380] close(3 [pid 15381] set_robust_list(0x555557145760, 24 [pid 15380] <... close resumed>) = 0 [pid 15381] <... set_robust_list resumed>) = 0 [pid 15380] symlink("/dev/binderfs", "./binderfs" [pid 15381] chdir("./95" [pid 15380] <... symlink resumed>) = 0 [pid 15381] <... chdir resumed>) = 0 [pid 15380] memfd_create("syzkaller", 0 [pid 15381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15380] <... memfd_create resumed>) = 3 [pid 15381] <... prctl resumed>) = 0 [pid 15380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15381] setpgid(0, 0 [pid 15380] <... mmap resumed>) = 0x7fda9371b000 [pid 15381] <... setpgid resumed>) = 0 [pid 15381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15381] write(3, "1000", 4) = 4 [pid 15373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15381] close(3) = 0 [pid 15381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15381] memfd_create("syzkaller", 0) = 3 [pid 15381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./94/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./94" [pid 15377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./95", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15382 ./strace-static-x86_64: Process 15382 attached [pid 15382] set_robust_list(0x555557145760, 24) = 0 [pid 15382] chdir("./95") = 0 [pid 15382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15368] <... write resumed>) = 16777216 [pid 15382] setpgid(0, 0 [pid 15368] munmap(0x7fda9371b000, 138412032 [pid 15382] <... setpgid resumed>) = 0 [pid 15382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15368] <... munmap resumed>) = 0 [pid 15382] <... openat resumed>) = 3 [pid 15382] write(3, "1000", 4) = 4 [pid 15382] close(3) = 0 [pid 15368] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 15382] symlink("/dev/binderfs", "./binderfs" [pid 15380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15368] <... openat resumed>) = 4 [pid 15382] <... symlink resumed>) = 0 [pid 15368] ioctl(4, LOOP_SET_FD, 3 [pid 15382] memfd_create("syzkaller", 0) = 3 [pid 15368] <... ioctl resumed>) = 0 [pid 15382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15368] close(3) = 0 [pid 15368] mkdir("./file0", 0777) = 0 [ 284.112689][T15368] loop3: detected capacity change from 0 to 32768 [pid 15368] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 284.178858][T15368] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15368) [pid 15381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15373] <... write resumed>) = 16777216 [pid 15373] munmap(0x7fda9371b000, 138412032) = 0 [pid 15373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 284.259290][T15368] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 15373] ioctl(4, LOOP_SET_FD, 3) = 0 [ 284.319503][T15368] BTRFS info (device loop3): force clearing of disk cache [ 284.326813][T15368] BTRFS info (device loop3): setting nodatasum [ 284.327230][T15373] loop0: detected capacity change from 0 to 32768 [pid 15373] close(3) = 0 [pid 15373] mkdir("./file0", 0777) = 0 [ 284.379171][T15368] BTRFS info (device loop3): allowing degraded mounts [ 284.386124][T15368] BTRFS info (device loop3): enabling disk space caching [ 284.439522][T15373] BTRFS: device /dev/loop0 using temp-fsid 05f4700a-b33f-49b3-b1ea-a161c9c40b50 [ 284.448597][T15373] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15373) [ 284.448946][T15368] BTRFS info (device loop3): disk space caching is enabled [pid 15373] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15380] <... write resumed>) = 16777216 [pid 15380] munmap(0x7fda9371b000, 138412032 [pid 15382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15380] <... munmap resumed>) = 0 [pid 15380] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 284.579800][T15373] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 284.616760][T15380] loop2: detected capacity change from 0 to 32768 [pid 15380] ioctl(4, LOOP_SET_FD, 3 [pid 15377] <... write resumed>) = 16777216 [pid 15380] <... ioctl resumed>) = 0 [pid 15380] close(3) = 0 [ 284.637446][T15368] BTRFS info (device loop3): enabling ssd optimizations [ 284.644824][T15373] BTRFS info (device loop0): force clearing of disk cache [ 284.645008][T15368] BTRFS info (device loop3): auto enabling async discard [ 284.651999][T15373] BTRFS info (device loop0): setting nodatasum [ 284.678292][T15373] BTRFS info (device loop0): allowing degraded mounts [pid 15380] mkdir("./file0", 0777) = 0 [pid 15377] munmap(0x7fda9371b000, 138412032 [pid 15380] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15377] <... munmap resumed>) = 0 [pid 15377] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 15377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15377] close(3) = 0 [pid 15377] mkdir("./file0", 0777) = 0 [ 284.685608][T15373] BTRFS info (device loop0): enabling disk space caching [ 284.693237][T15373] BTRFS info (device loop0): disk space caching is enabled [ 284.695995][T15380] BTRFS: device /dev/loop2 using temp-fsid d83094a5-3f57-489f-bb22-6375bf73429c [ 284.713084][T15368] BTRFS info (device loop3): rebuilding free space tree [ 284.713088][T15377] loop1: detected capacity change from 0 to 32768 [pid 15377] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15381] <... write resumed>) = 16777216 [pid 15381] munmap(0x7fda9371b000, 138412032) = 0 [ 284.743871][T15380] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15380) [ 284.768918][T15368] BTRFS info (device loop3): disabling free space tree [ 284.777679][T15377] BTRFS: device /dev/loop1 using temp-fsid faaa5355-6229-49c6-9578-c6f4c8254e68 [pid 15381] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 15381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15381] close(3) = 0 [pid 15381] mkdir("./file0", 0777) = 0 [ 284.792865][T15381] loop4: detected capacity change from 0 to 32768 [ 284.793777][T15380] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 284.799447][T15368] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 284.820271][T15377] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15377) [ 284.820378][T15368] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15381] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15368] <... mount resumed>) = 0 [pid 15368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15368] chdir("./file0") = 0 [pid 15368] ioctl(4, LOOP_CLR_FD) = 0 [pid 15368] close(4) = 0 [ 284.837654][T15380] BTRFS info (device loop2): force clearing of disk cache [ 284.847242][T15368] BTRFS info (device loop3): checking UUID tree [ 284.857432][T15380] BTRFS info (device loop2): setting nodatasum [ 284.879183][T15381] BTRFS: device /dev/loop4 using temp-fsid 844d2d3e-9a06-4d45-8bab-f6329dc464ae [pid 15368] open("./file0", O_RDONLY) = 4 [pid 15368] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15382] <... write resumed>) = 16777216 [pid 15368] <... ioctl resumed>) = 0 [pid 15368] open("./file0", O_RDONLY) = 5 [ 284.881164][T15377] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 284.892546][T15381] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15381) [ 284.900880][T15380] BTRFS info (device loop2): allowing degraded mounts [ 284.933092][T15377] BTRFS info (device loop1): force clearing of disk cache [pid 15368] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15382] munmap(0x7fda9371b000, 138412032) = 0 [pid 15382] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 15368] <... ioctl resumed>) = 0 [pid 15368] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15368] exit_group(0) = ? [pid 15382] <... openat resumed>) = 4 [pid 15368] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15368, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [ 284.940362][T15377] BTRFS info (device loop1): setting nodatasum [ 284.946641][T15377] BTRFS info (device loop1): allowing degraded mounts [ 284.949440][T15380] BTRFS info (device loop2): enabling disk space caching [ 284.957962][T15377] BTRFS info (device loop1): enabling disk space caching [ 284.967734][T15377] BTRFS info (device loop1): disk space caching is enabled [ 284.978100][T15380] BTRFS info (device loop2): disk space caching is enabled [ 284.986057][T15381] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 15382] ioctl(4, LOOP_SET_FD, 3 [pid 5067] umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 15382] <... ioctl resumed>) = 0 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15382] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./95/binderfs") = 0 [pid 5067] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15382] <... close resumed>) = 0 [ 284.996345][T15382] loop5: detected capacity change from 0 to 32768 [ 285.001760][T15373] BTRFS info (device loop0): enabling ssd optimizations [ 285.003232][T15381] BTRFS info (device loop4): force clearing of disk cache [ 285.010345][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 285.019675][T15381] BTRFS info (device loop4): setting nodatasum [ 285.032160][T15381] BTRFS info (device loop4): allowing degraded mounts [ 285.038550][T15373] BTRFS info (device loop0): auto enabling async discard [pid 15382] mkdir("./file0", 0777) = 0 [ 285.040233][T15381] BTRFS info (device loop4): enabling disk space caching [ 285.055798][T15373] BTRFS info (device loop0): rebuilding free space tree [ 285.060687][T15381] BTRFS info (device loop4): disk space caching is enabled [ 285.079513][T15382] BTRFS: device /dev/loop5 using temp-fsid f7d0bb77-4244-4724-ae2a-d30017387c7f [ 285.088574][T15382] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15382) [pid 15382] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 285.137647][T15382] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 285.155875][T15373] BTRFS info (device loop0): disabling free space tree [ 285.172238][T15377] BTRFS info (device loop1): enabling ssd optimizations [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [ 285.187666][T15377] BTRFS info (device loop1): auto enabling async discard [ 285.194141][T15373] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 285.206323][T15380] BTRFS info (device loop2): enabling ssd optimizations [ 285.216297][T15377] BTRFS info (device loop1): rebuilding free space tree [ 285.217493][T15381] BTRFS info (device loop4): enabling ssd optimizations [ 285.231080][T15382] BTRFS info (device loop5): force clearing of disk cache [pid 5067] rmdir("./95/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [ 285.238201][T15382] BTRFS info (device loop5): setting nodatasum [ 285.254264][T15377] BTRFS info (device loop1): disabling free space tree [ 285.258871][T15380] BTRFS info (device loop2): auto enabling async discard [ 285.262688][T15382] BTRFS info (device loop5): allowing degraded mounts [ 285.269406][T15373] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5067] rmdir("./95") = 0 [pid 5067] mkdir("./96", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15460 ./strace-static-x86_64: Process 15460 attached [pid 15460] set_robust_list(0x555557145760, 24) = 0 [pid 15460] chdir("./96") = 0 [pid 15460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15460] setpgid(0, 0) = 0 [pid 15460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 285.276927][T15377] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 285.285987][T15381] BTRFS info (device loop4): auto enabling async discard [ 285.296578][T15382] BTRFS info (device loop5): enabling disk space caching [pid 15460] write(3, "1000", 4) = 4 [pid 15381] <... mount resumed>) = 0 [pid 15380] <... mount resumed>) = 0 [pid 15377] <... mount resumed>) = 0 [pid 15373] <... mount resumed>) = 0 [pid 15460] close(3 [pid 15381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15460] <... close resumed>) = 0 [pid 15381] <... openat resumed>) = 3 [pid 15380] <... openat resumed>) = 3 [pid 15377] <... openat resumed>) = 3 [pid 15373] <... openat resumed>) = 3 [pid 15460] symlink("/dev/binderfs", "./binderfs" [pid 15381] chdir("./file0" [pid 15380] chdir("./file0" [pid 15377] chdir("./file0" [pid 15373] chdir("./file0" [pid 15460] <... symlink resumed>) = 0 [pid 15381] <... chdir resumed>) = 0 [pid 15380] <... chdir resumed>) = 0 [pid 15377] <... chdir resumed>) = 0 [pid 15460] memfd_create("syzkaller", 0 [pid 15380] ioctl(4, LOOP_CLR_FD [pid 15377] ioctl(4, LOOP_CLR_FD [pid 15460] <... memfd_create resumed>) = 3 [pid 15381] ioctl(4, LOOP_CLR_FD [pid 15380] <... ioctl resumed>) = 0 [pid 15377] <... ioctl resumed>) = 0 [pid 15460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15381] <... ioctl resumed>) = 0 [pid 15380] close(4 [pid 15377] close(4 [pid 15373] <... chdir resumed>) = 0 [pid 15460] <... mmap resumed>) = 0x7fda9371b000 [pid 15381] close(4 [pid 15380] <... close resumed>) = 0 [pid 15377] <... close resumed>) = 0 [pid 15381] <... close resumed>) = 0 [pid 15380] open("./file0", O_RDONLY [pid 15377] open("./file0", O_RDONLY [pid 15373] ioctl(4, LOOP_CLR_FD [pid 15380] <... open resumed>) = 4 [pid 15377] <... open resumed>) = 4 [pid 15380] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15381] open("./file0", O_RDONLY [pid 15377] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15373] <... ioctl resumed>) = 0 [pid 15373] close(4 [pid 15381] <... open resumed>) = 4 [pid 15380] <... ioctl resumed>) = 0 [pid 15373] <... close resumed>) = 0 [pid 15381] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15380] open("./file0", O_RDONLY) = 5 [pid 15373] open("./file0", O_RDONLY [pid 15380] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15373] <... open resumed>) = 4 [pid 15380] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15381] <... ioctl resumed>) = 0 [pid 15377] <... ioctl resumed>) = 0 [pid 15373] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15377] open("./file0", O_RDONLY [pid 15381] open("./file0", O_RDONLY [pid 15377] <... open resumed>) = 5 [pid 15381] <... open resumed>) = 5 [pid 15380] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15377] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15381] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15380] exit_group(0 [pid 15377] <... ioctl resumed>) = 0 [pid 15381] <... ioctl resumed>) = 0 [pid 15380] <... exit_group resumed>) = ? [pid 15377] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15381] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15380] +++ exited with 0 +++ [pid 15377] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15381] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15380, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 15381] exit_group(0) = ? [pid 15381] +++ exited with 0 +++ [pid 15377] exit_group(0 [pid 15373] <... ioctl resumed>) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 15377] <... exit_group resumed>) = ? [pid 15373] open("./file0", O_RDONLY [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15381, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [pid 15377] +++ exited with 0 +++ [pid 15373] <... open resumed>) = 5 [pid 5066] umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15377, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 15373] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... openat resumed>) = 3 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 3 [pid 5065] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] newfstatat(3, "", [pid 5066] newfstatat(3, "", [pid 5065] <... openat resumed>) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(3, "", [pid 15373] <... ioctl resumed>) = 0 [pid 5068] getdents64(3, [pid 15373] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15373] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15373] exit_group(0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(3, [pid 15373] <... exit_group resumed>) = ? [pid 5068] newfstatat(AT_FDCWD, "./95/binderfs", [pid 15373] +++ exited with 0 +++ [pid 5066] umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./95/binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15373, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- [pid 5068] <... unlink resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./96/binderfs", [pid 5068] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./95/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] unlink("./96/binderfs" [pid 5065] unlink("./95/binderfs" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... unlink resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15382] <... mount resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5065] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 15382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] newfstatat(3, "", [pid 15382] <... openat resumed>) = 3 [pid 5066] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15382] chdir("./file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15382] <... chdir resumed>) = 0 [pid 15382] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] getdents64(3, [pid 15382] close(4) = 0 [pid 15382] open("./file0", O_RDONLY [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15382] <... open resumed>) = 4 [pid 5064] umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15382] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15382] <... ioctl resumed>) = 0 [pid 5064] unlink("./94/binderfs") = 0 [pid 5064] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15382] open("./file0", O_RDONLY) = 5 [pid 15382] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15382] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15382] exit_group(0) = ? [pid 15382] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15382, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./95/binderfs") = 0 [pid 5069] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./95/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./95") = 0 [pid 5068] mkdir("./96", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15486 ./strace-static-x86_64: Process 15486 attached [pid 15486] set_robust_list(0x555557145760, 24) = 0 [pid 15486] chdir("./96") = 0 [pid 15460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 15486] setpgid(0, 0) = 0 [pid 15486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15486] write(3, "1000", 4) = 4 [pid 15486] close(3) = 0 [pid 15486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15486] memfd_create("syzkaller", 0 [pid 5064] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./94/file0", [pid 5069] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(AT_FDCWD, "./96/file0", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15486] <... memfd_create resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(AT_FDCWD, "./95/file0", [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15486] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5065] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(4, "", [pid 5066] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] newfstatat(4, "", [pid 5064] getdents64(4, [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] newfstatat(AT_FDCWD, "./95/file0", [pid 5066] getdents64(4, [pid 5065] openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(4, [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5069] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5064] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] newfstatat(4, "", [pid 5064] <... close resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] close(4 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] rmdir("./94/file0" [pid 5066] <... close resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] rmdir("./96/file0" [pid 5064] getdents64(3, [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(3, [pid 5064] close(3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] close(3 [pid 5064] rmdir("./94" [pid 5066] <... close resumed>) = 0 [pid 5065] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5066] rmdir("./96" [pid 5064] mkdir("./95", 0777 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] newfstatat(4, "", [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5065] getdents64(4, [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] rmdir("./95/file0" [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(3) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5069] getdents64(4, [pid 5065] getdents64(3, [pid 5066] mkdir("./97", 0777 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 15487 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] close(3./strace-static-x86_64: Process 15488 attached [pid 15488] set_robust_list(0x555557145760, 24 [pid 5065] <... close resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 15488 [pid 15488] <... set_robust_list resumed>) = 0 [pid 5065] rmdir("./95") = 0 [pid 5065] mkdir("./96", 0777./strace-static-x86_64: Process 15487 attached [pid 15487] set_robust_list(0x555557145760, 24) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 15488] chdir("./97" [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15488] <... chdir resumed>) = 0 [pid 15487] chdir("./95" [pid 5065] <... openat resumed>) = 3 [pid 15488] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] getdents64(4, [pid 5065] ioctl(3, LOOP_CLR_FD [pid 15488] <... prctl resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 15488] setpgid(0, 0 [pid 5065] close(3 [pid 15488] <... setpgid resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... close resumed>) = 0 [pid 15488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15487] <... chdir resumed>) = 0 [pid 5069] close(4 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 15489 attached [pid 15487] setpgid(0, 0 [pid 5069] <... close resumed>) = 0 [pid 15489] set_robust_list(0x555557145760, 24 [pid 5069] rmdir("./95/file0" [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 15489 [pid 15487] <... setpgid resumed>) = 0 [pid 15489] <... set_robust_list resumed>) = 0 [pid 15488] <... openat resumed>) = 3 [pid 15487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... rmdir resumed>) = 0 [pid 15489] chdir("./96" [pid 15488] write(3, "1000", 4 [pid 15487] <... openat resumed>) = 3 [pid 5069] getdents64(3, [pid 15489] <... chdir resumed>) = 0 [pid 15488] <... write resumed>) = 4 [pid 15487] write(3, "1000", 4 [pid 15489] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15487] <... write resumed>) = 4 [pid 15489] <... prctl resumed>) = 0 [pid 15488] close(3 [pid 15487] close(3 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15487] <... close resumed>) = 0 [pid 15489] setpgid(0, 0 [pid 15488] <... close resumed>) = 0 [pid 15487] symlink("/dev/binderfs", "./binderfs" [pid 5069] close(3 [pid 15489] <... setpgid resumed>) = 0 [pid 15488] symlink("/dev/binderfs", "./binderfs" [pid 15487] <... symlink resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 15489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15488] <... symlink resumed>) = 0 [pid 15487] memfd_create("syzkaller", 0 [pid 5069] rmdir("./95" [pid 15487] <... memfd_create resumed>) = 3 [pid 15487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15488] memfd_create("syzkaller", 0 [pid 15489] <... openat resumed>) = 3 [pid 15487] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... rmdir resumed>) = 0 [pid 15489] write(3, "1000", 4 [pid 15488] <... memfd_create resumed>) = 3 [pid 5069] mkdir("./96", 0777 [pid 15489] <... write resumed>) = 4 [pid 15488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... mkdir resumed>) = 0 [pid 15488] <... mmap resumed>) = 0x7fda9371b000 [pid 15489] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 15489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] <... openat resumed>) = 3 [pid 15489] memfd_create("syzkaller", 0 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 15489] <... memfd_create resumed>) = 3 [pid 5069] close(3 [pid 15489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... close resumed>) = 0 [pid 15489] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15490 attached , child_tidptr=0x555557145750) = 15490 [pid 15490] set_robust_list(0x555557145760, 24) = 0 [pid 15490] chdir("./96") = 0 [pid 15490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15490] setpgid(0, 0) = 0 [pid 15490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15490] write(3, "1000", 4) = 4 [pid 15490] close(3) = 0 [pid 15490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15490] memfd_create("syzkaller", 0) = 3 [pid 15490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15460] <... write resumed>) = 16777216 [pid 15460] munmap(0x7fda9371b000, 138412032) = 0 [pid 15460] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 15460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15460] close(3) = 0 [pid 15460] mkdir("./file0", 0777 [pid 15489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15460] <... mkdir resumed>) = 0 [pid 15460] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 286.609832][T15460] loop3: detected capacity change from 0 to 32768 [ 286.642019][T15460] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15460) [pid 15490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15460] <... mount resumed>) = 0 [pid 15460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15460] chdir("./file0") = 0 [pid 15460] ioctl(4, LOOP_CLR_FD) = 0 [pid 15460] close(4) = 0 [pid 15460] open("./file0", O_RDONLY) = 4 [pid 15460] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15488] <... write resumed>) = 16777216 [pid 15460] <... ioctl resumed>) = 0 [pid 15488] munmap(0x7fda9371b000, 138412032 [pid 15460] open("./file0", O_RDONLY) = 5 [pid 15488] <... munmap resumed>) = 0 [pid 15487] <... write resumed>) = 16777216 [pid 15460] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15488] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 15487] munmap(0x7fda9371b000, 138412032 [pid 15460] <... ioctl resumed>) = 0 [pid 15460] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15488] <... openat resumed>) = 4 [pid 15460] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15460] exit_group(0) = ? [pid 15460] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15460, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=19 /* 0.19 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15488] ioctl(4, LOOP_SET_FD, 3 [pid 15487] <... munmap resumed>) = 0 [pid 15486] <... write resumed>) = 16777216 [pid 5067] <... openat resumed>) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./96/binderfs") = 0 [pid 5067] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15488] <... ioctl resumed>) = 0 [pid 15487] ioctl(4, LOOP_SET_FD, 3 [pid 15486] munmap(0x7fda9371b000, 138412032 [pid 15488] close(3 [pid 15487] <... ioctl resumed>) = 0 [pid 15486] <... munmap resumed>) = 0 [pid 15488] <... close resumed>) = 0 [pid 15487] close(3 [pid 15488] mkdir("./file0", 0777 [pid 15487] <... close resumed>) = 0 [pid 15486] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 287.089854][T15488] loop2: detected capacity change from 0 to 32768 [ 287.115864][T15487] loop0: detected capacity change from 0 to 32768 [pid 15486] ioctl(4, LOOP_SET_FD, 3 [pid 15488] <... mkdir resumed>) = 0 [pid 15487] mkdir("./file0", 0777 [pid 15488] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15487] <... mkdir resumed>) = 0 [pid 15487] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15490] <... write resumed>) = 16777216 [pid 15486] <... ioctl resumed>) = 0 [pid 15490] munmap(0x7fda9371b000, 138412032 [pid 15486] close(3) = 0 [pid 15486] mkdir("./file0", 0777) = 0 [ 287.140802][T15486] loop4: detected capacity change from 0 to 32768 [ 287.162533][T15487] BTRFS: device /dev/loop0 using temp-fsid 05d0d00f-b82e-4302-9022-5552e7264245 [pid 15486] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15490] <... munmap resumed>) = 0 [pid 15490] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 15490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15490] close(3) = 0 [pid 15490] mkdir("./file0", 0777) = 0 [ 287.193274][T15487] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15487) [ 287.211534][T15490] loop5: detected capacity change from 0 to 32768 [pid 15490] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15489] <... write resumed>) = 16777216 [pid 15489] munmap(0x7fda9371b000, 138412032) = 0 [pid 15489] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 287.243028][T15488] BTRFS: device /dev/loop2 using temp-fsid 6b66565b-435d-481c-abfa-237dab14d52a [ 287.255440][T15488] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15488) [pid 15489] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15489] <... ioctl resumed>) = 0 [pid 5067] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15489] close(3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15489] <... close resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./96/file0" [pid 15489] mkdir("./file0", 0777 [pid 5067] <... rmdir resumed>) = 0 [pid 15489] <... mkdir resumed>) = 0 [pid 15489] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [ 287.284910][T15489] loop1: detected capacity change from 0 to 32768 [ 287.291901][T15486] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15486) [ 287.310431][T15490] BTRFS: device /dev/loop5 using temp-fsid 66784d37-56fb-4e46-af73-d80aa32bef60 [pid 5067] rmdir("./96") = 0 [pid 5067] mkdir("./97", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15544 attached , child_tidptr=0x555557145750) = 15544 [pid 15544] set_robust_list(0x555557145760, 24) = 0 [pid 15544] chdir("./97") = 0 [pid 15544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15544] setpgid(0, 0) = 0 [pid 15544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15544] write(3, "1000", 4) = 4 [pid 15544] close(3) = 0 [pid 15544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15544] memfd_create("syzkaller", 0) = 3 [pid 15544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 287.326673][T15490] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15490) [ 287.344435][T15489] BTRFS: device /dev/loop1 using temp-fsid 3e1a9564-0701-401c-9dd5-0c569d3d6613 [ 287.359221][T15489] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15489) [pid 15487] <... mount resumed>) = 0 [pid 15487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15487] chdir("./file0") = 0 [pid 15487] ioctl(4, LOOP_CLR_FD) = 0 [pid 15488] <... mount resumed>) = 0 [pid 15487] close(4) = 0 [pid 15487] open("./file0", O_RDONLY) = 4 [pid 15544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15487] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15488] <... openat resumed>) = 3 [pid 15488] chdir("./file0") = 0 [pid 15488] ioctl(4, LOOP_CLR_FD) = 0 [pid 15488] close(4) = 0 [pid 15488] open("./file0", O_RDONLY) = 4 [pid 15487] <... ioctl resumed>) = 0 [pid 15488] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15487] open("./file0", O_RDONLY) = 5 [ 287.506880][T15490] _btrfs_printk: 87 callbacks suppressed [ 287.506894][T15490] BTRFS info (device loop5): disabling free space tree [ 287.522654][T15486] BTRFS info (device loop4): enabling ssd optimizations [ 287.538795][T15486] BTRFS info (device loop4): auto enabling async discard [ 287.540998][T15490] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 15487] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15488] <... ioctl resumed>) = 0 [pid 15487] <... ioctl resumed>) = 0 [pid 15488] open("./file0", O_RDONLY) = 5 [pid 15487] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15488] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15487] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15488] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15487] exit_group(0) = ? [pid 15488] exit_group(0 [pid 15487] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15487, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 15488] <... exit_group resumed>) = ? [pid 15490] <... mount resumed>) = 0 [pid 15488] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15488, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 15490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15490] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... openat resumed>) = 3 [ 287.606570][T15490] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 287.607676][ T48] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 287.626442][T15486] BTRFS info (device loop4): rebuilding free space tree [ 287.629216][T15490] BTRFS info (device loop5): checking UUID tree [ 287.638770][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 15490] chdir("./file0" [pid 5066] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 5066] newfstatat(3, "", [pid 15490] <... chdir resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15490] ioctl(4, LOOP_CLR_FD [pid 5064] getdents64(3, [pid 15490] <... ioctl resumed>) = 0 [pid 5066] getdents64(3, [pid 15490] close(4 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15490] <... close resumed>) = 0 [pid 5066] umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./97/binderfs", [pid 5064] newfstatat(AT_FDCWD, "./95/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./97/binderfs" [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15490] open("./file0", O_RDONLY [pid 5066] <... unlink resumed>) = 0 [pid 5064] unlink("./95/binderfs" [pid 5066] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15490] <... open resumed>) = 4 [ 287.671200][T15489] BTRFS info (device loop1): enabling ssd optimizations [ 287.678304][T15489] BTRFS info (device loop1): auto enabling async discard [pid 15490] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15490] open("./file0", O_RDONLY) = 5 [ 287.715666][T15486] BTRFS info (device loop4): disabling free space tree [ 287.740293][T15489] BTRFS info (device loop1): rebuilding free space tree [ 287.750077][T15486] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 15490] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15490] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15490] exit_group(0) = ? [pid 15490] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15490, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- [pid 5069] umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 287.753114][ T2497] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 287.783258][T15486] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 287.805344][T15489] BTRFS info (device loop1): disabling free space tree [pid 5069] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./96/binderfs") = 0 [pid 5069] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15486] <... mount resumed>) = 0 [pid 5066] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./95/file0", [pid 15486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] newfstatat(AT_FDCWD, "./97/file0", [pid 5064] umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15486] <... openat resumed>) = 3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5066] openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(4, "", [pid 5066] <... openat resumed>) = 4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 287.866368][T15489] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 287.890045][T15486] BTRFS info (device loop4): checking UUID tree [ 287.902852][T15489] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15486] chdir("./file0" [pid 5066] newfstatat(4, "", [pid 5064] close(4 [pid 15486] <... chdir resumed>) = 0 [pid 15486] ioctl(4, LOOP_CLR_FD [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 15486] <... ioctl resumed>) = 0 [pid 5066] getdents64(4, [pid 5064] rmdir("./95/file0" [pid 15486] close(4) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... rmdir resumed>) = 0 [pid 15486] open("./file0", O_RDONLY [pid 5066] getdents64(4, [pid 5064] getdents64(3, [pid 15486] <... open resumed>) = 4 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15486] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] close(4) = 0 [pid 5066] rmdir("./97/file0" [pid 15486] <... ioctl resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] getdents64(3, [pid 5064] close(3 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] close(3 [pid 5064] rmdir("./95" [pid 15486] open("./file0", O_RDONLY [pid 5066] <... close resumed>) = 0 [pid 15486] <... open resumed>) = 5 [pid 5066] rmdir("./97" [pid 5064] <... rmdir resumed>) = 0 [pid 15486] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... rmdir resumed>) = 0 [pid 5064] mkdir("./96", 0777 [pid 5066] mkdir("./98", 0777 [pid 5064] <... mkdir resumed>) = 0 [pid 15486] <... ioctl resumed>) = 0 [pid 5066] <... mkdir resumed>) = 0 [pid 15486] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5069] <... umount2 resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 15486] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5069] newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15486] exit_group(0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5064] <... ioctl resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 15486] <... exit_group resumed>) = ? [pid 5066] <... ioctl resumed>) = 0 [pid 5064] close(3 [pid 5066] close(3 [pid 15486] +++ exited with 0 +++ [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] <... close resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5069] close(4 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15486, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [pid 5069] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15489] <... mount resumed>) = 0 [pid 5069] rmdir("./96/file0"./strace-static-x86_64: Process 15593 attached ./strace-static-x86_64: Process 15592 attached [pid 15489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... rmdir resumed>) = 0 [pid 15593] set_robust_list(0x555557145760, 24 [pid 15489] <... openat resumed>) = 3 [pid 5069] getdents64(3, [pid 15593] <... set_robust_list resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 15593 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 15592 [pid 15593] chdir("./98" [pid 15592] set_robust_list(0x555557145760, 24 [pid 15489] chdir("./file0" [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15593] <... chdir resumed>) = 0 [pid 15592] <... set_robust_list resumed>) = 0 [pid 15489] <... chdir resumed>) = 0 [pid 5069] close(3 [pid 5068] umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW [ 287.992728][T15489] BTRFS info (device loop1): checking UUID tree [ 288.031472][ T42] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 15593] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15592] chdir("./96" [pid 15489] ioctl(4, LOOP_CLR_FD [pid 5069] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15593] <... prctl resumed>) = 0 [pid 15592] <... chdir resumed>) = 0 [pid 15489] <... ioctl resumed>) = 0 [pid 5069] rmdir("./96") = 0 [pid 5068] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] mkdir("./97", 0777 [pid 5068] <... openat resumed>) = 3 [pid 15593] setpgid(0, 0 [pid 15592] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15489] close(4 [pid 5069] <... mkdir resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5068] getdents64(3, [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15593] <... setpgid resumed>) = 0 [pid 15592] <... prctl resumed>) = 0 [pid 5069] <... ioctl resumed>) = 0 [pid 5068] umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15592] setpgid(0, 0 [pid 15489] <... close resumed>) = 0 [pid 5069] close(3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15592] <... setpgid resumed>) = 0 [pid 15489] open("./file0", O_RDONLY [pid 5069] <... close resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./96/binderfs", [pid 15593] <... openat resumed>) = 3 [pid 15592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15489] <... open resumed>) = 4 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15593] write(3, "1000", 4 [pid 5068] unlink("./96/binderfs" [pid 15593] <... write resumed>) = 4 [pid 15592] <... openat resumed>) = 3 [pid 15489] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... unlink resumed>) = 0 [pid 15592] write(3, "1000", 4 [pid 5068] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15593] close(3 [pid 15592] <... write resumed>) = 4 [pid 15489] <... ioctl resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 15595 [pid 15593] <... close resumed>) = 0 [pid 15592] close(3 [pid 15593] symlink("/dev/binderfs", "./binderfs" [pid 15489] open("./file0", O_RDONLY [pid 15592] <... close resumed>) = 0 ./strace-static-x86_64: Process 15595 attached [pid 15593] <... symlink resumed>) = 0 [pid 15592] symlink("/dev/binderfs", "./binderfs" [pid 15489] <... open resumed>) = 5 [pid 15595] set_robust_list(0x555557145760, 24) = 0 [pid 15595] chdir("./97") = 0 [pid 15595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15595] setpgid(0, 0) = 0 [pid 15595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15592] <... symlink resumed>) = 0 [pid 15489] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15592] memfd_create("syzkaller", 0 [pid 15489] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15593] memfd_create("syzkaller", 0 [pid 15489] exit_group(0) = ? [pid 15489] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15489, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- [pid 5065] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 15592] <... memfd_create resumed>) = 3 [pid 5065] umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./96/binderfs", [pid 15595] <... openat resumed>) = 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15595] write(3, "1000", 4 [pid 5065] unlink("./96/binderfs" [pid 15595] <... write resumed>) = 4 [pid 15595] close(3 [pid 15592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... unlink resumed>) = 0 [pid 15593] <... memfd_create resumed>) = 3 [pid 15595] <... close resumed>) = 0 [pid 5065] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15595] symlink("/dev/binderfs", "./binderfs" [pid 15593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15592] <... mmap resumed>) = 0x7fda9371b000 [pid 15595] <... symlink resumed>) = 0 [pid 15595] memfd_create("syzkaller", 0 [pid 15593] <... mmap resumed>) = 0x7fda9371b000 [pid 15595] <... memfd_create resumed>) = 3 [pid 15595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15544] <... write resumed>) = 16777216 [pid 15544] munmap(0x7fda9371b000, 138412032) = 0 [pid 15544] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 15544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15544] close(3) = 0 [pid 15544] mkdir("./file0", 0777) = 0 [ 288.228004][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 288.255282][T15544] loop3: detected capacity change from 0 to 32768 [ 288.291976][T15544] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15544) [pid 15544] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./96/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./96") = 0 [pid 5068] mkdir("./97", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [ 288.364303][T15544] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15597 attached , child_tidptr=0x555557145750) = 15597 [pid 5065] <... umount2 resumed>) = 0 [pid 15597] set_robust_list(0x555557145760, 24 [pid 5065] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15597] <... set_robust_list resumed>) = 0 [pid 15597] chdir("./97" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15597] <... chdir resumed>) = 0 [pid 5065] newfstatat(AT_FDCWD, "./96/file0", [pid 15597] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 288.412984][T15544] BTRFS info (device loop3): force clearing of disk cache [pid 15597] <... prctl resumed>) = 0 [pid 5065] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15597] setpgid(0, 0 [pid 5065] getdents64(4, [pid 15597] <... setpgid resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5065] close(4 [pid 15597] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./96/file0" [pid 15597] write(3, "1000", 4 [pid 5065] <... rmdir resumed>) = 0 [pid 15597] <... write resumed>) = 4 [pid 5065] getdents64(3, [pid 15597] close(3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15597] <... close resumed>) = 0 [pid 5065] close(3 [pid 15597] symlink("/dev/binderfs", "./binderfs" [pid 5065] <... close resumed>) = 0 [pid 15597] <... symlink resumed>) = 0 [pid 5065] rmdir("./96" [pid 15597] memfd_create("syzkaller", 0 [pid 5065] <... rmdir resumed>) = 0 [pid 15597] <... memfd_create resumed>) = 3 [pid 5065] mkdir("./97", 0777 [pid 15597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5065] <... mkdir resumed>) = 0 [pid 15597] <... mmap resumed>) = 0x7fda9371b000 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15598 ./strace-static-x86_64: Process 15598 attached [ 288.463855][T15544] BTRFS info (device loop3): setting nodatasum [pid 15598] set_robust_list(0x555557145760, 24) = 0 [pid 15598] chdir("./97") = 0 [pid 15598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15598] setpgid(0, 0) = 0 [ 288.518784][T15544] BTRFS info (device loop3): allowing degraded mounts [ 288.525561][T15544] BTRFS info (device loop3): enabling disk space caching [pid 15598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15598] write(3, "1000", 4) = 4 [pid 15598] close(3) = 0 [pid 15598] symlink("/dev/binderfs", "./binderfs") = 0 [ 288.591720][T15544] BTRFS info (device loop3): disk space caching is enabled [pid 15598] memfd_create("syzkaller", 0 [pid 15592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15598] <... memfd_create resumed>) = 3 [pid 15593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15593] <... write resumed>) = 16777216 [pid 15593] munmap(0x7fda9371b000, 138412032) = 0 [pid 15593] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 288.890024][T15544] BTRFS info (device loop3): enabling ssd optimizations [ 288.908730][T15544] BTRFS info (device loop3): auto enabling async discard [ 288.916617][T15544] BTRFS info (device loop3): rebuilding free space tree [ 288.933338][T15544] BTRFS info (device loop3): disabling free space tree [pid 15593] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15593] close(3) = 0 [pid 15593] mkdir("./file0", 0777) = 0 [ 288.940537][T15593] loop2: detected capacity change from 0 to 32768 [ 288.959044][T15544] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 288.968683][T15544] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15593] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 288.991075][T15593] BTRFS: device /dev/loop2 using temp-fsid 8d9e0459-b226-4aca-bcea-4b62675c8627 [ 289.000864][T15544] BTRFS info (device loop3): checking UUID tree [ 289.018822][T15593] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15593) [pid 15597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15544] <... mount resumed>) = 0 [pid 15544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 289.061455][T15593] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [pid 15544] chdir("./file0") = 0 [pid 15544] ioctl(4, LOOP_CLR_FD) = 0 [pid 15544] close(4) = 0 [ 289.114872][T15593] BTRFS info (device loop2): force clearing of disk cache [ 289.138795][T15593] BTRFS info (device loop2): setting nodatasum [ 289.145138][T15593] BTRFS info (device loop2): allowing degraded mounts [pid 15544] open("./file0", O_RDONLY) = 4 [pid 15544] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 289.168900][T15593] BTRFS info (device loop2): enabling disk space caching [ 289.176340][T15593] BTRFS info (device loop2): disk space caching is enabled [pid 15544] open("./file0", O_RDONLY) = 5 [pid 15544] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15544] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15544] exit_group(0) = ? [pid 15544] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15544, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- [pid 5067] umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] unlink("./97/binderfs") = 0 [ 289.258970][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15592] <... write resumed>) = 16777216 [pid 15592] munmap(0x7fda9371b000, 138412032) = 0 [pid 15595] <... write resumed>) = 16777216 [pid 15592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15592] ioctl(4, LOOP_SET_FD, 3 [pid 15595] munmap(0x7fda9371b000, 138412032 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15595] <... munmap resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15595] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] <... openat resumed>) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15592] <... ioctl resumed>) = 0 [pid 5067] getdents64(4, [pid 15592] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15592] <... close resumed>) = 0 [pid 15592] mkdir("./file0", 0777) = 0 [pid 5067] getdents64(4, [pid 15592] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [ 289.482679][T15592] loop0: detected capacity change from 0 to 32768 [ 289.509865][T15593] BTRFS info (device loop2): enabling ssd optimizations [ 289.517067][T15593] BTRFS info (device loop2): auto enabling async discard [pid 15595] <... openat resumed>) = 4 [pid 5067] close(4 [pid 15595] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./97/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./97" [pid 15595] <... ioctl resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 15595] close(3 [pid 5067] mkdir("./98", 0777) = 0 [pid 15595] <... close resumed>) = 0 [pid 15595] mkdir("./file0", 0777) = 0 [pid 15595] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15631 attached [pid 15631] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 15631 [pid 15631] <... set_robust_list resumed>) = 0 [ 289.524791][T15592] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15592) [ 289.538613][T15595] loop5: detected capacity change from 0 to 32768 [ 289.559118][T15593] BTRFS info (device loop2): rebuilding free space tree [pid 15631] chdir("./98") = 0 [pid 15631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15631] setpgid(0, 0) = 0 [pid 15631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 289.610085][T15595] BTRFS: device /dev/loop5 using temp-fsid 0e48b247-adeb-4c65-a86f-29a244b81b3a [ 289.620664][T15592] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 289.633217][T15592] BTRFS info (device loop0): force clearing of disk cache [ 289.637521][T15595] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15595) [ 289.653924][T15592] BTRFS info (device loop0): setting nodatasum [pid 15631] write(3, "1000", 4) = 4 [pid 15631] close(3) = 0 [pid 15631] symlink("/dev/binderfs", "./binderfs" [pid 15598] <... write resumed>) = 16777216 [pid 15631] <... symlink resumed>) = 0 [ 289.656272][T15593] BTRFS info (device loop2): disabling free space tree [ 289.667816][T15593] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 289.681179][T15592] BTRFS info (device loop0): allowing degraded mounts [ 289.682036][T15593] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 289.688607][T15592] BTRFS info (device loop0): enabling disk space caching [pid 15631] memfd_create("syzkaller", 0) = 3 [pid 15598] munmap(0x7fda9371b000, 138412032 [pid 15631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15598] <... munmap resumed>) = 0 [pid 15598] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 15598] ioctl(4, LOOP_SET_FD, 3 [pid 15593] <... mount resumed>) = 0 [pid 15593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 289.714859][T15593] BTRFS info (device loop2): checking UUID tree [ 289.721547][T15595] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 289.732798][T15595] BTRFS info (device loop5): force clearing of disk cache [ 289.744926][T15598] loop1: detected capacity change from 0 to 32768 [ 289.745328][T15592] BTRFS info (device loop0): disk space caching is enabled [pid 15593] chdir("./file0") = 0 [pid 15593] ioctl(4, LOOP_CLR_FD) = 0 [pid 15593] close(4) = 0 [pid 15593] open("./file0", O_RDONLY) = 4 [pid 15593] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15593] open("./file0", O_RDONLY) = 5 [pid 15593] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15593] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15593] exit_group(0) = ? [pid 15598] <... ioctl resumed>) = 0 [pid 15597] <... write resumed>) = 16777216 [pid 15593] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15593, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [ 289.763161][T15595] BTRFS info (device loop5): setting nodatasum [pid 15598] close(3 [pid 15597] munmap(0x7fda9371b000, 138412032 [pid 15598] <... close resumed>) = 0 [pid 5066] umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15598] mkdir("./file0", 0777) = 0 [pid 15598] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15597] <... munmap resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 15597] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15597] <... openat resumed>) = 4 [pid 15597] ioctl(4, LOOP_SET_FD, 3 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 289.793392][T15595] BTRFS info (device loop5): allowing degraded mounts [ 289.808176][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 289.827058][T15598] BTRFS: device /dev/loop1 using temp-fsid 042ba849-4353-4dff-b4d6-aa85f17de155 [ 289.828215][T15595] BTRFS info (device loop5): enabling disk space caching [pid 5066] umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15597] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./98/binderfs" [pid 15597] close(3) = 0 [pid 15597] mkdir("./file0", 0777) = 0 [pid 15597] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... unlink resumed>) = 0 [ 289.847136][T15597] loop4: detected capacity change from 0 to 32768 [ 289.849347][T15595] BTRFS info (device loop5): disk space caching is enabled [ 289.858795][T15598] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15598) [ 289.919393][T15597] BTRFS: device /dev/loop4 using temp-fsid f3e52466-f913-4966-bc79-ed8f4c38700d [ 289.928472][T15597] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15597) [ 289.949662][T15598] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5066] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 289.963518][T15598] BTRFS info (device loop1): force clearing of disk cache [ 289.976119][T15598] BTRFS info (device loop1): setting nodatasum [ 289.993112][T15597] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 290.030228][T15597] BTRFS info (device loop4): force clearing of disk cache [ 290.031788][T15598] BTRFS info (device loop1): allowing degraded mounts [ 290.046097][T15598] BTRFS info (device loop1): enabling disk space caching [ 290.049132][T15595] BTRFS info (device loop5): enabling ssd optimizations [ 290.053430][T15598] BTRFS info (device loop1): disk space caching is enabled [ 290.068123][T15597] BTRFS info (device loop4): setting nodatasum [pid 15631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./98/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [ 290.075392][T15597] BTRFS info (device loop4): allowing degraded mounts [ 290.079655][T15592] BTRFS info (device loop0): enabling ssd optimizations [ 290.082339][T15597] BTRFS info (device loop4): enabling disk space caching [ 290.102508][T15595] BTRFS info (device loop5): auto enabling async discard [ 290.103579][T15597] BTRFS info (device loop4): disk space caching is enabled [ 290.110392][T15592] BTRFS info (device loop0): auto enabling async discard [pid 5066] rmdir("./98") = 0 [pid 5066] mkdir("./99", 0777) = 0 [ 290.151407][T15595] BTRFS info (device loop5): rebuilding free space tree [ 290.180433][T15592] BTRFS info (device loop0): rebuilding free space tree [ 290.190086][T15595] BTRFS info (device loop5): disabling free space tree [ 290.197158][T15595] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 15631] <... write resumed>) = 16777216 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15631] munmap(0x7fda9371b000, 138412032./strace-static-x86_64: Process 15684 attached [pid 15684] set_robust_list(0x555557145760, 24) = 0 [pid 15684] chdir("./99") = 0 [pid 15684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15684] setpgid(0, 0) = 0 [pid 15684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15631] <... munmap resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 15684 [pid 15684] write(3, "1000", 4) = 4 [pid 15684] close(3) = 0 [pid 15684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15684] memfd_create("syzkaller", 0) = 3 [pid 15684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 290.223877][T15595] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 290.227080][T15592] BTRFS info (device loop0): disabling free space tree [ 290.238910][T15595] BTRFS info (device loop5): checking UUID tree [ 290.253643][T15592] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 290.264121][T15592] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15631] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 15595] <... mount resumed>) = 0 [pid 15631] ioctl(4, LOOP_SET_FD, 3 [pid 15592] <... mount resumed>) = 0 [pid 15592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15592] chdir("./file0" [pid 15595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15592] <... chdir resumed>) = 0 [pid 15595] chdir("./file0") = 0 [pid 15595] ioctl(4, LOOP_CLR_FD) = 0 [pid 15592] ioctl(4, LOOP_CLR_FD) = 0 [pid 15592] close(4) = 0 [pid 15592] open("./file0", O_RDONLY) = 4 [pid 15592] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15595] close(4) = 0 [pid 15631] <... ioctl resumed>) = 0 [pid 15631] close(3) = 0 [pid 15595] open("./file0", O_RDONLY [pid 15631] mkdir("./file0", 0777 [pid 15595] <... open resumed>) = 4 [pid 15592] <... ioctl resumed>) = 0 [pid 15631] <... mkdir resumed>) = 0 [pid 15595] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15592] open("./file0", O_RDONLY) = 5 [pid 15592] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [ 290.280773][T15592] BTRFS info (device loop0): checking UUID tree [ 290.290535][T15631] loop3: detected capacity change from 0 to 32768 [pid 15631] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15592] <... ioctl resumed>) = 0 [pid 15592] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15592] exit_group(0) = ? [pid 15592] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15592, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5064] umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15595] <... ioctl resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15595] open("./file0", O_RDONLY [pid 5064] <... openat resumed>) = 3 [pid 15595] <... open resumed>) = 5 [pid 5064] newfstatat(3, "", [pid 15595] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15595] <... ioctl resumed>) = 0 [pid 5064] getdents64(3, [pid 15595] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15595] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15595] exit_group(0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15595] <... exit_group resumed>) = ? [pid 5064] newfstatat(AT_FDCWD, "./96/binderfs", [pid 15595] +++ exited with 0 +++ [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./96/binderfs" [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15595, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 5064] <... unlink resumed>) = 0 [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5064] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... restart_syscall resumed>) = 0 [ 290.336465][T15598] BTRFS info (device loop1): enabling ssd optimizations [ 290.350326][T15597] BTRFS info (device loop4): enabling ssd optimizations [ 290.352118][T15631] BTRFS: device /dev/loop3 using temp-fsid 52458f82-f325-45db-92a1-715704896ffd [ 290.357420][T15597] BTRFS info (device loop4): auto enabling async discard [ 290.379461][T15598] BTRFS info (device loop1): auto enabling async discard [pid 5069] umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 290.404081][ T2497] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 290.430479][T15631] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15631) [ 290.430713][T15597] BTRFS info (device loop4): rebuilding free space tree [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./97/binderfs") = 0 [ 290.451523][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 290.454163][T15598] BTRFS info (device loop1): rebuilding free space tree [pid 5069] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./96/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./96") = 0 [pid 5064] mkdir("./97", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [ 290.509159][T15598] BTRFS info (device loop1): disabling free space tree [ 290.516056][T15598] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 290.526224][T15631] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15702 attached [pid 15597] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 15702] set_robust_list(0x555557145760, 24 [pid 15597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 15702 [pid 15702] <... set_robust_list resumed>) = 0 [pid 15597] <... openat resumed>) = 3 [pid 5069] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15702] chdir("./97" [pid 15597] chdir("./file0" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15702] <... chdir resumed>) = 0 [pid 15597] <... chdir resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./97/file0", [pid 15702] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15597] ioctl(4, LOOP_CLR_FD [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15702] <... prctl resumed>) = 0 [pid 15597] <... ioctl resumed>) = 0 [pid 5069] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15702] setpgid(0, 0 [pid 15597] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15702] <... setpgid resumed>) = 0 [pid 15597] <... close resumed>) = 0 [pid 15702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15597] open("./file0", O_RDONLY [pid 5069] openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15702] <... openat resumed>) = 3 [pid 15597] <... open resumed>) = 4 [pid 5069] <... openat resumed>) = 4 [pid 15702] write(3, "1000", 4 [pid 15597] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] newfstatat(4, "", [pid 15702] <... write resumed>) = 4 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15702] close(3 [pid 5069] getdents64(4, [pid 15702] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15702] symlink("/dev/binderfs", "./binderfs" [pid 5069] getdents64(4, [pid 15702] <... symlink resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15702] memfd_create("syzkaller", 0 [pid 5069] close(4 [pid 15702] <... memfd_create resumed>) = 3 [pid 5069] <... close resumed>) = 0 [pid 15702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] rmdir("./97/file0" [pid 15702] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./97" [pid 15597] <... ioctl resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 15597] open("./file0", O_RDONLY [pid 5069] mkdir("./98", 0777 [pid 15597] <... open resumed>) = 5 [pid 5069] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 15597] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... openat resumed>) = 3 [pid 15684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15715 attached [pid 15715] set_robust_list(0x555557145760, 24) = 0 [pid 15715] chdir("./98") = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 15715 [pid 15715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15715] setpgid(0, 0) = 0 [pid 15715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15715] write(3, "1000", 4) = 4 [pid 15715] close(3) = 0 [pid 15715] symlink("/dev/binderfs", "./binderfs" [pid 15598] <... mount resumed>) = 0 [pid 15715] <... symlink resumed>) = 0 [pid 15598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15715] memfd_create("syzkaller", 0 [pid 15597] <... ioctl resumed>) = 0 [pid 15598] <... openat resumed>) = 3 [pid 15598] chdir("./file0" [pid 15597] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15598] <... chdir resumed>) = 0 [pid 15597] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15598] ioctl(4, LOOP_CLR_FD [pid 15597] exit_group(0 [pid 15598] <... ioctl resumed>) = 0 [pid 15597] <... exit_group resumed>) = ? [pid 15715] <... memfd_create resumed>) = 3 [pid 15598] close(4 [pid 15597] +++ exited with 0 +++ [pid 15715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15598] <... close resumed>) = 0 [pid 15715] <... mmap resumed>) = 0x7fda9371b000 [pid 15598] open("./file0", O_RDONLY [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15597, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 15598] <... open resumed>) = 4 [pid 15598] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15598] <... ioctl resumed>) = 0 [pid 15598] open("./file0", O_RDONLY [pid 5068] unlink("./97/binderfs" [pid 15598] <... open resumed>) = 5 [pid 5068] <... unlink resumed>) = 0 [pid 15598] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5068] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15598] <... ioctl resumed>) = 0 [pid 15598] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15598] exit_group(0) = ? [pid 15598] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15598, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- [pid 5065] umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./97/binderfs") = 0 [pid 5065] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15631] <... mount resumed>) = 0 [pid 15631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15631] chdir("./file0") = 0 [pid 15631] ioctl(4, LOOP_CLR_FD) = 0 [pid 15631] close(4) = 0 [pid 15631] open("./file0", O_RDONLY) = 4 [pid 15631] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15631] open("./file0", O_RDONLY) = 5 [pid 15631] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15631] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15631] exit_group(0) = ? [pid 15631] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15631, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- [pid 5067] umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5067] unlink("./98/binderfs") = 0 [pid 5067] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./97/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./97") = 0 [pid 5065] mkdir("./98", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5068] <... umount2 resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 15722 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 ./strace-static-x86_64: Process 15722 attached [pid 5068] rmdir("./97/file0" [pid 15722] set_robust_list(0x555557145760, 24 [pid 5068] <... rmdir resumed>) = 0 [pid 15722] <... set_robust_list resumed>) = 0 [pid 15722] chdir("./98" [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15722] <... chdir resumed>) = 0 [pid 5068] close(3) = 0 [pid 15722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15722] setpgid(0, 0 [pid 5068] rmdir("./97" [pid 15722] <... setpgid resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 15722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15722] write(3, "1000", 4 [pid 5068] mkdir("./98", 0777 [pid 15722] <... write resumed>) = 4 [pid 5068] <... mkdir resumed>) = 0 [pid 15722] close(3 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 15722] <... close resumed>) = 0 [pid 5068] close(3 [pid 15722] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... close resumed>) = 0 [pid 15722] <... symlink resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15722] memfd_create("syzkaller", 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 15723 [pid 15722] <... memfd_create resumed>) = 3 [pid 15722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 ./strace-static-x86_64: Process 15723 attached [pid 15723] set_robust_list(0x555557145760, 24) = 0 [pid 15723] chdir("./98") = 0 [pid 15723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15723] setpgid(0, 0) = 0 [pid 15723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15723] write(3, "1000", 4) = 4 [pid 15723] close(3) = 0 [pid 15723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15723] memfd_create("syzkaller", 0) = 3 [pid 15723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15684] <... write resumed>) = 16777216 [pid 15684] munmap(0x7fda9371b000, 138412032) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", [pid 15684] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15684] <... openat resumed>) = 4 [pid 15684] ioctl(4, LOOP_SET_FD, 3 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./98/file0" [pid 15684] <... ioctl resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 15684] close(3 [pid 5067] getdents64(3, [pid 15684] <... close resumed>) = 0 [ 291.580410][T15684] loop2: detected capacity change from 0 to 32768 [pid 15684] mkdir("./file0", 0777) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15684] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5067] close(3) = 0 [pid 5067] rmdir("./98") = 0 [pid 5067] mkdir("./99", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15724 attached [pid 15724] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 15724 [ 291.633062][T15684] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15684) [pid 15724] <... set_robust_list resumed>) = 0 [pid 15724] chdir("./99") = 0 [pid 15724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15724] setpgid(0, 0) = 0 [pid 15724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15724] write(3, "1000", 4) = 4 [pid 15724] close(3 [pid 15722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15724] <... close resumed>) = 0 [pid 15724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15724] memfd_create("syzkaller", 0 [pid 15702] <... write resumed>) = 16777216 [pid 15724] <... memfd_create resumed>) = 3 [pid 15724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15702] munmap(0x7fda9371b000, 138412032 [pid 15715] <... write resumed>) = 16777216 [pid 15702] <... munmap resumed>) = 0 [pid 15723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15702] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15715] munmap(0x7fda9371b000, 138412032) = 0 [pid 15702] close(3) = 0 [pid 15702] mkdir("./file0", 0777) = 0 [ 291.802349][T15702] loop0: detected capacity change from 0 to 32768 [ 291.879468][T15702] BTRFS: device /dev/loop0 using temp-fsid 2a825cfe-57fa-4c82-bb7e-afc316087419 [ 291.888547][T15702] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15702) [pid 15702] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15715] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 15715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15715] close(3) = 0 [pid 15715] mkdir("./file0", 0777) = 0 [ 291.930177][T15715] loop5: detected capacity change from 0 to 32768 [pid 15715] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15684] <... mount resumed>) = 0 [pid 15684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15684] chdir("./file0") = 0 [pid 15684] ioctl(4, LOOP_CLR_FD) = 0 [pid 15684] close(4) = 0 [pid 15684] open("./file0", O_RDONLY) = 4 [pid 15684] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15684] open("./file0", O_RDONLY) = 5 [pid 15684] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15684] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 292.034528][T15715] BTRFS: device /dev/loop5 using temp-fsid cf2b8f77-57e3-434e-b97d-02c4260abf17 [pid 15684] exit_group(0) = ? [pid 15684] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15684, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- [pid 5066] umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./99/binderfs") = 0 [pid 5066] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15722] <... write resumed>) = 16777216 [ 292.104330][T15715] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15715) [pid 15722] munmap(0x7fda9371b000, 138412032) = 0 [pid 15722] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 15722] ioctl(4, LOOP_SET_FD, 3 [pid 15723] <... write resumed>) = 16777216 [pid 15723] munmap(0x7fda9371b000, 138412032 [pid 15722] <... ioctl resumed>) = 0 [pid 15723] <... munmap resumed>) = 0 [pid 15723] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 15722] close(3) = 0 [pid 15722] mkdir("./file0", 0777) = 0 [ 292.216383][T15722] loop1: detected capacity change from 0 to 32768 [pid 15722] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15723] <... openat resumed>) = 4 [pid 15723] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15702] <... mount resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./99/file0", [pid 15702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15702] <... openat resumed>) = 3 [pid 5066] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15702] chdir("./file0" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15702] <... chdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15702] ioctl(4, LOOP_CLR_FD [pid 5066] <... openat resumed>) = 4 [pid 15702] <... ioctl resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 15702] close(4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15702] <... close resumed>) = 0 [pid 5066] getdents64(4, [pid 15702] open("./file0", O_RDONLY [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15702] <... open resumed>) = 4 [pid 5066] getdents64(4, [pid 15702] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./99/file0") = 0 [pid 5066] getdents64(3, [pid 15702] <... ioctl resumed>) = 0 [pid 15702] open("./file0", O_RDONLY [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15702] <... open resumed>) = 5 [ 292.270648][T15722] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15722) [ 292.305890][T15723] loop4: detected capacity change from 0 to 32768 [pid 5066] close(3 [pid 15723] <... ioctl resumed>) = 0 [pid 15702] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... close resumed>) = 0 [pid 15723] close(3 [pid 5066] rmdir("./99" [pid 15723] <... close resumed>) = 0 [pid 15702] <... ioctl resumed>) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 15723] mkdir("./file0", 0777 [pid 15702] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] mkdir("./100", 0777 [pid 15723] <... mkdir resumed>) = 0 [pid 15702] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... mkdir resumed>) = 0 [pid 15723] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15702] exit_group(0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 15702] <... exit_group resumed>) = ? [pid 5066] <... openat resumed>) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 15702] +++ exited with 0 +++ [pid 5066] <... ioctl resumed>) = 0 [pid 5066] close(3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15702, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- [pid 5066] <... close resumed>) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 15783 attached [pid 15783] set_robust_list(0x555557145760, 24 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15783] <... set_robust_list resumed>) = 0 [pid 15783] chdir("./100" [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 15783 [pid 5064] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15783] <... chdir resumed>) = 0 [pid 15783] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... openat resumed>) = 3 [pid 15783] <... prctl resumed>) = 0 [pid 15783] setpgid(0, 0 [pid 5064] newfstatat(3, "", [pid 15783] <... setpgid resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 15783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 292.390454][T15723] BTRFS: device /dev/loop4 using temp-fsid c6f98879-269d-45e0-ac99-9fa3f7b94065 [pid 5064] newfstatat(AT_FDCWD, "./97/binderfs", [pid 15783] <... openat resumed>) = 3 [pid 15724] <... write resumed>) = 16777216 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./97/binderfs") = 0 [pid 5064] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15783] write(3, "1000", 4 [pid 15724] munmap(0x7fda9371b000, 138412032 [pid 15783] <... write resumed>) = 4 [pid 15724] <... munmap resumed>) = 0 [pid 15783] close(3) = 0 [pid 15783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15783] memfd_create("syzkaller", 0) = 3 [pid 15724] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 15715] <... mount resumed>) = 0 [pid 15783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15724] <... openat resumed>) = 4 [ 292.444319][T15723] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15723) [pid 15715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15724] ioctl(4, LOOP_SET_FD, 3 [pid 15715] <... openat resumed>) = 3 [pid 15715] chdir("./file0") = 0 [pid 15715] ioctl(4, LOOP_CLR_FD) = 0 [pid 15715] close(4) = 0 [pid 15715] open("./file0", O_RDONLY) = 4 [pid 15715] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15724] <... ioctl resumed>) = 0 [pid 15715] <... ioctl resumed>) = 0 [pid 15724] close(3 [pid 15715] open("./file0", O_RDONLY) = 5 [pid 15724] <... close resumed>) = 0 [pid 15715] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15724] mkdir("./file0", 0777) = 0 [ 292.491558][T15724] loop3: detected capacity change from 0 to 32768 [ 292.510312][T15722] _btrfs_printk: 76 callbacks suppressed [ 292.510327][T15722] BTRFS info (device loop1): rebuilding free space tree [ 292.579730][T15722] BTRFS info (device loop1): disabling free space tree [ 292.580567][T15724] BTRFS: device /dev/loop3 using temp-fsid 04c98273-5189-45ff-974e-00893955bf44 [ 292.586630][T15722] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 292.605470][T15722] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15724] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15715] <... ioctl resumed>) = 0 [pid 15715] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15715] exit_group(0) = ? [pid 15715] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15715, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=23 /* 0.23 s */} --- [pid 5069] umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./98/binderfs") = 0 [pid 5069] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15722] <... mount resumed>) = 0 [pid 15722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15722] chdir("./file0") = 0 [ 292.627471][T15722] BTRFS info (device loop1): checking UUID tree [ 292.637572][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 15722] ioctl(4, LOOP_CLR_FD) = 0 [pid 15722] close(4) = 0 [pid 15722] open("./file0", O_RDONLY) = 4 [ 292.695053][T15724] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15724) [pid 15722] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15722] <... ioctl resumed>) = 0 [pid 15722] open("./file0", O_RDONLY) = 5 [pid 15722] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15722] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15722] exit_group(0) = ? [pid 15722] +++ exited with 0 +++ [pid 5064] <... umount2 resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15722, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [pid 5064] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... restart_syscall resumed>) = 0 [pid 5064] newfstatat(AT_FDCWD, "./97/file0", [pid 5065] umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5065] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5065] <... openat resumed>) = 3 [pid 5064] rmdir("./97/file0" [pid 5065] newfstatat(3, "", [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 292.783941][T15724] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 292.814208][ T1047] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5064] getdents64(3, [pid 5065] getdents64(3, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./97") = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] mkdir("./98", 0777 [pid 5065] umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] newfstatat(AT_FDCWD, "./98/binderfs", [pid 5064] <... ioctl resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] close(3 [pid 5065] unlink("./98/binderfs" [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5065] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15808 ./strace-static-x86_64: Process 15808 attached [pid 5069] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./98/file0") = 0 [pid 15808] set_robust_list(0x555557145760, 24 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./98") = 0 [pid 5069] mkdir("./99", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15809 attached [pid 15808] <... set_robust_list resumed>) = 0 [ 292.845683][T15724] BTRFS info (device loop3): force clearing of disk cache [ 292.875188][T15723] BTRFS info (device loop4): enabling ssd optimizations [ 292.881932][T15724] BTRFS info (device loop3): setting nodatasum [pid 15809] set_robust_list(0x555557145760, 24) = 0 [pid 15808] chdir("./98" [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 15809 [pid 15809] chdir("./99") = 0 [pid 15809] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15808] <... chdir resumed>) = 0 [pid 15808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15809] <... prctl resumed>) = 0 [pid 15808] setpgid(0, 0 [pid 15809] setpgid(0, 0) = 0 [pid 15809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15808] <... setpgid resumed>) = 0 [ 292.910557][T15723] BTRFS info (device loop4): auto enabling async discard [ 292.915252][T15724] BTRFS info (device loop3): allowing degraded mounts [pid 15809] <... openat resumed>) = 3 [pid 15809] write(3, "1000", 4) = 4 [pid 15809] close(3) = 0 [pid 15809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15809] memfd_create("syzkaller", 0 [pid 15808] <... openat resumed>) = 3 [pid 15808] write(3, "1000", 4 [pid 15809] <... memfd_create resumed>) = 3 [pid 15808] <... write resumed>) = 4 [pid 15809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15808] close(3 [pid 15809] <... mmap resumed>) = 0x7fda9371b000 [pid 15808] <... close resumed>) = 0 [pid 15808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15808] memfd_create("syzkaller", 0) = 3 [pid 15808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 292.950811][T15724] BTRFS info (device loop3): enabling disk space caching [ 292.955392][T15723] BTRFS info (device loop4): rebuilding free space tree [ 292.978771][T15724] BTRFS info (device loop3): disk space caching is enabled [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./98/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./98") = 0 [pid 5065] mkdir("./99", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15822 attached , child_tidptr=0x555557145750) = 15822 [pid 15822] set_robust_list(0x555557145760, 24) = 0 [pid 15822] chdir("./99") = 0 [ 293.074914][T15723] BTRFS info (device loop4): disabling free space tree [pid 15822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15822] setpgid(0, 0) = 0 [pid 15822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15822] write(3, "1000", 4) = 4 [pid 15808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15822] close(3) = 0 [pid 15822] symlink("/dev/binderfs", "./binderfs") = 0 [ 293.138867][T15723] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 293.148535][T15723] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15822] memfd_create("syzkaller", 0) = 3 [pid 15783] <... write resumed>) = 16777216 [pid 15822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 293.259371][T15724] BTRFS info (device loop3): enabling ssd optimizations [ 293.284883][T15724] BTRFS info (device loop3): auto enabling async discard [ 293.300001][T15723] BTRFS info (device loop4): checking UUID tree [pid 15783] munmap(0x7fda9371b000, 138412032) = 0 [pid 15723] <... mount resumed>) = 0 [pid 15723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15783] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 15723] chdir("./file0" [pid 15783] <... openat resumed>) = 4 [pid 15723] <... chdir resumed>) = 0 [pid 15783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15723] ioctl(4, LOOP_CLR_FD) = 0 [pid 15723] close(4) = 0 [pid 15783] close(3) = 0 [pid 15783] mkdir("./file0", 0777) = 0 [pid 15723] open("./file0", O_RDONLY) = 4 [pid 15783] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 293.351394][T15724] BTRFS info (device loop3): rebuilding free space tree [ 293.359750][T15783] loop2: detected capacity change from 0 to 32768 [pid 15723] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 293.412417][T15783] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15783) [pid 15723] open("./file0", O_RDONLY) = 5 [pid 15723] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15723] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15723] exit_group(0) = ? [pid 15723] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15723, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- [ 293.454552][T15724] BTRFS info (device loop3): disabling free space tree [pid 5068] umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, [pid 15809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [ 293.518976][T15783] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 293.520987][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 293.528199][T15783] BTRFS info (device loop2): force clearing of disk cache [ 293.537443][T15724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5068] umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./98/binderfs") = 0 [ 293.583360][T15724] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5068] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15724] <... mount resumed>) = 0 [pid 15724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15724] chdir("./file0") = 0 [pid 15724] ioctl(4, LOOP_CLR_FD) = 0 [pid 15724] close(4) = 0 [pid 15724] open("./file0", O_RDONLY) = 4 [pid 15724] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 293.642917][T15724] BTRFS info (device loop3): checking UUID tree [ 293.661416][T15783] BTRFS info (device loop2): setting nodatasum [ 293.667592][T15783] BTRFS info (device loop2): allowing degraded mounts [pid 15724] open("./file0", O_RDONLY) = 5 [pid 15724] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15724] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15724] exit_group(0) = ? [pid 15724] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15724, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5067] umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 293.742176][T15783] BTRFS info (device loop2): enabling disk space caching [ 293.744493][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./99/binderfs", [pid 15808] <... write resumed>) = 16777216 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./99/binderfs" [pid 15808] munmap(0x7fda9371b000, 138412032 [pid 5067] <... unlink resumed>) = 0 [ 293.788762][T15783] BTRFS info (device loop2): disk space caching is enabled [pid 5067] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15808] <... munmap resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 15808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15808] ioctl(4, LOOP_SET_FD, 3 [pid 5068] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, [pid 15808] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15808] close(3 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./98/file0" [pid 15808] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 15808] mkdir("./file0", 0777) = 0 [pid 5068] getdents64(3, [ 293.860502][T15808] loop0: detected capacity change from 0 to 32768 [pid 15808] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./98") = 0 [pid 5068] mkdir("./99", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 293.930839][T15808] BTRFS: device /dev/loop0 using temp-fsid 55de389b-9e22-4903-9f20-50023cd75248 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [ 293.990044][T15808] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15808) [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15844 attached [pid 15844] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 15844 [pid 15844] <... set_robust_list resumed>) = 0 [pid 15844] chdir("./99") = 0 [pid 15844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15844] setpgid(0, 0) = 0 [pid 15844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15844] write(3, "1000", 4) = 4 [pid 15844] close(3) = 0 [pid 15844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15844] memfd_create("syzkaller", 0) = 3 [pid 15844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 294.094944][T15808] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 294.132037][T15808] BTRFS info (device loop0): force clearing of disk cache [ 294.138651][T15783] BTRFS info (device loop2): enabling ssd optimizations [pid 5067] <... umount2 resumed>) = 0 [pid 5067] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 294.170687][T15808] BTRFS info (device loop0): setting nodatasum [ 294.182288][T15783] BTRFS info (device loop2): auto enabling async discard [ 294.191635][T15808] BTRFS info (device loop0): allowing degraded mounts [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15809] <... write resumed>) = 16777216 [pid 5067] close(4) = 0 [pid 5067] rmdir("./99/file0") = 0 [ 294.218792][T15808] BTRFS info (device loop0): enabling disk space caching [ 294.226303][T15808] BTRFS info (device loop0): disk space caching is enabled [ 294.239726][T15783] BTRFS info (device loop2): rebuilding free space tree [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./99") = 0 [pid 5067] mkdir("./100", 0777 [pid 15809] munmap(0x7fda9371b000, 138412032 [pid 5067] <... mkdir resumed>) = 0 [pid 15809] <... munmap resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 15809] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5067] <... openat resumed>) = 3 [pid 15809] <... openat resumed>) = 4 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 15809] ioctl(4, LOOP_SET_FD, 3 [pid 5067] close(3) = 0 [ 294.272053][T15783] BTRFS info (device loop2): disabling free space tree [ 294.288999][T15783] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15809] <... ioctl resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 15854 ./strace-static-x86_64: Process 15854 attached [pid 15854] set_robust_list(0x555557145760, 24) = 0 [pid 15809] close(3) = 0 [pid 15854] chdir("./100" [pid 15809] mkdir("./file0", 0777 [pid 15854] <... chdir resumed>) = 0 [pid 15854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15809] <... mkdir resumed>) = 0 [pid 15809] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15854] setpgid(0, 0) = 0 [pid 15854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15854] write(3, "1000", 4) = 4 [pid 15854] close(3) = 0 [pid 15854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15854] memfd_create("syzkaller", 0) = 3 [pid 15854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 294.349244][T15809] loop5: detected capacity change from 0 to 32768 [ 294.356022][T15783] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 294.379489][T15809] BTRFS: device /dev/loop5 using temp-fsid 746ba15a-a5fa-4d89-9908-d668682333e4 [ 294.391777][T15809] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15809) [pid 15822] <... write resumed>) = 16777216 [pid 15844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15822] munmap(0x7fda9371b000, 138412032) = 0 [ 294.421197][T15783] BTRFS info (device loop2): checking UUID tree [ 294.447658][T15809] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 294.460901][T15808] BTRFS info (device loop0): enabling ssd optimizations [pid 15822] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 15783] <... mount resumed>) = 0 [pid 15822] <... openat resumed>) = 4 [ 294.468884][T15809] BTRFS info (device loop5): force clearing of disk cache [ 294.476049][T15809] BTRFS info (device loop5): setting nodatasum [ 294.498750][T15809] BTRFS info (device loop5): allowing degraded mounts [ 294.499822][T15822] loop1: detected capacity change from 0 to 32768 [ 294.505506][T15809] BTRFS info (device loop5): enabling disk space caching [pid 15783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15822] ioctl(4, LOOP_SET_FD, 3 [pid 15783] <... openat resumed>) = 3 [pid 15783] chdir("./file0") = 0 [pid 15783] ioctl(4, LOOP_CLR_FD) = 0 [pid 15783] close(4) = 0 [pid 15783] open("./file0", O_RDONLY) = 4 [pid 15783] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15822] <... ioctl resumed>) = 0 [pid 15783] <... ioctl resumed>) = 0 [pid 15783] open("./file0", O_RDONLY) = 5 [pid 15783] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15822] close(3) = 0 [ 294.505523][T15809] BTRFS info (device loop5): disk space caching is enabled [ 294.526897][T15808] BTRFS info (device loop0): auto enabling async discard [pid 15822] mkdir("./file0", 0777) = 0 [pid 15822] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15783] <... ioctl resumed>) = 0 [pid 15783] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15783] exit_group(0) = ? [pid 15783] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15783, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [pid 5066] umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 294.576351][T15808] BTRFS info (device loop0): rebuilding free space tree [ 294.580887][T15822] BTRFS: device /dev/loop1 using temp-fsid 171d567d-b1bb-4fc9-8e94-6f137598fe70 [pid 5066] unlink("./100/binderfs") = 0 [pid 5066] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15844] <... write resumed>) = 16777216 [ 294.637856][ T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 294.659707][T15808] BTRFS info (device loop0): disabling free space tree [ 294.666677][T15822] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15822) [pid 15844] munmap(0x7fda9371b000, 138412032) = 0 [pid 15844] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 15844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15844] close(3) = 0 [pid 15844] mkdir("./file0", 0777) = 0 [ 294.685882][T15808] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 294.700031][T15844] loop4: detected capacity change from 0 to 32768 [ 294.709464][T15808] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 294.731721][T15844] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15844) [ 294.738397][T15808] BTRFS info (device loop0): checking UUID tree [ 294.748841][T15822] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 294.761138][T15809] BTRFS info (device loop5): enabling ssd optimizations [ 294.768473][T15809] BTRFS info (device loop5): auto enabling async discard [ 294.771440][T15822] BTRFS info (device loop1): force clearing of disk cache [pid 15844] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... umount2 resumed>) = 0 [pid 15808] <... mount resumed>) = 0 [pid 15808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./100/file0") = 0 [pid 15808] chdir("./file0" [pid 5066] getdents64(3, [pid 15808] <... chdir resumed>) = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./100") = 0 [pid 15808] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] mkdir("./101", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15808] close(4 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 15881 ./strace-static-x86_64: Process 15881 attached [pid 15881] set_robust_list(0x555557145760, 24) = 0 [pid 15881] chdir("./101") = 0 [pid 15881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 294.778136][T15809] BTRFS info (device loop5): rebuilding free space tree [ 294.793799][T15844] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 15808] <... close resumed>) = 0 [pid 15881] setpgid(0, 0 [pid 15808] open("./file0", O_RDONLY [pid 15854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15808] <... open resumed>) = 4 [pid 15881] <... setpgid resumed>) = 0 [pid 15808] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15881] write(3, "1000", 4) = 4 [pid 15881] close(3) = 0 [ 294.845416][T15844] BTRFS info (device loop4): force clearing of disk cache [ 294.847026][T15809] BTRFS info (device loop5): disabling free space tree [ 294.853278][T15822] BTRFS info (device loop1): setting nodatasum [pid 15881] symlink("/dev/binderfs", "./binderfs" [pid 15808] <... ioctl resumed>) = 0 [pid 15881] <... symlink resumed>) = 0 [pid 15881] memfd_create("syzkaller", 0) = 3 [pid 15881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15808] open("./file0", O_RDONLY) = 5 [ 294.888337][T15809] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 294.899225][T15822] BTRFS info (device loop1): allowing degraded mounts [ 294.906876][T15844] BTRFS info (device loop4): setting nodatasum [ 294.910169][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 294.919144][T15822] BTRFS info (device loop1): enabling disk space caching [pid 15808] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15808] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15808] exit_group(0) = ? [pid 15808] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15808, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 15809] <... mount resumed>) = 0 [pid 15809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5064] umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 294.928742][T15809] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 294.941132][T15844] BTRFS info (device loop4): allowing degraded mounts [ 294.962041][T15809] BTRFS info (device loop5): checking UUID tree [ 294.979247][T15844] BTRFS info (device loop4): enabling disk space caching [pid 5064] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15809] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 5064] newfstatat(3, "", [pid 15809] chdir("./file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15809] <... chdir resumed>) = 0 [pid 15809] ioctl(4, LOOP_CLR_FD [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15809] <... ioctl resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./98/binderfs", [pid 15809] close(4 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15809] <... close resumed>) = 0 [pid 15809] open("./file0", O_RDONLY [pid 5064] unlink("./98/binderfs" [pid 15809] <... open resumed>) = 4 [pid 5064] <... unlink resumed>) = 0 [pid 15809] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 294.987566][T15822] BTRFS info (device loop1): disk space caching is enabled [ 295.029727][T15844] BTRFS info (device loop4): disk space caching is enabled [pid 5064] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15809] <... ioctl resumed>) = 0 [pid 15809] open("./file0", O_RDONLY) = 5 [pid 15809] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15809] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15809] exit_group(0) = ? [pid 15809] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15809, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5069] umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 295.111097][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./99/binderfs") = 0 [pid 5069] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [ 295.212415][T15844] BTRFS info (device loop4): enabling ssd optimizations [pid 5064] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./98/file0", [pid 15881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./98/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [ 295.253429][T15844] BTRFS info (device loop4): auto enabling async discard [ 295.264371][T15822] BTRFS info (device loop1): enabling ssd optimizations [pid 5064] rmdir("./98") = 0 [pid 5064] mkdir("./99", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 15915 ./strace-static-x86_64: Process 15915 attached [pid 15915] set_robust_list(0x555557145760, 24) = 0 [pid 15915] chdir("./99") = 0 [pid 15915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15915] setpgid(0, 0) = 0 [pid 15915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15915] write(3, "1000", 4) = 4 [pid 15915] close(3) = 0 [pid 15915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15915] memfd_create("syzkaller", 0) = 3 [pid 15915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 295.327973][T15822] BTRFS info (device loop1): auto enabling async discard [ 295.359019][T15844] BTRFS info (device loop4): rebuilding free space tree [ 295.386898][T15844] BTRFS info (device loop4): disabling free space tree [ 295.418762][T15844] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 295.427568][T15822] BTRFS info (device loop1): rebuilding free space tree [ 295.428543][T15844] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15854] <... write resumed>) = 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 15854] munmap(0x7fda9371b000, 138412032 [pid 5069] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 15854] <... munmap resumed>) = 0 [pid 15854] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 15854] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... openat resumed>) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [ 295.480793][T15844] BTRFS info (device loop4): checking UUID tree [ 295.495099][T15822] BTRFS info (device loop1): disabling free space tree [ 295.502711][T15854] loop3: detected capacity change from 0 to 32768 [pid 15844] <... mount resumed>) = 0 [pid 5069] getdents64(4, [pid 15844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15854] <... ioctl resumed>) = 0 [pid 15854] close(3) = 0 [pid 15854] mkdir("./file0", 0777) = 0 [pid 15854] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15844] chdir("./file0" [pid 5069] close(4) = 0 [pid 15844] <... chdir resumed>) = 0 [pid 5069] rmdir("./99/file0" [pid 15844] ioctl(4, LOOP_CLR_FD [pid 5069] <... rmdir resumed>) = 0 [pid 15844] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15844] close(4 [ 295.529909][T15822] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 295.548739][T15822] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 295.559507][T15854] BTRFS: device /dev/loop3 using temp-fsid 66fcd63b-9118-4d5d-a3d9-ac970a8906a3 [pid 5069] close(3 [pid 15844] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./99" [pid 15844] open("./file0", O_RDONLY [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./100", 0777 [pid 15844] <... open resumed>) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 15844] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 15844] <... ioctl resumed>) = 0 [pid 15844] open("./file0", O_RDONLY) = 5 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 15844] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 15844] <... ioctl resumed>) = 0 [ 295.599168][T15854] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15854) [ 295.609729][T15822] BTRFS info (device loop1): checking UUID tree [pid 5069] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15844] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15844] exit_group(0) = ? [pid 15844] +++ exited with 0 +++ [pid 15822] <... mount resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15844, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 15822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 15918 attached [pid 15918] set_robust_list(0x555557145760, 24) = 0 [pid 15822] <... openat resumed>) = 3 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 15918 [pid 5068] umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15822] chdir("./file0" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 15822] <... chdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 295.661933][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 15918] chdir("./100") = 0 [pid 15822] ioctl(4, LOOP_CLR_FD [pid 5068] <... openat resumed>) = 3 [pid 15822] <... ioctl resumed>) = 0 [pid 15918] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15822] close(4 [pid 5068] newfstatat(3, "", [pid 15822] <... close resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15918] <... prctl resumed>) = 0 [pid 15822] open("./file0", O_RDONLY [pid 5068] getdents64(3, [pid 15918] setpgid(0, 0 [pid 15822] <... open resumed>) = 4 [ 295.708783][T15854] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 295.718013][T15854] BTRFS info (device loop3): force clearing of disk cache [pid 15918] <... setpgid resumed>) = 0 [pid 15822] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] newfstatat(AT_FDCWD, "./99/binderfs", [pid 15918] <... openat resumed>) = 3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15918] write(3, "1000", 4 [pid 5068] unlink("./99/binderfs" [pid 15918] <... write resumed>) = 4 [pid 15918] close(3 [pid 5068] <... unlink resumed>) = 0 [pid 5068] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15918] <... close resumed>) = 0 [pid 15918] symlink("/dev/binderfs", "./binderfs" [pid 15881] <... write resumed>) = 16777216 [pid 15918] <... symlink resumed>) = 0 [pid 15881] munmap(0x7fda9371b000, 138412032 [pid 15918] memfd_create("syzkaller", 0 [pid 15881] <... munmap resumed>) = 0 [pid 15918] <... memfd_create resumed>) = 3 [pid 15822] <... ioctl resumed>) = 0 [pid 15918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15822] open("./file0", O_RDONLY [pid 15918] <... mmap resumed>) = 0x7fda9371b000 [pid 15881] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 15822] <... open resumed>) = 5 [pid 15881] <... openat resumed>) = 4 [pid 15822] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15822] <... ioctl resumed>) = 0 [pid 15822] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15822] exit_group(0) = ? [pid 15881] close(3 [pid 15822] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15822, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 15881] <... close resumed>) = 0 [pid 15881] mkdir("./file0", 0777) = 0 [pid 15881] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./99/binderfs") = 0 [pid 15915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 295.801008][T15881] loop2: detected capacity change from 0 to 32768 [ 295.858389][T15881] BTRFS: device /dev/loop2 using temp-fsid 2e238cbb-041d-4217-be43-ec7d734037f7 [ 295.932429][T15881] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15881) [pid 5065] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15915] <... write resumed>) = 16777216 [pid 15915] munmap(0x7fda9371b000, 138412032) = 0 [pid 15915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15915] close(3) = 0 [pid 15915] mkdir("./file0", 0777) = 0 [pid 15915] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 296.027170][T15915] loop0: detected capacity change from 0 to 32768 [ 296.063865][T15915] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15915) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./99/file0", [pid 5068] newfstatat(AT_FDCWD, "./99/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... openat resumed>) = 4 [pid 5068] <... openat resumed>) = 4 [pid 5065] newfstatat(4, "", [pid 5068] newfstatat(4, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, [pid 5068] getdents64(4, [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5065] close(4 [pid 5068] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] rmdir("./99/file0" [pid 5065] rmdir("./99/file0") = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5065] getdents64(3, [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5065] close(3 [pid 5068] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] rmdir("./99" [pid 5065] rmdir("./99" [pid 5068] <... rmdir resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5068] mkdir("./100", 0777 [pid 5065] mkdir("./100", 0777 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5068] <... openat resumed>) = 3 [pid 5065] <... openat resumed>) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5065] <... ioctl resumed>) = 0 [pid 5068] close(3 [pid 5065] close(3 [pid 5068] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15963 attached ./strace-static-x86_64: Process 15964 attached [pid 15963] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 15963 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 15964 [pid 15963] <... set_robust_list resumed>) = 0 [pid 15964] set_robust_list(0x555557145760, 24 [pid 15963] chdir("./100") = 0 [pid 15964] <... set_robust_list resumed>) = 0 [pid 15963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15964] chdir("./100" [pid 15963] setpgid(0, 0 [pid 15918] <... write resumed>) = 16777216 [pid 15854] <... mount resumed>) = 0 [pid 15963] <... setpgid resumed>) = 0 [pid 15918] munmap(0x7fda9371b000, 138412032 [pid 15964] <... chdir resumed>) = 0 [pid 15963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15964] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15963] <... openat resumed>) = 3 [pid 15854] <... openat resumed>) = 3 [pid 15963] write(3, "1000", 4) = 4 [pid 15963] close(3) = 0 [pid 15964] <... prctl resumed>) = 0 [pid 15963] symlink("/dev/binderfs", "./binderfs" [pid 15854] chdir("./file0" [pid 15964] setpgid(0, 0 [pid 15963] <... symlink resumed>) = 0 [pid 15918] <... munmap resumed>) = 0 [pid 15854] <... chdir resumed>) = 0 [pid 15964] <... setpgid resumed>) = 0 [pid 15963] memfd_create("syzkaller", 0 [pid 15854] ioctl(4, LOOP_CLR_FD [pid 15964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 15963] <... memfd_create resumed>) = 3 [pid 15854] <... ioctl resumed>) = 0 [pid 15964] <... openat resumed>) = 3 [pid 15963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15854] close(4 [pid 15964] write(3, "1000", 4 [pid 15963] <... mmap resumed>) = 0x7fda9371b000 [pid 15854] <... close resumed>) = 0 [pid 15964] <... write resumed>) = 4 [pid 15918] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 15854] open("./file0", O_RDONLY [pid 15964] close(3 [pid 15918] <... openat resumed>) = 4 [pid 15854] <... open resumed>) = 4 [pid 15964] <... close resumed>) = 0 [pid 15918] ioctl(4, LOOP_SET_FD, 3 [pid 15854] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 15964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15964] memfd_create("syzkaller", 0 [pid 15854] <... ioctl resumed>) = 0 [pid 15964] <... memfd_create resumed>) = 3 [pid 15854] open("./file0", O_RDONLY [pid 15964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15854] <... open resumed>) = 5 [ 296.344609][T15918] loop5: detected capacity change from 0 to 32768 [pid 15964] <... mmap resumed>) = 0x7fda9371b000 [pid 15854] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 15881] <... mount resumed>) = 0 [pid 15881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15918] <... ioctl resumed>) = 0 [pid 15881] <... openat resumed>) = 3 [pid 15854] <... ioctl resumed>) = 0 [pid 15963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15918] close(3 [pid 15881] chdir("./file0" [pid 15854] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 15918] <... close resumed>) = 0 [pid 15881] <... chdir resumed>) = 0 [pid 15854] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 15918] mkdir("./file0", 0777 [pid 15881] ioctl(4, LOOP_CLR_FD [pid 15854] exit_group(0 [pid 15918] <... mkdir resumed>) = 0 [pid 15881] <... ioctl resumed>) = 0 [pid 15854] <... exit_group resumed>) = ? [pid 15918] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15881] close(4 [pid 15854] +++ exited with 0 +++ [pid 15881] <... close resumed>) = 0 [pid 15881] open("./file0", O_RDONLY) = 4 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15854, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 15881] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 15881] <... ioctl resumed>) = 0 [pid 5067] newfstatat(3, "", [pid 15881] open("./file0", O_RDONLY [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15881] <... open resumed>) = 5 [pid 5067] getdents64(3, [pid 15881] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./100/binderfs", [pid 15915] <... mount resumed>) = 0 [pid 15915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15915] chdir("./file0" [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15915] <... chdir resumed>) = 0 [pid 15915] ioctl(4, LOOP_CLR_FD) = 0 [pid 15915] close(4) = 0 [pid 15915] open("./file0", O_RDONLY) = 4 [pid 5067] unlink("./100/binderfs" [pid 15915] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5067] <... unlink resumed>) = 0 [pid 15881] <... ioctl resumed>) = 0 [pid 15881] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 296.435026][T15918] BTRFS: device /dev/loop5 using temp-fsid 7552ba57-db0a-4735-ba94-a3d407817aae [pid 15881] exit_group(0) = ? [pid 15881] +++ exited with 0 +++ [pid 5067] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15881, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- [pid 15915] <... ioctl resumed>) = 0 [pid 15915] open("./file0", O_RDONLY) = 5 [pid 15915] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15915] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15915] exit_group(0) = ? [pid 15915] +++ exited with 0 +++ [pid 5066] umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15915, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- [pid 5066] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(3, "", [pid 5064] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5066] getdents64(3, [pid 5064] newfstatat(3, "", [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 296.494353][T15918] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (15918) [pid 5066] umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(3, [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./99/binderfs", [pid 5066] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./99/binderfs" [pid 5066] unlink("./101/binderfs" [pid 5064] <... unlink resumed>) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5064] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5064] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./99/file0", [pid 5067] newfstatat(AT_FDCWD, "./100/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] close(4 [pid 5067] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... close resumed>) = 0 [pid 5067] newfstatat(4, "", [pid 5066] newfstatat(AT_FDCWD, "./101/file0", [pid 5064] rmdir("./99/file0" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 5066] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] getdents64(4, [pid 5066] openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] getdents64(3, [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... openat resumed>) = 4 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(4, [pid 5066] newfstatat(4, "", [pid 5064] close(3 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... close resumed>) = 0 [pid 5067] close(4 [pid 5066] getdents64(4, [pid 5064] rmdir("./99" [pid 5067] <... close resumed>) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] <... rmdir resumed>) = 0 [pid 5067] rmdir("./100/file0" [pid 5066] getdents64(4, [pid 5064] mkdir("./100", 0777) = 0 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] close(4) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] rmdir("./101/file0" [pid 5064] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5067] getdents64(3, [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 5067] close(3 [pid 5064] close(3 [pid 5067] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5067] rmdir("./100" [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15989 attached [pid 5067] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./101") = 0 [pid 5067] mkdir("./101", 0777) = 0 [pid 5066] mkdir("./102", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 15989 [pid 5066] <... openat resumed>) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5067] <... openat resumed>) = 3 [pid 5066] <... ioctl resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5066] close(3 [pid 15989] set_robust_list(0x555557145760, 24) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5067] close(3 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15989] chdir("./100" [pid 5067] <... close resumed>) = 0 [pid 15989] <... chdir resumed>) = 0 [pid 15989] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 15989] <... prctl resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 15990 ./strace-static-x86_64: Process 15990 attached [pid 15989] setpgid(0, 0./strace-static-x86_64: Process 15991 attached [pid 15990] set_robust_list(0x555557145760, 24 [pid 15989] <... setpgid resumed>) = 0 [pid 15991] set_robust_list(0x555557145760, 24 [pid 15989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 15991 [pid 15991] <... set_robust_list resumed>) = 0 [pid 15990] <... set_robust_list resumed>) = 0 [pid 15989] <... openat resumed>) = 3 [pid 15991] chdir("./101") = 0 [pid 15991] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15990] chdir("./102" [pid 15989] write(3, "1000", 4 [pid 15991] <... prctl resumed>) = 0 [pid 15990] <... chdir resumed>) = 0 [pid 15989] <... write resumed>) = 4 [pid 15991] setpgid(0, 0) = 0 [pid 15991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15991] write(3, "1000", 4) = 4 [pid 15991] close(3) = 0 [pid 15991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15991] memfd_create("syzkaller", 0) = 3 [pid 15991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15990] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15989] close(3 [pid 15990] <... prctl resumed>) = 0 [pid 15989] <... close resumed>) = 0 [pid 15990] setpgid(0, 0 [pid 15989] symlink("/dev/binderfs", "./binderfs" [pid 15990] <... setpgid resumed>) = 0 [pid 15989] <... symlink resumed>) = 0 [pid 15989] memfd_create("syzkaller", 0 [pid 15990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15989] <... memfd_create resumed>) = 3 [pid 15990] write(3, "1000", 4 [pid 15989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15990] <... write resumed>) = 4 [pid 15989] <... mmap resumed>) = 0x7fda9371b000 [pid 15990] close(3) = 0 [pid 15990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15990] memfd_create("syzkaller", 0) = 3 [pid 15990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15918] <... mount resumed>) = 0 [pid 15918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15918] chdir("./file0") = 0 [pid 15918] ioctl(4, LOOP_CLR_FD) = 0 [pid 15918] close(4) = 0 [pid 15918] open("./file0", O_RDONLY) = 4 [pid 15918] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15918] open("./file0", O_RDONLY) = 5 [pid 15918] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15918] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15918] exit_group(0) = ? [pid 15918] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15918, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 5069] umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 15989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./100/binderfs") = 0 [pid 5069] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15963] <... write resumed>) = 16777216 [pid 15963] munmap(0x7fda9371b000, 138412032) = 0 [pid 15963] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 15963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15963] close(3) = 0 [pid 15963] mkdir("./file0", 0777) = 0 [pid 15963] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 297.320399][T15963] loop4: detected capacity change from 0 to 32768 [ 297.402243][T15963] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (15963) [pid 15990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 15964] <... write resumed>) = 16777216 [pid 5069] newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 15964] munmap(0x7fda9371b000, 138412032) = 0 [pid 5069] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", [pid 15964] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15964] <... openat resumed>) = 4 [pid 15964] ioctl(4, LOOP_SET_FD, 3 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 15964] <... ioctl resumed>) = 0 [pid 5069] getdents64(4, [pid 15964] close(3 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 15964] <... close resumed>) = 0 [pid 15964] mkdir("./file0", 0777 [pid 5069] close(4 [pid 15964] <... mkdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [ 297.655772][T15964] loop1: detected capacity change from 0 to 32768 [pid 15964] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] rmdir("./100/file0") = 0 [pid 5069] getdents64(3, [pid 15989] <... write resumed>) = 16777216 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 15989] munmap(0x7fda9371b000, 138412032 [pid 5069] close(3) = 0 [ 297.704947][T15964] BTRFS: device /dev/loop1 using temp-fsid 8cc55058-5f79-4c65-8af4-39b95869711f [ 297.709736][T15963] _btrfs_printk: 61 callbacks suppressed [ 297.709747][T15963] BTRFS info (device loop4): enabling ssd optimizations [ 297.725846][T15964] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (15964) [pid 15989] <... munmap resumed>) = 0 [pid 5069] rmdir("./100" [pid 15989] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./101", 0777 [pid 15989] <... openat resumed>) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 15989] ioctl(4, LOOP_SET_FD, 3 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 15989] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 15989] close(3 [pid 5069] <... close resumed>) = 0 [pid 15989] <... close resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16009 attached [pid 15989] mkdir("./file0", 0777 [pid 16009] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 16009 [pid 16009] <... set_robust_list resumed>) = 0 [pid 15989] <... mkdir resumed>) = 0 [ 297.759828][T15964] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 297.768401][T15963] BTRFS info (device loop4): auto enabling async discard [ 297.780192][T15964] BTRFS info (device loop1): force clearing of disk cache [ 297.790341][T15989] loop0: detected capacity change from 0 to 32768 [ 297.797951][T15964] BTRFS info (device loop1): setting nodatasum [pid 16009] chdir("./101" [pid 15989] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16009] <... chdir resumed>) = 0 [pid 16009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16009] setpgid(0, 0) = 0 [ 297.830271][T15963] BTRFS info (device loop4): rebuilding free space tree [ 297.838445][T15989] BTRFS: device /dev/loop0 using temp-fsid f34e93e6-af26-4bf9-b568-54ababcf4e9c [ 297.855191][T15964] BTRFS info (device loop1): allowing degraded mounts [ 297.863572][T15989] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (15989) [pid 16009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16009] write(3, "1000", 4) = 4 [pid 16009] close(3) = 0 [pid 16009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16009] memfd_create("syzkaller", 0) = 3 [pid 16009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 15990] <... write resumed>) = 16777216 [ 297.871568][T15964] BTRFS info (device loop1): enabling disk space caching [ 297.878156][T15963] BTRFS info (device loop4): disabling free space tree [ 297.909123][T15963] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 15990] munmap(0x7fda9371b000, 138412032) = 0 [pid 15990] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 15990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15990] close(3) = 0 [pid 15990] mkdir("./file0", 0777) = 0 [ 297.939761][T15964] BTRFS info (device loop1): disk space caching is enabled [ 297.942101][T15989] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 297.963985][T15990] loop2: detected capacity change from 0 to 32768 [ 297.968764][T15963] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 15990] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 15991] <... write resumed>) = 16777216 [pid 15991] munmap(0x7fda9371b000, 138412032) = 0 [ 297.986928][T15990] BTRFS: device /dev/loop2 using temp-fsid af741a7f-af77-425e-91c3-36c51cc45128 [ 298.013134][T15990] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (15990) [ 298.014465][T15989] BTRFS info (device loop0): force clearing of disk cache [pid 15991] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 15991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15963] <... mount resumed>) = 0 [pid 15963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 298.051478][T15990] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 298.061953][T15963] BTRFS info (device loop4): checking UUID tree [ 298.065451][T15991] loop3: detected capacity change from 0 to 32768 [ 298.075257][T15990] BTRFS info (device loop2): force clearing of disk cache [ 298.075397][T15989] BTRFS info (device loop0): setting nodatasum [ 298.082809][T15990] BTRFS info (device loop2): setting nodatasum [pid 15963] chdir("./file0") = 0 [pid 15963] ioctl(4, LOOP_CLR_FD) = 0 [pid 15991] close(3 [pid 15963] close(4 [pid 15991] <... close resumed>) = 0 [pid 15963] <... close resumed>) = 0 [pid 15991] mkdir("./file0", 0777 [pid 15963] open("./file0", O_RDONLY [pid 15991] <... mkdir resumed>) = 0 [pid 15963] <... open resumed>) = 4 [pid 15991] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 298.096763][T15990] BTRFS info (device loop2): allowing degraded mounts [ 298.104628][T15990] BTRFS info (device loop2): enabling disk space caching [ 298.113236][T15990] BTRFS info (device loop2): disk space caching is enabled [ 298.115061][T15991] BTRFS: device /dev/loop3 using temp-fsid e504e229-e1e3-4041-99ab-8d99d64e5b46 [ 298.121593][T15989] BTRFS info (device loop0): allowing degraded mounts [ 298.138335][T15989] BTRFS info (device loop0): enabling disk space caching [pid 15963] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15963] open("./file0", O_RDONLY) = 5 [pid 15963] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15963] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15963] exit_group(0) = ? [pid 15963] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15963, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} --- [pid 5068] umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 298.145425][T15989] BTRFS info (device loop0): disk space caching is enabled [ 298.154297][T15991] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (15991) [ 298.179998][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./100/binderfs") = 0 [ 298.193559][T15991] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 298.204516][T15991] BTRFS info (device loop3): force clearing of disk cache [ 298.212337][T15991] BTRFS info (device loop3): setting nodatasum [ 298.221925][T15991] BTRFS info (device loop3): allowing degraded mounts [ 298.240130][T15991] BTRFS info (device loop3): enabling disk space caching [ 298.240599][T15964] BTRFS info (device loop1): enabling ssd optimizations [ 298.247188][T15991] BTRFS info (device loop3): disk space caching is enabled [ 298.279757][T15964] BTRFS info (device loop1): auto enabling async discard [ 298.293167][T15964] BTRFS info (device loop1): rebuilding free space tree [pid 5068] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 298.342942][T15989] BTRFS info (device loop0): enabling ssd optimizations [ 298.357731][T15964] BTRFS info (device loop1): disabling free space tree [ 298.357958][T15989] BTRFS info (device loop0): auto enabling async discard [ 298.366145][T15990] BTRFS info (device loop2): enabling ssd optimizations [ 298.382691][T15989] BTRFS info (device loop0): rebuilding free space tree [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./100/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./100") = 0 [pid 5068] mkdir("./101", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16070 attached , child_tidptr=0x555557145750) = 16070 [ 298.386187][T15964] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 298.399390][T15990] BTRFS info (device loop2): auto enabling async discard [ 298.407042][T15964] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 298.418259][T15990] BTRFS info (device loop2): rebuilding free space tree [ 298.435437][T15964] BTRFS info (device loop1): checking UUID tree [pid 16070] set_robust_list(0x555557145760, 24) = 0 [pid 16070] chdir("./101") = 0 [pid 16070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16070] setpgid(0, 0) = 0 [pid 16070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16070] write(3, "1000", 4) = 4 [pid 16070] close(3) = 0 [pid 16070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16070] memfd_create("syzkaller", 0) = 3 [pid 16070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 298.450084][T15990] BTRFS info (device loop2): disabling free space tree [ 298.450445][T15989] BTRFS info (device loop0): disabling free space tree [ 298.457056][T15990] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 298.479212][T15991] BTRFS info (device loop3): enabling ssd optimizations [ 298.486160][T15991] BTRFS info (device loop3): auto enabling async discard [pid 15964] <... mount resumed>) = 0 [pid 15964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 15964] chdir("./file0") = 0 [ 298.512165][T15989] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 298.533596][T15990] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 298.547128][T15991] BTRFS info (device loop3): rebuilding free space tree [pid 15964] ioctl(4, LOOP_CLR_FD) = 0 [pid 15964] close(4) = 0 [pid 15964] open("./file0", O_RDONLY) = 4 [ 298.554234][T15989] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 298.582247][T15990] BTRFS info (device loop2): checking UUID tree [ 298.603055][T15989] BTRFS info (device loop0): checking UUID tree [pid 15964] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 15964] open("./file0", O_RDONLY) = 5 [pid 15964] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15964] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 298.610735][T15991] BTRFS info (device loop3): disabling free space tree [pid 15964] exit_group(0) = ? [pid 15964] +++ exited with 0 +++ [pid 15990] <... mount resumed>) = 0 [pid 15989] <... mount resumed>) = 0 [pid 15990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 15989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15964, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- [pid 15990] <... openat resumed>) = 3 [pid 15989] <... openat resumed>) = 3 [pid 15990] chdir("./file0") = 0 [pid 15989] chdir("./file0" [pid 15990] ioctl(4, LOOP_CLR_FD [pid 15989] <... chdir resumed>) = 0 [pid 15990] <... ioctl resumed>) = 0 [pid 15989] ioctl(4, LOOP_CLR_FD [pid 15990] close(4 [pid 15989] <... ioctl resumed>) = 0 [pid 15990] <... close resumed>) = 0 [pid 15989] close(4 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 15989] <... close resumed>) = 0 [pid 15990] open("./file0", O_RDONLY [pid 15989] open("./file0", O_RDONLY) = 4 [pid 15990] <... open resumed>) = 4 [pid 15989] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] <... restart_syscall resumed>) = 0 [pid 15990] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 15989] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15989] open("./file0", O_RDONLY) = 5 [pid 15989] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 15989] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15989] exit_group(0) = ? [pid 15990] <... ioctl resumed>) = 0 [pid 15989] +++ exited with 0 +++ [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15989, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- [pid 5065] newfstatat(AT_FDCWD, "./100/binderfs", [pid 5064] umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 298.633512][ T1047] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 298.666967][T15991] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5064] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15990] open("./file0", O_RDONLY [pid 5065] unlink("./100/binderfs" [pid 5064] getdents64(3, [pid 15990] <... open resumed>) = 5 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 15990] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15990] <... ioctl resumed>) = 0 [pid 5065] <... unlink resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./100/binderfs") = 0 [pid 5064] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 15990] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 15990] exit_group(0) = ? [pid 15990] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15990, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- [pid 5066] umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 298.732925][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 298.736046][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 298.742462][T15991] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./102/binderfs") = 0 [pid 5066] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 15991] <... mount resumed>) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5064] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./100/file0", [pid 15991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", [ 298.851352][T15991] BTRFS info (device loop3): checking UUID tree [pid 15991] chdir("./file0" [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 15991] <... chdir resumed>) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./100/file0") = 0 [pid 15991] ioctl(4, LOOP_CLR_FD [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 15991] <... ioctl resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 15991] close(4 [pid 5064] rmdir("./100") = 0 [pid 5065] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./100/file0", [pid 15991] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] mkdir("./101", 0777 [pid 15991] open("./file0", O_RDONLY) = 4 [pid 5064] <... mkdir resumed>) = 0 [pid 15991] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5065] umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./100/file0") = 0 [pid 5065] getdents64(3, [pid 5064] <... openat resumed>) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./100" [pid 5064] <... ioctl resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5065] mkdir("./101", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] close(3 [pid 5065] <... openat resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 15991] <... ioctl resumed>) = 0 [pid 15991] open("./file0", O_RDONLY [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16009] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 16081 attached ./strace-static-x86_64: Process 16080 attached [pid 16009] munmap(0x7fda9371b000, 138412032 [pid 15991] <... open resumed>) = 5 [pid 16080] set_robust_list(0x555557145760, 24 [pid 15991] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 16081 [pid 16009] <... munmap resumed>) = 0 [pid 16081] set_robust_list(0x555557145760, 24 [pid 15991] <... ioctl resumed>) = 0 [pid 16081] <... set_robust_list resumed>) = 0 [pid 16080] <... set_robust_list resumed>) = 0 [pid 16081] chdir("./101" [pid 16080] chdir("./101" [pid 15991] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16081] <... chdir resumed>) = 0 [pid 16080] <... chdir resumed>) = 0 [pid 15991] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16080] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 15991] exit_group(0 [pid 16081] <... prctl resumed>) = 0 [pid 16080] <... prctl resumed>) = 0 [pid 15991] <... exit_group resumed>) = ? [pid 16081] setpgid(0, 0 [pid 16080] setpgid(0, 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 16080 [pid 16081] <... setpgid resumed>) = 0 [pid 16009] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 15991] +++ exited with 0 +++ [pid 16080] <... setpgid resumed>) = 0 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15991, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5067] umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... openat resumed>) = 3 [pid 16081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16009] <... openat resumed>) = 4 [pid 5067] newfstatat(3, "", [pid 16081] <... openat resumed>) = 3 [pid 16080] <... openat resumed>) = 3 [pid 16009] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, [pid 5066] <... umount2 resumed>) = 0 [pid 16081] write(3, "1000", 4 [pid 16080] write(3, "1000", 4 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16081] <... write resumed>) = 4 [pid 16080] <... write resumed>) = 4 [pid 16009] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16081] close(3 [pid 16080] close(3 [pid 5067] umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] newfstatat(AT_FDCWD, "./102/file0", [pid 16081] <... close resumed>) = 0 [pid 16080] <... close resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16081] symlink("/dev/binderfs", "./binderfs" [pid 16080] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16081] <... symlink resumed>) = 0 [pid 5067] unlink("./101/binderfs" [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16080] <... symlink resumed>) = 0 [pid 5067] <... unlink resumed>) = 0 [pid 5066] openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16081] memfd_create("syzkaller", 0 [pid 5067] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 4 [pid 16081] <... memfd_create resumed>) = 3 [pid 5066] newfstatat(4, "", [pid 16081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16009] close(3 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16081] <... mmap resumed>) = 0x7fda9371b000 [pid 16009] <... close resumed>) = 0 [pid 5066] getdents64(4, [pid 16009] mkdir("./file0", 0777 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 16009] <... mkdir resumed>) = 0 [pid 16080] memfd_create("syzkaller", 0 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 16080] <... memfd_create resumed>) = 3 [ 299.039387][ T48] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 299.064116][T16009] loop5: detected capacity change from 0 to 32768 [pid 5066] close(4 [pid 16080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16009] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./102/file0" [pid 16080] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [ 299.148822][T16009] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (16009) [pid 5066] rmdir("./102") = 0 [pid 5066] mkdir("./103", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16083 ./strace-static-x86_64: Process 16083 attached [pid 16083] set_robust_list(0x555557145760, 24) = 0 [pid 16083] chdir("./103") = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 16083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16083] setpgid(0, 0 [pid 5067] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16083] <... setpgid resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./101/file0", [pid 16083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16083] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16083] write(3, "1000", 4) = 4 [pid 5067] openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16083] close(3 [pid 5067] <... openat resumed>) = 4 [pid 16083] <... close resumed>) = 0 [ 299.234591][T16009] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5067] newfstatat(4, "", [pid 16083] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16083] <... symlink resumed>) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./101/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./101") = 0 [pid 5067] mkdir("./102", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 299.288751][T16009] BTRFS info (device loop5): force clearing of disk cache [ 299.296582][T16009] BTRFS info (device loop5): setting nodatasum [pid 16083] memfd_create("syzkaller", 0) = 3 [pid 16083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 16084 ./strace-static-x86_64: Process 16084 attached [pid 16083] <... mmap resumed>) = 0x7fda9371b000 [ 299.330693][T16009] BTRFS info (device loop5): allowing degraded mounts [ 299.368750][T16009] BTRFS info (device loop5): enabling disk space caching [pid 16084] set_robust_list(0x555557145760, 24) = 0 [pid 16084] chdir("./102") = 0 [pid 16084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16084] setpgid(0, 0) = 0 [pid 16084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16084] write(3, "1000", 4) = 4 [ 299.375799][T16009] BTRFS info (device loop5): disk space caching is enabled [pid 16084] close(3) = 0 [pid 16084] symlink("/dev/binderfs", "./binderfs" [pid 16081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16084] <... symlink resumed>) = 0 [pid 16070] <... write resumed>) = 16777216 [pid 16084] memfd_create("syzkaller", 0) = 3 [pid 16084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16070] munmap(0x7fda9371b000, 138412032) = 0 [pid 16070] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 16070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16070] close(3) = 0 [pid 16070] mkdir("./file0", 0777) = 0 [ 299.503686][T16070] loop4: detected capacity change from 0 to 32768 [ 299.578799][T16070] BTRFS: device /dev/loop4 using temp-fsid 95387711-0dfb-4bd1-a6bc-7421a8f1dc0a [ 299.587873][T16070] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (16070) [ 299.710116][T16070] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 16070] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 299.768845][T16009] BTRFS info (device loop5): enabling ssd optimizations [ 299.775808][T16009] BTRFS info (device loop5): auto enabling async discard [ 299.798742][T16070] BTRFS info (device loop4): force clearing of disk cache [ 299.805891][T16070] BTRFS info (device loop4): setting nodatasum [ 299.839529][T16070] BTRFS info (device loop4): allowing degraded mounts [ 299.846371][T16070] BTRFS info (device loop4): enabling disk space caching [ 299.854070][T16009] BTRFS info (device loop5): rebuilding free space tree [ 299.890126][T16070] BTRFS info (device loop4): disk space caching is enabled [ 299.914997][T16009] BTRFS info (device loop5): disabling free space tree [pid 16080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 299.935530][T16009] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 16083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16081] <... write resumed>) = 16777216 [pid 16081] munmap(0x7fda9371b000, 138412032) = 0 [pid 16081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 300.005399][T16009] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 16081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16081] close(3) = 0 [pid 16081] mkdir("./file0", 0777) = 0 [pid 16081] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 300.062154][T16081] loop0: detected capacity change from 0 to 32768 [ 300.086758][T16081] BTRFS: device /dev/loop0 using temp-fsid 24b6b744-afe6-45ae-8942-cb675d85d904 [ 300.089404][T16009] BTRFS info (device loop5): checking UUID tree [ 300.108769][T16081] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (16081) [ 300.116694][T16070] BTRFS info (device loop4): enabling ssd optimizations [ 300.134764][T16081] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 300.144082][T16081] BTRFS info (device loop0): force clearing of disk cache [ 300.151556][T16081] BTRFS info (device loop0): setting nodatasum [pid 16084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16009] <... mount resumed>) = 0 [pid 16009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16009] chdir("./file0") = 0 [pid 16009] ioctl(4, LOOP_CLR_FD) = 0 [pid 16009] close(4) = 0 [pid 16009] open("./file0", O_RDONLY) = 4 [ 300.158010][T16081] BTRFS info (device loop0): allowing degraded mounts [ 300.161142][T16070] BTRFS info (device loop4): auto enabling async discard [ 300.165102][T16081] BTRFS info (device loop0): enabling disk space caching [ 300.179606][T16081] BTRFS info (device loop0): disk space caching is enabled [pid 16009] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 16009] open("./file0", O_RDONLY) = 5 [ 300.210411][T16070] BTRFS info (device loop4): rebuilding free space tree [pid 16009] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16009] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16009] exit_group(0) = ? [pid 16009] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16009, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [pid 5069] umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./101/binderfs") = 0 [ 300.254943][T16070] BTRFS info (device loop4): disabling free space tree [ 300.268284][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 300.284938][T16070] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5069] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16083] <... write resumed>) = 16777216 [pid 16080] <... write resumed>) = 16777216 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16083] munmap(0x7fda9371b000, 138412032 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16080] munmap(0x7fda9371b000, 138412032 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 300.343171][T16070] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 300.378176][T16081] BTRFS info (device loop0): enabling ssd optimizations [pid 16083] <... munmap resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16080] <... munmap resumed>) = 0 [pid 16080] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 16080] ioctl(4, LOOP_SET_FD, 3 [pid 16083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... openat resumed>) = 4 [pid 16080] <... ioctl resumed>) = 0 [pid 16080] close(3 [pid 5069] newfstatat(4, "", [pid 16083] <... openat resumed>) = 4 [pid 16080] <... close resumed>) = 0 [pid 16080] mkdir("./file0", 0777 [pid 16083] ioctl(4, LOOP_SET_FD, 3 [pid 16080] <... mkdir resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16080] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 300.407037][T16081] BTRFS info (device loop0): auto enabling async discard [ 300.417871][T16070] BTRFS info (device loop4): checking UUID tree [ 300.424991][T16080] loop1: detected capacity change from 0 to 32768 [ 300.427632][T16081] BTRFS info (device loop0): rebuilding free space tree [ 300.443427][T16083] loop2: detected capacity change from 0 to 32768 [pid 5069] getdents64(4, [pid 16083] <... ioctl resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 16083] close(3 [pid 5069] getdents64(4, [pid 16070] <... mount resumed>) = 0 [pid 16083] <... close resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 16081] <... mount resumed>) = 0 [pid 16083] mkdir("./file0", 0777 [pid 5069] rmdir("./101/file0" [pid 16081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16083] <... mkdir resumed>) = 0 [pid 16081] <... openat resumed>) = 3 [pid 16070] <... openat resumed>) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 16083] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16081] chdir("./file0" [pid 16070] chdir("./file0" [pid 5069] getdents64(3, [pid 16081] <... chdir resumed>) = 0 [pid 16070] <... chdir resumed>) = 0 [pid 16081] ioctl(4, LOOP_CLR_FD [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 16070] ioctl(4, LOOP_CLR_FD [pid 16081] <... ioctl resumed>) = 0 [pid 16070] <... ioctl resumed>) = 0 [pid 5069] close(3 [pid 16081] close(4 [pid 16070] close(4 [pid 5069] <... close resumed>) = 0 [pid 16081] <... close resumed>) = 0 [pid 16070] <... close resumed>) = 0 [pid 5069] rmdir("./101" [pid 16081] open("./file0", O_RDONLY [pid 16070] open("./file0", O_RDONLY [pid 5069] <... rmdir resumed>) = 0 [pid 16070] <... open resumed>) = 4 [pid 5069] mkdir("./102", 0777 [pid 16081] <... open resumed>) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 16081] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16070] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 16081] <... ioctl resumed>) = 0 [pid 5069] close(3) = 0 [pid 16081] open("./file0", O_RDONLY [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16081] <... open resumed>) = 5 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 16135 ./strace-static-x86_64: Process 16135 attached [pid 16070] <... ioctl resumed>) = 0 [pid 16135] set_robust_list(0x555557145760, 24 [pid 16081] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16070] open("./file0", O_RDONLY [pid 16081] <... ioctl resumed>) = 0 [ 300.450782][T16080] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (16080) [pid 16135] <... set_robust_list resumed>) = 0 [pid 16070] <... open resumed>) = 5 [pid 16135] chdir("./102" [pid 16070] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16135] <... chdir resumed>) = 0 [pid 16081] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16070] <... ioctl resumed>) = 0 [pid 16135] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16081] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16070] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16135] <... prctl resumed>) = 0 [pid 16070] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16135] setpgid(0, 0 [pid 16081] exit_group(0 [pid 16070] exit_group(0) = ? [pid 16081] <... exit_group resumed>) = ? [pid 16135] <... setpgid resumed>) = 0 [pid 16135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16081] +++ exited with 0 +++ [pid 16070] +++ exited with 0 +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16081, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 16135] <... openat resumed>) = 3 [pid 16135] write(3, "1000", 4 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16070, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [pid 5064] umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 16135] <... write resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16135] close(3 [pid 5068] umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 16135] <... close resumed>) = 0 [pid 5068] umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16135] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16135] <... symlink resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./101/binderfs") = 0 [pid 5068] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16135] memfd_create("syzkaller", 0 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 16135] <... memfd_create resumed>) = 3 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16135] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./101/binderfs") = 0 [ 300.525545][T16083] BTRFS: device /dev/loop2 using temp-fsid 77095cd7-ae7f-4095-baa1-577d31ebfe51 [ 300.558980][T16083] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (16083) [pid 5064] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16084] <... write resumed>) = 16777216 [pid 16084] munmap(0x7fda9371b000, 138412032) = 0 [pid 16084] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 16084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16084] close(3) = 0 [pid 16084] mkdir("./file0", 0777) = 0 [ 300.691464][T16084] loop3: detected capacity change from 0 to 32768 [pid 16084] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 300.739088][T16084] BTRFS: device /dev/loop3 using temp-fsid e2334a2e-2549-4f2d-9b5e-459bdf87d180 [ 300.748174][T16084] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (16084) [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./101/file0") = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5068] getdents64(3, [pid 5064] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] close(3 [pid 5064] newfstatat(AT_FDCWD, "./101/file0", [pid 5068] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] rmdir("./101" [pid 5064] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... rmdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] mkdir("./102", 0777 [pid 5064] openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... mkdir resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5064] newfstatat(4, "", [pid 5068] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5064] getdents64(4, [pid 5068] <... ioctl resumed>) = 0 [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] close(3) = 0 [pid 5064] getdents64(4, [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 16168 attached [pid 16168] set_robust_list(0x555557145760, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 16168 [pid 5064] close(4 [pid 16168] <... set_robust_list resumed>) = 0 [pid 16168] chdir("./102" [pid 16080] <... mount resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 16168] <... chdir resumed>) = 0 [pid 16080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16168] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16080] <... openat resumed>) = 3 [pid 5064] rmdir("./101/file0" [pid 16168] <... prctl resumed>) = 0 [pid 16080] chdir("./file0" [pid 16168] setpgid(0, 0) = 0 [pid 16080] <... chdir resumed>) = 0 [pid 5064] <... rmdir resumed>) = 0 [pid 16080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] getdents64(3, [pid 16080] close(4) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 16080] open("./file0", O_RDONLY [pid 5064] close(3 [pid 16080] <... open resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 16080] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] rmdir("./101" [pid 16168] <... openat resumed>) = 3 [pid 16168] write(3, "1000", 4 [pid 5064] <... rmdir resumed>) = 0 [pid 16168] <... write resumed>) = 4 [pid 16080] <... ioctl resumed>) = 0 [pid 16168] close(3) = 0 [pid 16080] open("./file0", O_RDONLY [pid 5064] mkdir("./102", 0777 [pid 16168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16080] <... open resumed>) = 5 [pid 5064] <... mkdir resumed>) = 0 [pid 16168] memfd_create("syzkaller", 0 [pid 16080] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 16168] <... memfd_create resumed>) = 3 [pid 16168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] <... openat resumed>) = 3 [pid 16168] <... mmap resumed>) = 0x7fda9371b000 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16080] <... ioctl resumed>) = 0 [pid 16080] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16083] <... mount resumed>) = 0 [pid 16080] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16080] exit_group(0 [pid 16083] <... openat resumed>) = 3 [pid 16080] <... exit_group resumed>) = ? [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 16178 [pid 16083] chdir("./file0" [pid 16080] +++ exited with 0 +++ [pid 16083] <... chdir resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16080, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 16083] ioctl(4, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 16178 attached [pid 16083] close(4 [pid 5065] umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16178] set_robust_list(0x555557145760, 24 [pid 16083] <... close resumed>) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16178] <... set_robust_list resumed>) = 0 [pid 16083] open("./file0", O_RDONLY [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./101/binderfs" [pid 16083] <... open resumed>) = 4 [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16178] chdir("./102") = 0 [pid 16083] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16178] setpgid(0, 0) = 0 [pid 16178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16178] write(3, "1000", 4) = 4 [pid 16178] close(3 [pid 16083] <... ioctl resumed>) = 0 [pid 16178] <... close resumed>) = 0 [pid 16178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16083] open("./file0", O_RDONLY) = 5 [pid 16178] memfd_create("syzkaller", 0) = 3 [pid 16083] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16083] <... ioctl resumed>) = 0 [pid 16178] <... mmap resumed>) = 0x7fda9371b000 [pid 16083] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16083] exit_group(0) = ? [pid 16083] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16083, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5066] umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./103/binderfs" [pid 16135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... unlink resumed>) = 0 [pid 5066] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16084] <... mount resumed>) = 0 [pid 16168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16084] chdir("./file0") = 0 [pid 16084] ioctl(4, LOOP_CLR_FD) = 0 [pid 16084] close(4) = 0 [pid 16084] open("./file0", O_RDONLY) = 4 [pid 16084] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 16084] open("./file0", O_RDONLY) = 5 [pid 16084] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16084] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16084] exit_group(0) = ? [pid 16084] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16084, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5067] umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./102/binderfs") = 0 [pid 5067] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./103/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./103") = 0 [pid 5066] mkdir("./104", 0777 [pid 16178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5067] <... umount2 resumed>) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5067] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] close(3 [pid 5067] newfstatat(AT_FDCWD, "./102/file0", [pid 5066] <... close resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 16189 attached ) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16189] set_robust_list(0x555557145760, 24 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 16189 [pid 16189] <... set_robust_list resumed>) = 0 [pid 5067] <... openat resumed>) = 4 [pid 5065] <... umount2 resumed>) = 0 [pid 5065] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16189] chdir("./104" [pid 5067] newfstatat(4, "", [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", [pid 16189] <... chdir resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, [pid 16189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] getdents64(4, [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 16189] setpgid(0, 0 [pid 5067] getdents64(4, [pid 16189] <... setpgid resumed>) = 0 [pid 5065] rmdir("./101/file0" [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4 [pid 16189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5067] rmdir("./102/file0" [pid 5065] getdents64(3, [pid 5067] <... rmdir resumed>) = 0 [pid 16189] <... openat resumed>) = 3 [pid 5067] getdents64(3, [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5067] close(3 [pid 5065] <... close resumed>) = 0 [pid 5065] rmdir("./101") = 0 [pid 5065] mkdir("./102", 0777 [pid 16189] write(3, "1000", 4 [pid 5067] <... close resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 16189] <... write resumed>) = 4 [pid 5067] rmdir("./102" [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5067] <... rmdir resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 16189] close(3 [pid 5067] mkdir("./103", 0777 [pid 16189] <... close resumed>) = 0 [pid 16189] symlink("/dev/binderfs", "./binderfs" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5067] <... mkdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 16189] <... symlink resumed>) = 0 [pid 5065] close(3 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] <... openat resumed>) = 3 ./strace-static-x86_64: Process 16190 attached [pid 16190] set_robust_list(0x555557145760, 24 [pid 16189] memfd_create("syzkaller", 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 16190 [pid 16190] <... set_robust_list resumed>) = 0 [pid 5067] <... ioctl resumed>) = 0 [pid 16190] chdir("./102") = 0 [pid 16189] <... memfd_create resumed>) = 3 [pid 5067] close(3 [pid 16189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16190] setpgid(0, 0 [pid 16189] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] <... close resumed>) = 0 [pid 16190] <... setpgid resumed>) = 0 [pid 16190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16191 attached [pid 16190] write(3, "1000", 4) = 4 [pid 16190] close(3) = 0 [pid 16190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16190] memfd_create("syzkaller", 0 [pid 16191] set_robust_list(0x555557145760, 24 [pid 16190] <... memfd_create resumed>) = 3 [pid 16191] <... set_robust_list resumed>) = 0 [pid 16190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16191] chdir("./103") = 0 [pid 16191] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 16191 [pid 16191] <... prctl resumed>) = 0 [pid 16191] setpgid(0, 0) = 0 [pid 16191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16191] write(3, "1000", 4 [pid 16135] <... write resumed>) = 16777216 [pid 16191] <... write resumed>) = 4 [pid 16191] close(3) = 0 [pid 16191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16191] memfd_create("syzkaller", 0 [pid 16135] munmap(0x7fda9371b000, 138412032) = 0 [pid 16135] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 16191] <... memfd_create resumed>) = 3 [pid 16168] <... write resumed>) = 16777216 [pid 16191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16168] munmap(0x7fda9371b000, 138412032 [pid 16135] <... openat resumed>) = 4 [pid 16135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16168] <... munmap resumed>) = 0 [pid 16168] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 16135] close(3) = 0 [pid 16135] mkdir("./file0", 0777) = 0 [ 301.841607][T16135] loop5: detected capacity change from 0 to 32768 [pid 16135] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16168] <... openat resumed>) = 4 [pid 16168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16168] close(3) = 0 [pid 16168] mkdir("./file0", 0777) = 0 [ 301.886039][T16135] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (16135) [ 301.909654][T16168] loop4: detected capacity change from 0 to 32768 [ 301.977764][T16168] BTRFS: device /dev/loop4 using temp-fsid 5c1ea1fb-24f5-4e86-b22b-73bffb5c85ec [pid 16168] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 302.018790][T16168] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (16168) [pid 16189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16191] <... write resumed>) = 16777216 [pid 16191] munmap(0x7fda9371b000, 138412032) = 0 [pid 16191] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 16191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16191] close(3) = 0 [pid 16191] mkdir("./file0", 0777) = 0 [pid 16191] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16135] <... mount resumed>) = 0 [ 302.276604][T16191] loop3: detected capacity change from 0 to 32768 [ 302.311946][T16191] BTRFS: device /dev/loop3 using temp-fsid 03c0b268-8910-44b9-a931-71d2ee64cefc [pid 16135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16178] <... write resumed>) = 16777216 [pid 16135] chdir("./file0") = 0 [pid 16178] munmap(0x7fda9371b000, 138412032 [pid 16135] ioctl(4, LOOP_CLR_FD) = 0 [pid 16135] close(4) = 0 [pid 16135] open("./file0", O_RDONLY) = 4 [pid 16135] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16178] <... munmap resumed>) = 0 [ 302.329251][T16191] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (16191) [pid 16135] <... ioctl resumed>) = 0 [pid 16135] open("./file0", O_RDONLY) = 5 [pid 16135] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16135] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16178] ioctl(4, LOOP_SET_FD, 3 [pid 16135] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16135] exit_group(0) = ? [pid 16135] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16135, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [pid 5069] umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16189] <... write resumed>) = 16777216 [pid 5069] getdents64(3, [pid 16189] munmap(0x7fda9371b000, 138412032 [pid 16168] <... mount resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 16168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16168] <... openat resumed>) = 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16168] chdir("./file0" [pid 5069] newfstatat(AT_FDCWD, "./102/binderfs", [pid 16168] <... chdir resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16168] ioctl(4, LOOP_CLR_FD [pid 5069] unlink("./102/binderfs" [pid 16168] <... ioctl resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 16168] close(4 [pid 5069] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16168] <... close resumed>) = 0 [pid 16168] open("./file0", O_RDONLY) = 4 [pid 16168] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16178] <... ioctl resumed>) = 0 [pid 16178] close(3) = 0 [ 302.414365][T16178] loop0: detected capacity change from 0 to 32768 [pid 16178] mkdir("./file0", 0777) = 0 [pid 16189] <... munmap resumed>) = 0 [pid 16178] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16189] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 16168] <... ioctl resumed>) = 0 [pid 16189] <... openat resumed>) = 4 [ 302.480027][T16178] BTRFS: device /dev/loop0 using temp-fsid 215c24c6-51b7-4f8f-8e7a-5b597f4cb19e [ 302.512875][T16178] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (16178) [pid 16168] open("./file0", O_RDONLY [pid 16189] ioctl(4, LOOP_SET_FD, 3 [pid 16168] <... open resumed>) = 5 [pid 16189] <... ioctl resumed>) = 0 [pid 16168] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16168] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16168] exit_group(0) = ? [pid 16168] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16168, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} --- [pid 5068] umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", [pid 16189] close(3 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16189] <... close resumed>) = 0 [pid 16189] mkdir("./file0", 0777) = 0 [pid 16189] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [ 302.513922][T16189] loop2: detected capacity change from 0 to 32768 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16190] <... write resumed>) = 16777216 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./102/binderfs", [pid 16190] munmap(0x7fda9371b000, 138412032 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5068] unlink("./102/binderfs" [pid 16190] <... munmap resumed>) = 0 [pid 5069] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16190] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./102/file0", [pid 5068] <... unlink resumed>) = 0 [ 302.586106][T16189] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (16189) [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16190] <... openat resumed>) = 4 [pid 5069] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16190] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./102/file0") = 0 [pid 16190] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 16190] close(3 [pid 5069] close(3 [pid 16190] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 16190] mkdir("./file0", 0777 [pid 5069] rmdir("./102" [pid 16190] <... mkdir resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 16190] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] mkdir("./103", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [ 302.635772][T16190] loop1: detected capacity change from 0 to 32768 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16249 ./strace-static-x86_64: Process 16249 attached [pid 16249] set_robust_list(0x555557145760, 24) = 0 [pid 16249] chdir("./103") = 0 [pid 16249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16249] setpgid(0, 0) = 0 [pid 16249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16249] write(3, "1000", 4) = 4 [pid 16249] close(3) = 0 [pid 16249] symlink("/dev/binderfs", "./binderfs") = 0 [ 302.681499][T16190] BTRFS: device /dev/loop1 using temp-fsid 98f28c31-e7a9-4618-a70b-d351377914fd [ 302.713336][T16191] _btrfs_printk: 100 callbacks suppressed [ 302.713349][T16191] BTRFS info (device loop3): checking UUID tree [pid 16249] memfd_create("syzkaller", 0) = 3 [pid 16249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16191] <... mount resumed>) = 0 [pid 16191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 302.742783][T16190] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (16190) [pid 16191] chdir("./file0") = 0 [pid 16191] ioctl(4, LOOP_CLR_FD) = 0 [pid 16191] close(4) = 0 [pid 16191] open("./file0", O_RDONLY) = 4 [ 302.810963][T16190] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 302.846925][T16190] BTRFS info (device loop1): force clearing of disk cache [ 302.855218][T16190] BTRFS info (device loop1): setting nodatasum [pid 16191] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 302.863825][T16190] BTRFS info (device loop1): allowing degraded mounts [ 302.870913][T16190] BTRFS info (device loop1): enabling disk space caching [ 302.877985][T16190] BTRFS info (device loop1): disk space caching is enabled [pid 16191] open("./file0", O_RDONLY) = 5 [pid 16191] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16191] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16191] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 302.926626][T16189] BTRFS info (device loop2): enabling ssd optimizations [ 302.950922][T16178] BTRFS info (device loop0): enabling ssd optimizations [pid 16191] exit_group(0) = ? [pid 16191] +++ exited with 0 +++ [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16191, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- [pid 5067] umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./103/binderfs") = 0 [ 302.970981][T16189] BTRFS info (device loop2): auto enabling async discard [ 302.984481][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 303.000939][T16178] BTRFS info (device loop0): auto enabling async discard [ 303.022930][T16189] BTRFS info (device loop2): rebuilding free space tree [ 303.052196][T16178] BTRFS info (device loop0): rebuilding free space tree [ 303.061348][T16190] BTRFS info (device loop1): enabling ssd optimizations [ 303.085995][T16189] BTRFS info (device loop2): disabling free space tree [ 303.088722][T16190] BTRFS info (device loop1): auto enabling async discard [ 303.098766][T16189] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 303.118741][T16189] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 303.133554][T16178] BTRFS info (device loop0): disabling free space tree [ 303.158978][T16190] BTRFS info (device loop1): rebuilding free space tree [ 303.159927][T16189] BTRFS info (device loop2): checking UUID tree [ 303.179541][T16178] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16189] <... mount resumed>) = 0 [pid 16189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16189] chdir("./file0") = 0 [pid 16189] ioctl(4, LOOP_CLR_FD) = 0 [pid 16189] close(4) = 0 [pid 16189] open("./file0", O_RDONLY) = 4 [ 303.222476][T16190] BTRFS info (device loop1): disabling free space tree [ 303.258485][T16190] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 16189] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 16189] open("./file0", O_RDONLY) = 5 [pid 16189] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5067] <... umount2 resumed>) = 0 [pid 16189] <... ioctl resumed>) = 0 [pid 16189] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16189] exit_group(0) = ? [pid 5067] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16189] +++ exited with 0 +++ [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16189, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- [pid 5067] newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] <... openat resumed>) = 4 [pid 5066] <... openat resumed>) = 3 [pid 5067] newfstatat(4, "", [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] getdents64(4, [pid 5066] umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] getdents64(4, [ 303.268325][T16178] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 303.307087][T16190] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5066] unlink("./104/binderfs" [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5066] <... unlink resumed>) = 0 [pid 5067] rmdir("./103/file0" [pid 5068] <... umount2 resumed>) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5066] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 5068] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] rmdir("./103" [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./102/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./102") = 0 [pid 5068] mkdir("./103", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3 [pid 5067] mkdir("./104", 0777 [pid 5068] <... close resumed>) = 0 [pid 5067] <... mkdir resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 16291 [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3./strace-static-x86_64: Process 16291 attached ) = 0 [pid 16291] set_robust_list(0x555557145760, 24 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16291] <... set_robust_list resumed>) = 0 [pid 16291] chdir("./103" [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 16293 [pid 16291] <... chdir resumed>) = 0 [pid 16291] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 16293 attached ) = 0 [ 303.336733][ T42] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 303.364052][T16178] BTRFS info (device loop0): checking UUID tree [pid 16293] set_robust_list(0x555557145760, 24 [pid 16291] setpgid(0, 0) = 0 [pid 16291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16293] <... set_robust_list resumed>) = 0 [pid 16291] write(3, "1000", 4) = 4 [pid 16291] close(3) = 0 [pid 16291] symlink("/dev/binderfs", "./binderfs" [pid 16293] chdir("./104" [pid 16291] <... symlink resumed>) = 0 [pid 16293] <... chdir resumed>) = 0 [pid 16178] <... mount resumed>) = 0 [pid 16293] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16291] memfd_create("syzkaller", 0 [pid 16178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16293] <... prctl resumed>) = 0 [pid 16291] <... memfd_create resumed>) = 3 [pid 16178] <... openat resumed>) = 3 [pid 16293] setpgid(0, 0 [pid 16291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16178] chdir("./file0" [pid 16293] <... setpgid resumed>) = 0 [pid 16291] <... mmap resumed>) = 0x7fda9371b000 [pid 16178] <... chdir resumed>) = 0 [pid 16293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16178] ioctl(4, LOOP_CLR_FD [pid 16293] <... openat resumed>) = 3 [pid 16190] <... mount resumed>) = 0 [pid 16178] <... ioctl resumed>) = 0 [ 303.400576][T16190] BTRFS info (device loop1): checking UUID tree [pid 16293] write(3, "1000", 4 [pid 16190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16178] close(4 [pid 16293] <... write resumed>) = 4 [pid 16293] close(3 [pid 16178] <... close resumed>) = 0 [pid 16190] <... openat resumed>) = 3 [pid 16178] open("./file0", O_RDONLY [pid 16190] chdir("./file0" [pid 16293] <... close resumed>) = 0 [pid 16178] <... open resumed>) = 4 [pid 16293] symlink("/dev/binderfs", "./binderfs" [pid 16190] <... chdir resumed>) = 0 [pid 16293] <... symlink resumed>) = 0 [pid 16190] ioctl(4, LOOP_CLR_FD) = 0 [pid 16190] close(4) = 0 [pid 16293] memfd_create("syzkaller", 0 [pid 16190] open("./file0", O_RDONLY [pid 16178] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16190] <... open resumed>) = 4 [pid 16190] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16293] <... memfd_create resumed>) = 3 [pid 16293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16190] <... ioctl resumed>) = 0 [pid 16190] open("./file0", O_RDONLY [pid 16178] <... ioctl resumed>) = 0 [pid 16190] <... open resumed>) = 5 [pid 16178] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = 0 [pid 16190] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16178] <... open resumed>) = 5 [pid 5066] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16190] <... ioctl resumed>) = 0 [pid 16178] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16190] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16178] <... ioctl resumed>) = 0 [pid 5066] newfstatat(AT_FDCWD, "./104/file0", [pid 16190] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16178] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16190] exit_group(0 [pid 16178] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16178] exit_group(0 [pid 16190] <... exit_group resumed>) = ? [pid 16178] <... exit_group resumed>) = ? [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16190] +++ exited with 0 +++ [pid 5066] <... openat resumed>) = 4 [ 303.547808][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 16178] +++ exited with 0 +++ [pid 5066] newfstatat(4, "", [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16190, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] restart_syscall(<... resuming interrupted clone ...> [pid 5066] getdents64(4, [pid 5065] <... restart_syscall resumed>) = 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16178, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16249] <... write resumed>) = 16777216 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... openat resumed>) = 3 [pid 5066] close(4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(3, "", [pid 5065] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... close resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] rmdir("./104/file0" [pid 5065] <... openat resumed>) = 3 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] newfstatat(3, "", [pid 5064] getdents64(3, [pid 5066] getdents64(3, [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] getdents64(3, [pid 5064] umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... close resumed>) = 0 [pid 5065] umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(AT_FDCWD, "./102/binderfs", [pid 5066] rmdir("./104" [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./102/binderfs", [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 303.590069][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 16249] munmap(0x7fda9371b000, 138412032 [pid 5066] <... rmdir resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./102/binderfs" [pid 16249] <... munmap resumed>) = 0 [pid 5066] mkdir("./105", 0777 [pid 5065] unlink("./102/binderfs" [pid 5064] <... unlink resumed>) = 0 [pid 5064] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... unlink resumed>) = 0 [pid 5065] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... mkdir resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16298 [pid 16249] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 ./strace-static-x86_64: Process 16298 attached [pid 16249] ioctl(4, LOOP_SET_FD, 3 [pid 16298] set_robust_list(0x555557145760, 24) = 0 [pid 16298] chdir("./105") = 0 [pid 16298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16298] setpgid(0, 0) = 0 [pid 16298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16298] write(3, "1000", 4) = 4 [pid 16298] close(3) = 0 [pid 16298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16298] memfd_create("syzkaller", 0) = 3 [pid 16249] <... ioctl resumed>) = 0 [pid 16298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16249] close(3) = 0 [ 303.713961][T16249] loop5: detected capacity change from 0 to 32768 [pid 16249] mkdir("./file0", 0777) = 0 [pid 16298] <... mmap resumed>) = 0x7fda9371b000 [pid 16249] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = 0 [ 303.839086][T16249] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (16249) [pid 5065] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 16293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [ 303.913304][T16249] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5065] rmdir("./102/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./102") = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5065] mkdir("./103", 0777 [pid 5064] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... mkdir resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5064] umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 3 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5064] newfstatat(4, "", [pid 5065] <... ioctl resumed>) = 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, [pid 5065] close(3) = 0 [ 303.969615][T16249] BTRFS info (device loop5): force clearing of disk cache [ 303.983047][T16249] BTRFS info (device loop5): setting nodatasum [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16299 attached [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 16299 [pid 16299] set_robust_list(0x555557145760, 24) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./102/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./102") = 0 [pid 5064] mkdir("./103", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 16299] chdir("./103" [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [ 304.014654][T16249] BTRFS info (device loop5): allowing degraded mounts [pid 16299] <... chdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16299] setpgid(0, 0) = 0 [pid 16299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 16300 ./strace-static-x86_64: Process 16300 attached [pid 16300] set_robust_list(0x555557145760, 24) = 0 [pid 16300] chdir("./103") = 0 [pid 16300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16300] setpgid(0, 0) = 0 [pid 16300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16300] write(3, "1000", 4) = 4 [pid 16300] close(3) = 0 [ 304.059843][T16249] BTRFS info (device loop5): enabling disk space caching [ 304.067048][T16249] BTRFS info (device loop5): disk space caching is enabled [pid 16300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16300] memfd_create("syzkaller", 0) = 3 [pid 16300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16299] write(3, "1000", 4) = 4 [pid 16300] <... mmap resumed>) = 0x7fda9371b000 [pid 16299] close(3) = 0 [pid 16299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16299] memfd_create("syzkaller", 0) = 3 [pid 16299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16293] <... write resumed>) = 16777216 [pid 16293] munmap(0x7fda9371b000, 138412032) = 0 [pid 16293] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 16293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16293] close(3) = 0 [pid 16293] mkdir("./file0", 0777) = 0 [ 304.467623][T16293] loop3: detected capacity change from 0 to 32768 [ 304.498983][T16249] BTRFS info (device loop5): enabling ssd optimizations [ 304.505925][T16249] BTRFS info (device loop5): auto enabling async discard [ 304.543077][T16293] BTRFS: device /dev/loop3 using temp-fsid 71d84a65-3ed8-43c5-a954-4aecde091484 [ 304.564609][T16249] BTRFS info (device loop5): rebuilding free space tree [pid 16293] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16298] <... write resumed>) = 16777216 [pid 16298] munmap(0x7fda9371b000, 138412032) = 0 [ 304.593950][T16293] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (16293) [ 304.622675][T16249] BTRFS info (device loop5): disabling free space tree [pid 16298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 16291] <... write resumed>) = 16777216 [pid 16291] munmap(0x7fda9371b000, 138412032 [pid 16298] <... openat resumed>) = 4 [pid 16291] <... munmap resumed>) = 0 [pid 16300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16298] ioctl(4, LOOP_SET_FD, 3 [pid 16291] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 304.641061][T16249] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 304.651486][T16293] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 304.661069][T16293] BTRFS info (device loop3): force clearing of disk cache [ 304.677243][T16298] loop2: detected capacity change from 0 to 32768 [ 304.680790][T16291] loop4: detected capacity change from 0 to 32768 [pid 16291] ioctl(4, LOOP_SET_FD, 3 [pid 16299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16298] <... ioctl resumed>) = 0 [pid 16298] close(3) = 0 [pid 16291] <... ioctl resumed>) = 0 [pid 16291] close(3) = 0 [pid 16291] mkdir("./file0", 0777 [pid 16298] mkdir("./file0", 0777 [pid 16291] <... mkdir resumed>) = 0 [pid 16291] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16298] <... mkdir resumed>) = 0 [ 304.684179][T16249] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 304.701002][T16293] BTRFS info (device loop3): setting nodatasum [ 304.715615][T16293] BTRFS info (device loop3): allowing degraded mounts [ 304.724515][T16293] BTRFS info (device loop3): enabling disk space caching [ 304.733373][T16291] BTRFS: device /dev/loop4 using temp-fsid c8698333-7533-4c2f-a512-86926f0dad4f [pid 16298] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16249] <... mount resumed>) = 0 [pid 16249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16249] chdir("./file0") = 0 [pid 16249] ioctl(4, LOOP_CLR_FD) = 0 [pid 16249] close(4) = 0 [pid 16249] open("./file0", O_RDONLY) = 4 [pid 16249] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 16249] open("./file0", O_RDONLY) = 5 [ 304.736436][T16249] BTRFS info (device loop5): checking UUID tree [ 304.749173][T16293] BTRFS info (device loop3): disk space caching is enabled [ 304.756912][T16291] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (16291) [ 304.775474][T16298] BTRFS: device /dev/loop2 using temp-fsid 57a87df4-ec11-4635-bd3e-8c7a23670d82 [pid 16249] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16249] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [ 304.803320][T16298] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (16298) [ 304.821702][T16291] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 304.839191][T16291] BTRFS info (device loop4): force clearing of disk cache [pid 16249] exit_group(0) = ? [pid 16249] +++ exited with 0 +++ [ 304.848930][T16291] BTRFS info (device loop4): setting nodatasum [ 304.849535][T16298] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 304.855085][T16291] BTRFS info (device loop4): allowing degraded mounts [ 304.872040][T16291] BTRFS info (device loop4): enabling disk space caching [ 304.879327][T16291] BTRFS info (device loop4): disk space caching is enabled [ 304.880221][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16249, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5069] umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./103/binderfs") = 0 [ 304.899835][T16298] BTRFS info (device loop2): force clearing of disk cache [ 304.907671][T16298] BTRFS info (device loop2): setting nodatasum [ 304.915194][T16298] BTRFS info (device loop2): allowing degraded mounts [ 304.923550][T16298] BTRFS info (device loop2): enabling disk space caching [ 304.930850][T16298] BTRFS info (device loop2): disk space caching is enabled [ 304.977484][T16293] BTRFS info (device loop3): enabling ssd optimizations [ 305.013890][T16291] BTRFS info (device loop4): enabling ssd optimizations [pid 5069] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16299] <... write resumed>) = 16777216 [ 305.021115][T16293] BTRFS info (device loop3): auto enabling async discard [pid 16299] munmap(0x7fda9371b000, 138412032) = 0 [pid 16299] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 305.054185][T16291] BTRFS info (device loop4): auto enabling async discard [ 305.067488][T16293] BTRFS info (device loop3): rebuilding free space tree [ 305.093961][T16299] loop1: detected capacity change from 0 to 32768 [pid 16299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16299] close(3) = 0 [pid 16299] mkdir("./file0", 0777) = 0 [pid 16299] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16300] <... write resumed>) = 16777216 [pid 16300] munmap(0x7fda9371b000, 138412032) = 0 [ 305.097137][T16291] BTRFS info (device loop4): rebuilding free space tree [ 305.114439][T16299] BTRFS: device /dev/loop1 using temp-fsid 3b1987a2-d99d-4574-a1f8-c01023fede6a [ 305.138982][T16299] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (16299) [pid 16300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16300] close(3) = 0 [pid 16300] mkdir("./file0", 0777) = 0 [ 305.155599][T16293] BTRFS info (device loop3): disabling free space tree [ 305.159110][T16291] BTRFS info (device loop4): disabling free space tree [ 305.163928][T16300] loop0: detected capacity change from 0 to 32768 [ 305.178460][T16293] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 305.188463][T16293] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 305.195211][T16291] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 305.202110][T16293] BTRFS info (device loop3): checking UUID tree [ 305.226134][T16299] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 305.240837][T16291] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 16300] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16293] <... mount resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 16293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16293] <... openat resumed>) = 3 [ 305.240949][T16300] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (16300) [ 305.253826][T16299] BTRFS info (device loop1): force clearing of disk cache [ 305.271482][T16299] BTRFS info (device loop1): setting nodatasum [ 305.286154][T16291] BTRFS info (device loop4): checking UUID tree [ 305.292614][T16299] BTRFS info (device loop1): allowing degraded mounts [pid 5069] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16293] chdir("./file0" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16293] <... chdir resumed>) = 0 [pid 16291] <... mount resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16293] ioctl(4, LOOP_CLR_FD [pid 16291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... openat resumed>) = 4 [pid 16293] <... ioctl resumed>) = 0 [pid 16291] <... openat resumed>) = 3 [pid 5069] newfstatat(4, "", [pid 16293] close(4 [pid 16291] chdir("./file0" [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16293] <... close resumed>) = 0 [pid 16291] <... chdir resumed>) = 0 [pid 5069] getdents64(4, [pid 16291] ioctl(4, LOOP_CLR_FD [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 16291] <... ioctl resumed>) = 0 [pid 5069] getdents64(4, [pid 16291] close(4 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 16291] <... close resumed>) = 0 [pid 5069] close(4 [pid 16293] open("./file0", O_RDONLY [pid 16291] open("./file0", O_RDONLY [pid 5069] <... close resumed>) = 0 [pid 16293] <... open resumed>) = 4 [pid 16291] <... open resumed>) = 4 [ 305.300294][T16299] BTRFS info (device loop1): enabling disk space caching [ 305.308510][T16298] BTRFS info (device loop2): enabling ssd optimizations [ 305.316376][T16299] BTRFS info (device loop1): disk space caching is enabled [ 305.324226][T16298] BTRFS info (device loop2): auto enabling async discard [ 305.331360][T16300] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 305.331392][T16300] BTRFS info (device loop0): force clearing of disk cache [ 305.331408][T16300] BTRFS info (device loop0): setting nodatasum [pid 5069] rmdir("./103/file0" [pid 16291] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] <... rmdir resumed>) = 0 [pid 16293] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16291] <... ioctl resumed>) = 0 [pid 5069] getdents64(3, [pid 16293] <... ioctl resumed>) = 0 [pid 16291] open("./file0", O_RDONLY [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 16291] <... open resumed>) = 5 [pid 16293] open("./file0", O_RDONLY [pid 16291] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./103") = 0 [pid 16291] <... ioctl resumed>) = 0 [pid 5069] mkdir("./104", 0777 [pid 16293] <... open resumed>) = 5 [pid 5069] <... mkdir resumed>) = 0 [pid 16293] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16291] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [ 305.331424][T16300] BTRFS info (device loop0): allowing degraded mounts [ 305.331441][T16300] BTRFS info (device loop0): enabling disk space caching [ 305.331455][T16300] BTRFS info (device loop0): disk space caching is enabled [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 16291] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] <... openat resumed>) = 3 [pid 16293] <... ioctl resumed>) = 0 [pid 16291] exit_group(0 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 16293] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16291] <... exit_group resumed>) = ? [pid 16293] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] close(3 [pid 16291] +++ exited with 0 +++ [pid 16293] exit_group(0) = ? [pid 5069] <... close resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16291, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 16293] +++ exited with 0 +++ [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16293, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5068] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 16376 attached [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 16376 [pid 5068] umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16376] set_robust_list(0x555557145760, 24 [pid 5068] umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16376] <... set_robust_list resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 16376] chdir("./104") = 0 [pid 16376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16376] setpgid(0, 0) = 0 [pid 16376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16376] write(3, "1000", 4) = 4 [ 305.397040][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 305.402447][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 305.427816][T16298] BTRFS info (device loop2): rebuilding free space tree [pid 16376] close(3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(3, "", [pid 5068] newfstatat(AT_FDCWD, "./103/binderfs", [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16376] <... close resumed>) = 0 [pid 16376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16376] memfd_create("syzkaller", 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] getdents64(3, [pid 16376] <... memfd_create resumed>) = 3 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] unlink("./103/binderfs" [pid 5067] umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16376] <... mmap resumed>) = 0x7fda9371b000 [pid 5067] newfstatat(AT_FDCWD, "./104/binderfs", [pid 5068] <... unlink resumed>) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./104/binderfs") = 0 [pid 5067] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 305.494246][T16298] BTRFS info (device loop2): disabling free space tree [ 305.529233][T16298] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 305.555717][T16299] BTRFS info (device loop1): enabling ssd optimizations [pid 5068] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16298] <... mount resumed>) = 0 [pid 16298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16298] chdir("./file0") = 0 [ 305.597918][T16298] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 305.599313][T16300] BTRFS info (device loop0): enabling ssd optimizations [pid 16298] ioctl(4, LOOP_CLR_FD) = 0 [pid 16298] close(4 [pid 16299] <... mount resumed>) = 0 [pid 16298] <... close resumed>) = 0 [pid 16298] open("./file0", O_RDONLY) = 4 [pid 16298] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16299] chdir("./file0") = 0 [pid 16299] ioctl(4, LOOP_CLR_FD) = 0 [pid 16299] close(4) = 0 [pid 16299] open("./file0", O_RDONLY) = 4 [pid 16299] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16298] <... ioctl resumed>) = 0 [pid 16298] open("./file0", O_RDONLY) = 5 [pid 16298] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16299] <... ioctl resumed>) = 0 [pid 16299] open("./file0", O_RDONLY) = 5 [pid 16299] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16299] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16299] exit_group(0) = ? [pid 16299] +++ exited with 0 +++ [pid 16298] <... ioctl resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16299, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5065] umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16298] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5068] <... umount2 resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 16298] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16298] exit_group(0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(3, "", [pid 16298] <... exit_group resumed>) = ? [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16298] +++ exited with 0 +++ [pid 5068] newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] getdents64(3, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16298, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5068] openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] restart_syscall(<... resuming interrupted clone ...> [pid 5068] getdents64(4, [pid 5066] <... restart_syscall resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] getdents64(4, [pid 5067] <... umount2 resumed>) = 0 [pid 5065] umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] rmdir("./103/file0" [pid 5066] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] newfstatat(AT_FDCWD, "./103/binderfs", [pid 5067] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... openat resumed>) = 3 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(3, "", [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] newfstatat(AT_FDCWD, "./104/file0", [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] unlink("./103/binderfs" [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] getdents64(3, [pid 5065] <... unlink resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./103") = 0 [pid 5066] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] mkdir("./104", 0777 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... mkdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] newfstatat(AT_FDCWD, "./105/binderfs", [pid 5067] <... openat resumed>) = 4 [pid 5066] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] unlink("./105/binderfs" [pid 5067] getdents64(4, [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] <... unlink resumed>) = 0 [pid 5067] getdents64(4, [pid 5066] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5067] close(4 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] <... close resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] rmdir("./104/file0") = 0 ./strace-static-x86_64: Process 16401 attached [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 16401 [pid 5067] getdents64(3, [pid 16300] <... mount resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 16300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5067] <... close resumed>) = 0 [pid 16300] <... openat resumed>) = 3 [pid 16300] chdir("./file0") = 0 [pid 16300] ioctl(4, LOOP_CLR_FD) = 0 [pid 16300] close(4) = 0 [pid 16300] open("./file0", O_RDONLY) = 4 [pid 16300] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16401] set_robust_list(0x555557145760, 24) = 0 [pid 5067] rmdir("./104" [pid 16401] chdir("./104" [pid 5067] <... rmdir resumed>) = 0 [pid 16401] <... chdir resumed>) = 0 [pid 5067] mkdir("./105", 0777) = 0 [pid 16401] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 16401] <... prctl resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 16401] setpgid(0, 0) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 16401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(3 [pid 16401] <... openat resumed>) = 3 [pid 5067] <... close resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16300] <... ioctl resumed>) = 0 [pid 16401] write(3, "1000", 4 [pid 16300] open("./file0", O_RDONLY) = 5 [pid 16300] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16300] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}./strace-static-x86_64: Process 16404 attached [pid 16401] <... write resumed>) = 4 [pid 16300] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 16404 [pid 16300] exit_group(0 [pid 16401] close(3) = 0 [pid 16300] <... exit_group resumed>) = ? [pid 16404] set_robust_list(0x555557145760, 24 [pid 16401] symlink("/dev/binderfs", "./binderfs" [pid 16404] <... set_robust_list resumed>) = 0 [pid 16401] <... symlink resumed>) = 0 [pid 16404] chdir("./105") = 0 [pid 16401] memfd_create("syzkaller", 0 [pid 16404] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16300] +++ exited with 0 +++ [pid 16404] <... prctl resumed>) = 0 [pid 16401] <... memfd_create resumed>) = 3 [pid 16404] setpgid(0, 0 [pid 16401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16300, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- [pid 16404] <... setpgid resumed>) = 0 [pid 16401] <... mmap resumed>) = 0x7fda9371b000 [pid 16404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16404] write(3, "1000", 4 [pid 5064] <... openat resumed>) = 3 [pid 16404] <... write resumed>) = 4 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16404] close(3 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./103/binderfs") = 0 [pid 5064] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16404] <... close resumed>) = 0 [pid 16404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16404] memfd_create("syzkaller", 0) = 3 [pid 16404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5065] <... umount2 resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5065] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... openat resumed>) = 4 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(4, "", [pid 5066] newfstatat(AT_FDCWD, "./105/file0", [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./103/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./103") = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] mkdir("./104", 0777 [pid 5066] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... mkdir resumed>) = 0 [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5066] openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... openat resumed>) = 3 [pid 5066] <... openat resumed>) = 4 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 5066] newfstatat(4, "", [pid 5065] <... ioctl resumed>) = 0 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] getdents64(4, ./strace-static-x86_64: Process 16405 attached [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 16405 [pid 16405] set_robust_list(0x555557145760, 24 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 16405] <... set_robust_list resumed>) = 0 [pid 16405] chdir("./104") = 0 [pid 16405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16405] setpgid(0, 0) = 0 [pid 16405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16405] write(3, "1000", 4) = 4 [pid 16405] close(3) = 0 [pid 16405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16405] memfd_create("syzkaller", 0 [pid 5066] getdents64(4, [pid 16405] <... memfd_create resumed>) = 3 [pid 5066] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 16405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] <... close resumed>) = 0 [pid 5066] rmdir("./105/file0" [pid 16405] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] <... rmdir resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./105") = 0 [pid 5066] mkdir("./106", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16407 ./strace-static-x86_64: Process 16407 attached [pid 16407] set_robust_list(0x555557145760, 24) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 16407] chdir("./106" [pid 5064] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16407] <... chdir resumed>) = 0 [pid 16407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./103/file0", [pid 16407] setpgid(0, 0 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 16407] <... setpgid resumed>) = 0 [pid 16407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./103/file0") = 0 [pid 16407] <... openat resumed>) = 3 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 16407] write(3, "1000", 4 [pid 5064] <... close resumed>) = 0 [pid 16407] <... write resumed>) = 4 [pid 5064] rmdir("./103" [pid 16407] close(3 [pid 5064] <... rmdir resumed>) = 0 [pid 5064] mkdir("./104", 0777 [pid 16407] <... close resumed>) = 0 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16408 attached [pid 16407] symlink("/dev/binderfs", "./binderfs" [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 16408 [pid 16408] set_robust_list(0x555557145760, 24 [pid 16407] <... symlink resumed>) = 0 [pid 16408] <... set_robust_list resumed>) = 0 [pid 16408] chdir("./104") = 0 [pid 16408] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16407] memfd_create("syzkaller", 0 [pid 16408] <... prctl resumed>) = 0 [pid 16408] setpgid(0, 0) = 0 [pid 16408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16408] write(3, "1000", 4) = 4 [pid 16408] close(3) = 0 [pid 16408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16408] memfd_create("syzkaller", 0) = 3 [pid 16408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16407] <... memfd_create resumed>) = 3 [pid 16407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16376] <... write resumed>) = 16777216 [pid 16376] munmap(0x7fda9371b000, 138412032) = 0 [pid 16376] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 16376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16376] close(3) = 0 [ 306.599031][T16376] loop5: detected capacity change from 0 to 32768 [pid 16376] mkdir("./file0", 0777) = 0 [ 306.684864][T16376] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (16376) [pid 16376] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16407] <... write resumed>) = 16777216 [pid 16407] munmap(0x7fda9371b000, 138412032) = 0 [pid 16401] <... write resumed>) = 16777216 [pid 16407] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 16401] munmap(0x7fda9371b000, 138412032 [pid 16407] <... openat resumed>) = 4 [pid 16407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16401] <... munmap resumed>) = 0 [pid 16376] <... mount resumed>) = 0 [pid 16376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16376] chdir("./file0") = 0 [pid 16376] ioctl(4, LOOP_CLR_FD) = 0 [pid 16376] close(4) = 0 [pid 16407] close(3) = 0 [pid 16407] mkdir("./file0", 0777) = 0 [pid 16407] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16376] open("./file0", O_RDONLY) = 4 [pid 16376] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16401] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 307.100474][T16407] loop2: detected capacity change from 0 to 32768 [ 307.129700][T16407] BTRFS: device /dev/loop2 using temp-fsid 3d0d763c-542c-40db-ab6d-845acaa96087 [pid 16401] ioctl(4, LOOP_SET_FD, 3 [pid 16376] <... ioctl resumed>) = 0 [pid 16376] open("./file0", O_RDONLY) = 5 [pid 16376] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16376] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16404] <... write resumed>) = 16777216 [pid 16401] <... ioctl resumed>) = 0 [pid 16376] exit_group(0) = ? [pid 16404] munmap(0x7fda9371b000, 138412032 [pid 16401] close(3 [pid 16376] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16376, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 16401] <... close resumed>) = 0 [ 307.154567][T16401] loop4: detected capacity change from 0 to 32768 [ 307.181641][T16407] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (16407) [pid 16401] mkdir("./file0", 0777 [pid 5069] umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16401] <... mkdir resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5069] newfstatat(3, "", [pid 16404] <... munmap resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 16404] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 16401] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16404] <... openat resumed>) = 4 [pid 5069] unlink("./104/binderfs" [pid 16404] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... unlink resumed>) = 0 [pid 5069] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16404] <... ioctl resumed>) = 0 [pid 16404] close(3) = 0 [pid 16404] mkdir("./file0", 0777) = 0 [ 307.253375][T16404] loop3: detected capacity change from 0 to 32768 [ 307.269449][T16401] BTRFS: device /dev/loop4 using temp-fsid 7d557310-ffdf-4de6-a596-6a449f771df8 [ 307.281846][T16401] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (16401) [ 307.331326][T16404] BTRFS: device /dev/loop3 using temp-fsid e305287c-2c99-43ac-8c29-e0c5c2d85154 [pid 16404] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16405] <... write resumed>) = 16777216 [ 307.381875][T16404] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (16404) [pid 16405] munmap(0x7fda9371b000, 138412032) = 0 [pid 16405] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 16405] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16405] <... ioctl resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 16405] close(3 [pid 5069] newfstatat(4, "", [pid 16405] <... close resumed>) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16405] mkdir("./file0", 0777) = 0 [pid 5069] getdents64(4, [ 307.463540][T16405] loop1: detected capacity change from 0 to 32768 [pid 16405] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 16407] <... mount resumed>) = 0 [pid 16407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 16407] chdir("./file0") = 0 [pid 5069] close(4 [pid 16407] ioctl(4, LOOP_CLR_FD [pid 5069] <... close resumed>) = 0 [pid 16407] <... ioctl resumed>) = 0 [pid 5069] rmdir("./104/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 16407] close(4 [pid 5069] rmdir("./104" [pid 16407] <... close resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 16407] open("./file0", O_RDONLY [pid 5069] mkdir("./105", 0777 [pid 16407] <... open resumed>) = 4 [pid 5069] <... mkdir resumed>) = 0 [pid 16407] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 307.505131][T16405] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (16405) [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16473 attached [pid 16473] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 16473 [pid 16473] <... set_robust_list resumed>) = 0 [pid 16473] chdir("./105") = 0 [pid 16407] <... ioctl resumed>) = 0 [pid 16473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16473] setpgid(0, 0 [pid 16408] <... write resumed>) = 16777216 [pid 16407] open("./file0", O_RDONLY [pid 16473] <... setpgid resumed>) = 0 [pid 16407] <... open resumed>) = 5 [pid 16473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16408] munmap(0x7fda9371b000, 138412032 [pid 16407] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16473] <... openat resumed>) = 3 [pid 16408] <... munmap resumed>) = 0 [pid 16407] <... ioctl resumed>) = 0 [pid 16473] write(3, "1000", 4 [pid 16407] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16473] <... write resumed>) = 4 [pid 16407] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16473] close(3) = 0 [pid 16473] symlink("/dev/binderfs", "./binderfs" [pid 16407] exit_group(0) = ? [pid 16473] <... symlink resumed>) = 0 [pid 16407] +++ exited with 0 +++ [pid 16473] memfd_create("syzkaller", 0 [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16407, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=21 /* 0.21 s */} --- [pid 16473] <... memfd_create resumed>) = 3 [pid 16473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 16473] <... mmap resumed>) = 0x7fda9371b000 [pid 5066] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16408] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16408] <... openat resumed>) = 4 [pid 5066] newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./106/binderfs" [pid 16408] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... unlink resumed>) = 0 [pid 16408] <... ioctl resumed>) = 0 [pid 5066] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16404] <... mount resumed>) = 0 [pid 16404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16404] chdir("./file0") = 0 [pid 16404] ioctl(4, LOOP_CLR_FD) = 0 [pid 16401] <... mount resumed>) = 0 [pid 16404] close(4 [pid 16401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16404] <... close resumed>) = 0 [pid 16401] <... openat resumed>) = 3 [pid 16404] open("./file0", O_RDONLY [pid 16401] chdir("./file0" [pid 16404] <... open resumed>) = 4 [pid 16401] <... chdir resumed>) = 0 [pid 16404] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16401] ioctl(4, LOOP_CLR_FD) = 0 [pid 16401] close(4) = 0 [pid 16401] open("./file0", O_RDONLY) = 4 [pid 16401] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16408] close(3) = 0 [ 307.650864][T16408] loop0: detected capacity change from 0 to 32768 [pid 16408] mkdir("./file0", 0777) = 0 [pid 16408] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16404] <... ioctl resumed>) = 0 [pid 16404] open("./file0", O_RDONLY) = 5 [pid 16404] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 307.721929][T16405] _btrfs_printk: 78 callbacks suppressed [ 307.721945][T16405] BTRFS info (device loop1): rebuilding free space tree [ 307.747011][T16408] BTRFS: device /dev/loop0 using temp-fsid 563c5c85-3a93-4caf-8bec-237c92094fd0 [pid 16404] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16401] <... ioctl resumed>) = 0 [pid 16401] open("./file0", O_RDONLY) = 5 [pid 16404] exit_group(0 [pid 16401] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16404] <... exit_group resumed>) = ? [pid 16404] +++ exited with 0 +++ [pid 16401] <... ioctl resumed>) = 0 [pid 16401] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16404, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- [pid 16401] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16401] exit_group(0) = ? [pid 5067] umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16401] +++ exited with 0 +++ [pid 5067] <... openat resumed>) = 3 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16401, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] getdents64(3, [pid 5068] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] getdents64(3, [pid 5067] umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 307.791990][ T12] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 307.821755][T16408] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (16408) [pid 5068] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] newfstatat(AT_FDCWD, "./105/binderfs", [pid 5068] unlink("./104/binderfs") = 0 [pid 5068] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] unlink("./105/binderfs") = 0 [ 307.854753][T16405] BTRFS info (device loop1): disabling free space tree [ 307.865962][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 307.874160][T16405] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 307.892318][T16408] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5067] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./106/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./106") = 0 [pid 5066] mkdir("./107", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16494 attached [ 307.940053][T16408] BTRFS info (device loop0): force clearing of disk cache [ 307.961181][T16405] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) , child_tidptr=0x555557145750) = 16494 [pid 16494] set_robust_list(0x555557145760, 24) = 0 [pid 16494] chdir("./107") = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 16494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16494] <... prctl resumed>) = 0 [pid 16494] setpgid(0, 0 [pid 5068] <... umount2 resumed>) = 0 [pid 16494] <... setpgid resumed>) = 0 [pid 16494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16494] write(3, "1000", 4 [pid 5068] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16494] <... write resumed>) = 4 [pid 5067] newfstatat(AT_FDCWD, "./105/file0", [pid 16494] close(3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16494] <... close resumed>) = 0 [pid 5068] newfstatat(AT_FDCWD, "./104/file0", [pid 16494] symlink("/dev/binderfs", "./binderfs" [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16494] <... symlink resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 16494] memfd_create("syzkaller", 0 [pid 5068] openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5067] newfstatat(4, "", [pid 16494] <... memfd_create resumed>) = 3 [pid 5068] <... openat resumed>) = 4 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5068] newfstatat(4, "", [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 16494] <... mmap resumed>) = 0x7fda9371b000 [pid 5068] getdents64(4, [pid 5067] close(4 [ 307.995175][T16408] BTRFS info (device loop0): setting nodatasum [ 308.015081][T16408] BTRFS info (device loop0): allowing degraded mounts [pid 5068] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] <... close resumed>) = 0 [pid 5068] getdents64(4, [pid 5067] rmdir("./105/file0" [pid 5068] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] <... rmdir resumed>) = 0 [pid 5068] close(4 [pid 5067] getdents64(3, [pid 5068] <... close resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] rmdir("./104/file0" [pid 5067] close(3 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5067] rmdir("./105" [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5067] <... rmdir resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5067] mkdir("./106", 0777 [pid 5068] rmdir("./104" [pid 5067] <... mkdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5068] mkdir("./105", 0777 [pid 5067] <... openat resumed>) = 3 [pid 5068] <... mkdir resumed>) = 0 [pid 5067] ioctl(3, LOOP_CLR_FD [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5067] <... ioctl resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5067] close(3 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5067] <... close resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16500 attached [pid 16500] set_robust_list(0x555557145760, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555557145750) = 16500 [pid 16500] <... set_robust_list resumed>) = 0 [pid 5068] close(3 [pid 16500] chdir("./106") = 0 [pid 5068] <... close resumed>) = 0 [pid 16500] prctl(PR_SET_PDEATHSIG, SIGKILL [ 308.049640][T16405] BTRFS info (device loop1): checking UUID tree [ 308.062753][T16408] BTRFS info (device loop0): enabling disk space caching [ 308.084393][T16408] BTRFS info (device loop0): disk space caching is enabled [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16502 attached [pid 16500] <... prctl resumed>) = 0 [pid 16500] setpgid(0, 0 [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 16502 [pid 16500] <... setpgid resumed>) = 0 [pid 16502] set_robust_list(0x555557145760, 24 [pid 16500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16405] <... mount resumed>) = 0 [pid 16502] <... set_robust_list resumed>) = 0 [pid 16405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16502] chdir("./105" [pid 16500] <... openat resumed>) = 3 [pid 16405] <... openat resumed>) = 3 [pid 16500] write(3, "1000", 4) = 4 [pid 16500] close(3) = 0 [pid 16500] symlink("/dev/binderfs", "./binderfs" [pid 16502] <... chdir resumed>) = 0 [pid 16405] chdir("./file0" [pid 16502] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16500] <... symlink resumed>) = 0 [pid 16405] <... chdir resumed>) = 0 [pid 16502] <... prctl resumed>) = 0 [pid 16405] ioctl(4, LOOP_CLR_FD [pid 16502] setpgid(0, 0 [pid 16500] memfd_create("syzkaller", 0 [pid 16405] <... ioctl resumed>) = 0 [pid 16502] <... setpgid resumed>) = 0 [pid 16500] <... memfd_create resumed>) = 3 [pid 16405] close(4 [pid 16502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16405] <... close resumed>) = 0 [pid 16502] <... openat resumed>) = 3 [pid 16405] open("./file0", O_RDONLY [pid 16500] <... mmap resumed>) = 0x7fda9371b000 [pid 16502] write(3, "1000", 4 [pid 16405] <... open resumed>) = 4 [pid 16502] <... write resumed>) = 4 [pid 16502] close(3 [pid 16405] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16502] <... close resumed>) = 0 [pid 16502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16502] memfd_create("syzkaller", 0) = 3 [pid 16502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16405] <... ioctl resumed>) = 0 [pid 16405] open("./file0", O_RDONLY) = 5 [pid 16405] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16405] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16405] exit_group(0) = ? [pid 16405] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16405, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- [pid 5065] umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] unlink("./104/binderfs") = 0 [ 308.315605][T16408] BTRFS info (device loop0): enabling ssd optimizations [ 308.349953][ T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [pid 5065] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 308.381255][T16408] BTRFS info (device loop0): auto enabling async discard [ 308.433174][T16408] BTRFS info (device loop0): rebuilding free space tree [pid 16494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 308.502337][T16408] BTRFS info (device loop0): disabling free space tree [ 308.527785][T16408] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 308.599497][T16408] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 16500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16473] <... write resumed>) = 16777216 [pid 16408] <... mount resumed>) = 0 [pid 16408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5065] <... umount2 resumed>) = 0 [pid 16408] <... openat resumed>) = 3 [pid 16408] chdir("./file0") = 0 [pid 16408] ioctl(4, LOOP_CLR_FD) = 0 [pid 16408] close(4) = 0 [pid 16408] open("./file0", O_RDONLY [pid 5065] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16408] <... open resumed>) = 4 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 308.671424][T16408] BTRFS info (device loop0): checking UUID tree [pid 16408] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16473] munmap(0x7fda9371b000, 138412032 [pid 5065] newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4) = 0 [pid 5065] rmdir("./104/file0") = 0 [pid 5065] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [pid 5065] rmdir("./104") = 0 [pid 5065] mkdir("./105", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5065] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] close(3) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16515 ./strace-static-x86_64: Process 16515 attached [pid 16408] <... ioctl resumed>) = 0 [pid 16515] set_robust_list(0x555557145760, 24) = 0 [pid 16408] open("./file0", O_RDONLY [pid 16515] chdir("./105") = 0 [pid 16408] <... open resumed>) = 5 [pid 16515] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16473] <... munmap resumed>) = 0 [pid 16408] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16515] <... prctl resumed>) = 0 [pid 16408] <... ioctl resumed>) = 0 [pid 16515] setpgid(0, 0 [pid 16473] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 16408] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16473] <... openat resumed>) = 4 [pid 16408] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 16408] exit_group(0 [pid 16515] <... setpgid resumed>) = 0 [pid 16408] <... exit_group resumed>) = ? [pid 16515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16408] +++ exited with 0 +++ [pid 16473] ioctl(4, LOOP_SET_FD, 3 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16408, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 16515] <... openat resumed>) = 3 [pid 5064] umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16515] write(3, "1000", 4 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16515] <... write resumed>) = 4 [pid 5064] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16473] <... ioctl resumed>) = 0 [pid 16515] close(3) = 0 [pid 16473] close(3 [pid 5064] <... openat resumed>) = 3 [ 308.791105][ T1047] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 308.830527][T16473] loop5: detected capacity change from 0 to 32768 [pid 16515] symlink("/dev/binderfs", "./binderfs" [pid 16473] <... close resumed>) = 0 [pid 5064] newfstatat(3, "", [pid 16515] <... symlink resumed>) = 0 [pid 16473] mkdir("./file0", 0777 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 16473] <... mkdir resumed>) = 0 [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 16515] memfd_create("syzkaller", 0 [pid 5064] umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16473] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./104/binderfs") = 0 [pid 5064] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16515] <... memfd_create resumed>) = 3 [pid 16515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 308.886571][T16473] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (16473) [ 308.948612][T16473] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 308.991215][T16473] BTRFS info (device loop5): force clearing of disk cache [ 309.053228][T16473] BTRFS info (device loop5): setting nodatasum [ 309.090145][T16473] BTRFS info (device loop5): allowing degraded mounts [ 309.096929][T16473] BTRFS info (device loop5): enabling disk space caching [pid 16494] <... write resumed>) = 16777216 [pid 5064] <... umount2 resumed>) = 0 [pid 16494] munmap(0x7fda9371b000, 138412032 [pid 5064] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16494] <... munmap resumed>) = 0 [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16494] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16494] <... openat resumed>) = 4 [pid 16494] ioctl(4, LOOP_SET_FD, 3 [pid 5064] openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(4) = 0 [pid 5064] rmdir("./104/file0") = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [pid 5064] rmdir("./104") = 0 [pid 5064] mkdir("./105", 0777) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5064] ioctl(3, LOOP_CLR_FD [pid 16494] <... ioctl resumed>) = 0 [pid 5064] <... ioctl resumed>) = 0 [pid 16494] close(3) = 0 [ 309.157062][T16494] loop2: detected capacity change from 0 to 32768 [ 309.168723][T16473] BTRFS info (device loop5): disk space caching is enabled [pid 16494] mkdir("./file0", 0777) = 0 [pid 16494] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5064] close(3) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16521 ./strace-static-x86_64: Process 16521 attached [pid 16521] set_robust_list(0x555557145760, 24) = 0 [pid 16521] chdir("./105" [pid 16500] <... write resumed>) = 16777216 [pid 16521] <... chdir resumed>) = 0 [pid 16521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 309.214362][T16494] BTRFS: device /dev/loop2 using temp-fsid bcc3b8d1-f855-4a37-be27-755edf54af04 [ 309.238620][T16494] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (16494) [pid 16521] setpgid(0, 0) = 0 [pid 16521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16500] munmap(0x7fda9371b000, 138412032 [pid 16521] <... openat resumed>) = 3 [pid 16521] write(3, "1000", 4) = 4 [pid 16521] close(3) = 0 [pid 16521] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16500] <... munmap resumed>) = 0 [pid 16521] memfd_create("syzkaller", 0 [pid 16500] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 16521] <... memfd_create resumed>) = 3 [pid 16500] <... openat resumed>) = 4 [pid 16500] ioctl(4, LOOP_SET_FD, 3 [ 309.284073][T16494] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 309.306136][T16494] BTRFS info (device loop2): force clearing of disk cache [pid 16521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16500] <... ioctl resumed>) = 0 [pid 16500] close(3) = 0 [pid 16500] mkdir("./file0", 0777) = 0 [ 309.362936][T16500] loop3: detected capacity change from 0 to 32768 [ 309.375506][T16494] BTRFS info (device loop2): setting nodatasum [pid 16500] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16502] <... write resumed>) = 16777216 [ 309.432948][T16494] BTRFS info (device loop2): allowing degraded mounts [ 309.440282][T16500] BTRFS: device /dev/loop3 using temp-fsid bc5e462f-be5e-472b-a434-0ba85164cd49 [ 309.456537][T16473] BTRFS info (device loop5): enabling ssd optimizations [ 309.463590][T16473] BTRFS info (device loop5): auto enabling async discard [pid 16521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 309.481366][T16473] BTRFS info (device loop5): rebuilding free space tree [ 309.499893][T16494] BTRFS info (device loop2): enabling disk space caching [ 309.502846][T16500] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (16500) [ 309.525243][T16494] BTRFS info (device loop2): disk space caching is enabled [pid 16502] munmap(0x7fda9371b000, 138412032) = 0 [pid 16515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16502] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 16502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16502] close(3) = 0 [ 309.540142][T16473] BTRFS info (device loop5): disabling free space tree [ 309.547029][T16473] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 309.563205][T16502] loop4: detected capacity change from 0 to 32768 [ 309.569882][T16500] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [pid 16502] mkdir("./file0", 0777) = 0 [ 309.588735][T16473] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 309.596356][T16502] BTRFS: device /dev/loop4 using temp-fsid 72461062-180e-4daf-87c8-66521405c6e6 [ 309.608515][T16500] BTRFS info (device loop3): force clearing of disk cache [ 309.625901][T16502] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (16502) [ 309.629165][T16473] BTRFS info (device loop5): checking UUID tree [ 309.654660][T16500] BTRFS info (device loop3): setting nodatasum [ 309.681554][T16500] BTRFS info (device loop3): allowing degraded mounts [pid 16502] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16473] <... mount resumed>) = 0 [pid 16473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16473] chdir("./file0") = 0 [pid 16473] ioctl(4, LOOP_CLR_FD) = 0 [pid 16473] close(4) = 0 [pid 16473] open("./file0", O_RDONLY) = 4 [pid 16473] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 16473] open("./file0", O_RDONLY) = 5 [pid 16473] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16473] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16473] exit_group(0) = ? [pid 16473] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16473, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5069] umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 309.722241][T16502] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 309.728781][T16500] BTRFS info (device loop3): enabling disk space caching [pid 5069] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./105/binderfs") = 0 [ 309.770634][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 309.773399][T16502] BTRFS info (device loop4): force clearing of disk cache [ 309.805474][T16500] BTRFS info (device loop3): disk space caching is enabled [ 309.823030][T16502] BTRFS info (device loop4): setting nodatasum [ 309.851662][T16502] BTRFS info (device loop4): allowing degraded mounts [ 309.857341][T16494] BTRFS info (device loop2): enabling ssd optimizations [ 309.859167][T16502] BTRFS info (device loop4): enabling disk space caching [pid 5069] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5069] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./105/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./105") = 0 [pid 5069] mkdir("./106", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16521] <... write resumed>) = 16777216 [ 309.874770][T16502] BTRFS info (device loop4): disk space caching is enabled [ 309.882653][T16494] BTRFS info (device loop2): auto enabling async discard [pid 16521] munmap(0x7fda9371b000, 138412032./strace-static-x86_64: Process 16560 attached [pid 16560] set_robust_list(0x555557145760, 24) = 0 [pid 16560] chdir("./106") = 0 [pid 16521] <... munmap resumed>) = 0 [pid 16560] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 16560 [pid 16560] <... prctl resumed>) = 0 [pid 16521] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 16560] setpgid(0, 0 [pid 16521] <... openat resumed>) = 4 [pid 16560] <... setpgid resumed>) = 0 [pid 16521] ioctl(4, LOOP_SET_FD, 3 [pid 16560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16521] <... ioctl resumed>) = 0 [pid 16560] write(3, "1000", 4 [pid 16521] close(3) = 0 [pid 16521] mkdir("./file0", 0777) = 0 [pid 16560] <... write resumed>) = 4 [ 309.943566][T16494] BTRFS info (device loop2): rebuilding free space tree [ 309.965488][T16521] loop0: detected capacity change from 0 to 32768 [ 309.979691][T16494] BTRFS info (device loop2): disabling free space tree [pid 16521] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16560] close(3) = 0 [pid 16560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16560] memfd_create("syzkaller", 0) = 3 [pid 16560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 309.987792][T16494] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 309.997953][T16521] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (16521) [ 310.038778][T16494] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 310.063884][T16521] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 310.076715][T16494] BTRFS info (device loop2): checking UUID tree [pid 16494] <... mount resumed>) = 0 [pid 16494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16494] chdir("./file0") = 0 [pid 16494] ioctl(4, LOOP_CLR_FD) = 0 [pid 16494] close(4) = 0 [pid 16494] open("./file0", O_RDONLY) = 4 [pid 16494] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 310.091842][T16521] BTRFS info (device loop0): force clearing of disk cache [ 310.124952][T16521] BTRFS info (device loop0): setting nodatasum [ 310.131413][T16521] BTRFS info (device loop0): allowing degraded mounts [pid 16515] <... write resumed>) = 16777216 [ 310.134317][T16502] BTRFS info (device loop4): enabling ssd optimizations [pid 16515] munmap(0x7fda9371b000, 138412032) = 0 [pid 16515] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 16515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16515] close(3) = 0 [pid 16494] <... ioctl resumed>) = 0 [pid 16515] mkdir("./file0", 0777 [pid 16494] open("./file0", O_RDONLY) = 5 [pid 16494] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16494] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16515] <... mkdir resumed>) = 0 [pid 16494] exit_group(0) = ? [pid 16515] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16494] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16494, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- [ 310.164134][T16521] BTRFS info (device loop0): enabling disk space caching [ 310.169031][T16515] loop1: detected capacity change from 0 to 32768 [ 310.172712][T16500] BTRFS info (device loop3): enabling ssd optimizations [ 310.201626][T16521] BTRFS info (device loop0): disk space caching is enabled [pid 16560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5066] umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 310.209589][T16515] BTRFS: device /dev/loop1 using temp-fsid 90e3625c-39fb-4051-9a72-b4c5f4496416 [ 310.214875][T16502] BTRFS info (device loop4): auto enabling async discard [ 310.218859][T16515] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (16515) [ 310.243709][T16500] BTRFS info (device loop3): auto enabling async discard [ 310.254717][T16502] BTRFS info (device loop4): rebuilding free space tree [pid 5066] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./107/binderfs") = 0 [ 310.254843][ T2497] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 310.276326][T16500] BTRFS info (device loop3): rebuilding free space tree [ 310.295058][T16502] BTRFS info (device loop4): disabling free space tree [ 310.309789][T16515] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 310.336925][T16502] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 310.352417][T16500] BTRFS info (device loop3): disabling free space tree [ 310.380827][T16515] BTRFS info (device loop1): force clearing of disk cache [ 310.390683][T16500] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5066] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16560] <... write resumed>) = 16777216 [pid 16560] munmap(0x7fda9371b000, 138412032) = 0 [ 310.421822][T16502] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 310.428791][T16515] BTRFS info (device loop1): setting nodatasum [ 310.438132][T16515] BTRFS info (device loop1): allowing degraded mounts [ 310.445040][T16515] BTRFS info (device loop1): enabling disk space caching [ 310.457407][T16515] BTRFS info (device loop1): disk space caching is enabled [ 310.464512][T16521] BTRFS info (device loop0): enabling ssd optimizations [pid 16560] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 16560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 16560] close(3 [pid 5066] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16560] <... close resumed>) = 0 [pid 5066] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16560] mkdir("./file0", 0777) = 0 [ 310.464947][T16500] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 310.483820][T16560] loop5: detected capacity change from 0 to 32768 [ 310.495447][T16500] BTRFS info (device loop3): checking UUID tree [ 310.505495][T16502] BTRFS info (device loop4): checking UUID tree [ 310.512320][T16560] BTRFS: device /dev/loop5 using temp-fsid 90d9bf26-5cf8-402a-974c-ef8718dc25bd [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16560] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5066] openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./107/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 16500] <... mount resumed>) = 0 [pid 5066] close(3 [pid 16500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] <... close resumed>) = 0 [ 310.518855][T16521] BTRFS info (device loop0): auto enabling async discard [ 310.534649][T16521] BTRFS info (device loop0): rebuilding free space tree [ 310.553873][T16560] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (16560) [pid 16500] chdir("./file0" [pid 5066] rmdir("./107" [pid 16500] <... chdir resumed>) = 0 [pid 16500] ioctl(4, LOOP_CLR_FD) = 0 [pid 16500] close(4) = 0 [pid 5066] <... rmdir resumed>) = 0 [pid 16502] <... mount resumed>) = 0 [pid 16500] open("./file0", O_RDONLY [pid 16502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16500] <... open resumed>) = 4 [pid 5066] mkdir("./108", 0777 [pid 16502] <... openat resumed>) = 3 [pid 16500] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] <... mkdir resumed>) = 0 [pid 16502] chdir("./file0" [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 16502] <... chdir resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 16502] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 16502] close(4) = 0 [pid 16500] <... ioctl resumed>) = 0 [pid 5066] <... ioctl resumed>) = 0 [pid 16502] open("./file0", O_RDONLY [pid 16500] open("./file0", O_RDONLY [pid 5066] close(3 [pid 16502] <... open resumed>) = 4 [pid 16500] <... open resumed>) = 5 [pid 5066] <... close resumed>) = 0 [pid 16500] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16500] <... ioctl resumed>) = 0 [pid 16500] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16502] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16500] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 16614 [pid 16500] exit_group(0) = ? ./strace-static-x86_64: Process 16614 attached [pid 16500] +++ exited with 0 +++ [pid 16614] set_robust_list(0x555557145760, 24 [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16500, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- [pid 16614] <... set_robust_list resumed>) = 0 [pid 16614] chdir("./108" [pid 5067] umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16614] <... chdir resumed>) = 0 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16614] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5067] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16614] <... prctl resumed>) = 0 [pid 16614] setpgid(0, 0 [pid 5067] <... openat resumed>) = 3 [pid 16614] <... setpgid resumed>) = 0 [ 310.571242][T16560] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 310.583236][T16521] BTRFS info (device loop0): disabling free space tree [ 310.593544][T16560] BTRFS info (device loop5): force clearing of disk cache [ 310.595253][ T1047] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5067] newfstatat(3, "", [pid 16614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 16614] <... openat resumed>) = 3 [pid 5067] umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16614] write(3, "1000", 4 [pid 16502] <... ioctl resumed>) = 0 [pid 16502] open("./file0", O_RDONLY [pid 16614] <... write resumed>) = 4 [pid 16502] <... open resumed>) = 5 [pid 16502] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [ 310.626233][T16521] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 310.648805][T16515] BTRFS info (device loop1): enabling ssd optimizations [ 310.655806][T16515] BTRFS info (device loop1): auto enabling async discard [ 310.656327][T16560] BTRFS info (device loop5): setting nodatasum [pid 16614] close(3) = 0 [pid 5067] unlink("./106/binderfs" [pid 16614] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... unlink resumed>) = 0 [pid 16614] <... symlink resumed>) = 0 [pid 5067] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16614] memfd_create("syzkaller", 0) = 3 [pid 16614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16502] <... ioctl resumed>) = 0 [pid 16502] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16502] exit_group(0) = ? [pid 16502] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16502, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- [pid 5068] umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [ 310.676027][ T2497] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 5068] umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./105/binderfs") = 0 [pid 16515] <... mount resumed>) = 0 [pid 16515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16521] <... mount resumed>) = 0 [pid 16515] <... openat resumed>) = 3 [pid 5068] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16521] chdir("./file0" [pid 16515] chdir("./file0" [pid 16521] <... chdir resumed>) = 0 [pid 16515] <... chdir resumed>) = 0 [pid 16515] ioctl(4, LOOP_CLR_FD) = 0 [pid 16515] close(4) = 0 [pid 16515] open("./file0", O_RDONLY) = 4 [pid 16515] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16521] ioctl(4, LOOP_CLR_FD) = 0 [pid 16521] close(4) = 0 [pid 16515] <... ioctl resumed>) = 0 [pid 16521] open("./file0", O_RDONLY [pid 16515] open("./file0", O_RDONLY) = 5 [pid 16515] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16521] <... open resumed>) = 4 [pid 16521] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16515] <... ioctl resumed>) = 0 [pid 16515] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16515] exit_group(0) = ? [pid 16515] +++ exited with 0 +++ [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16515, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5065] umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16521] <... ioctl resumed>) = 0 [pid 5067] <... umount2 resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 16521] open("./file0", O_RDONLY [pid 5065] newfstatat(3, "", [pid 16521] <... open resumed>) = 5 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16521] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5065] getdents64(3, [pid 16521] <... ioctl resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 16521] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5065] umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 16521] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5065] newfstatat(AT_FDCWD, "./105/binderfs", [pid 16521] exit_group(0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16521] <... exit_group resumed>) = ? [pid 5065] unlink("./105/binderfs") = 0 [pid 16521] +++ exited with 0 +++ [pid 5065] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16521, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5064] umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] unlink("./105/binderfs") = 0 [pid 5064] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5067] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./106/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./106") = 0 [pid 5067] mkdir("./107", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = 0 [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16637 ./strace-static-x86_64: Process 16637 attached [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 16637] set_robust_list(0x555557145760, 24 [pid 5068] close(4 [pid 16637] <... set_robust_list resumed>) = 0 [pid 16637] chdir("./107" [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./105/file0" [pid 16637] <... chdir resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 16637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] getdents64(3, [pid 16637] setpgid(0, 0 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 16637] <... setpgid resumed>) = 0 [pid 5068] close(3 [pid 16637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./105") = 0 [pid 16637] <... openat resumed>) = 3 [pid 5068] mkdir("./106", 0777) = 0 [pid 16637] write(3, "1000", 4) = 4 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 16637] close(3 [pid 5068] <... openat resumed>) = 3 [pid 16637] <... close resumed>) = 0 [pid 16637] symlink("/dev/binderfs", "./binderfs" [pid 5068] ioctl(3, LOOP_CLR_FD [pid 16637] <... symlink resumed>) = 0 [pid 5068] <... ioctl resumed>) = 0 [pid 16637] memfd_create("syzkaller", 0 [pid 5068] close(3) = 0 [pid 16637] <... memfd_create resumed>) = 3 [pid 16560] <... mount resumed>) = 0 [pid 16560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16560] chdir("./file0" [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16560] <... chdir resumed>) = 0 [pid 16637] <... mmap resumed>) = 0x7fda9371b000 [pid 16560] ioctl(4, LOOP_CLR_FD) = 0 [pid 16560] close(4) = 0 ./strace-static-x86_64: Process 16638 attached [pid 16560] open("./file0", O_RDONLY [pid 5068] <... clone resumed>, child_tidptr=0x555557145750) = 16638 [pid 16560] <... open resumed>) = 4 [pid 16638] set_robust_list(0x555557145760, 24 [pid 16560] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16638] <... set_robust_list resumed>) = 0 [pid 16638] chdir("./106") = 0 [pid 16638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16638] setpgid(0, 0) = 0 [pid 16638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16638] write(3, "1000", 4) = 4 [pid 16638] close(3) = 0 [pid 16638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16638] memfd_create("syzkaller", 0) = 3 [pid 16638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 16614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16560] <... ioctl resumed>) = 0 [pid 16560] open("./file0", O_RDONLY) = 5 [pid 16560] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16560] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16560] exit_group(0) = ? [pid 16560] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16560, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- [pid 5069] umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, [pid 5064] <... umount2 resumed>) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5064] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./105/file0", [pid 5069] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] unlink("./106/binderfs" [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... unlink resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] <... openat resumed>) = 4 [pid 5069] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] newfstatat(AT_FDCWD, "./105/file0", [pid 5064] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] getdents64(4, [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(4 [pid 5065] <... openat resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 5065] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] rmdir("./105/file0" [pid 5065] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(3, [pid 5065] getdents64(4, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] close(4 [pid 5064] close(3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5065] rmdir("./105/file0" [pid 5064] rmdir("./105" [pid 5065] <... rmdir resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5064] mkdir("./106", 0777 [pid 5065] close(3 [pid 5064] <... mkdir resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] <... close resumed>) = 0 [pid 5064] <... openat resumed>) = 3 [pid 5065] rmdir("./105" [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] close(3 [pid 5065] mkdir("./106", 0777 [pid 5064] <... close resumed>) = 0 [pid 5065] <... mkdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16642 attached [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 16642] set_robust_list(0x555557145760, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555557145750) = 16642 [pid 16642] <... set_robust_list resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 16642] chdir("./106" [pid 5065] ioctl(3, LOOP_CLR_FD [pid 16642] <... chdir resumed>) = 0 [pid 5065] <... ioctl resumed>) = 0 [pid 16637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] close(3 [pid 16642] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... close resumed>) = 0 [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 16642] <... prctl resumed>) = 0 [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 16643 ./strace-static-x86_64: Process 16643 attached [pid 16642] setpgid(0, 0 [pid 16643] set_robust_list(0x555557145760, 24 [pid 16642] <... setpgid resumed>) = 0 [pid 16643] <... set_robust_list resumed>) = 0 [pid 16642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16643] chdir("./106" [pid 16642] <... openat resumed>) = 3 [pid 16643] <... chdir resumed>) = 0 [pid 16642] write(3, "1000", 4 [pid 16643] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16642] <... write resumed>) = 4 [pid 16643] <... prctl resumed>) = 0 [pid 16642] close(3 [pid 16643] setpgid(0, 0) = 0 [pid 16642] <... close resumed>) = 0 [pid 16643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16642] symlink("/dev/binderfs", "./binderfs" [pid 16643] <... openat resumed>) = 3 [pid 16642] <... symlink resumed>) = 0 [pid 16643] write(3, "1000", 4 [pid 16642] memfd_create("syzkaller", 0 [pid 16643] <... write resumed>) = 4 [pid 16642] <... memfd_create resumed>) = 3 [pid 16643] close(3) = 0 [pid 16642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16643] symlink("/dev/binderfs", "./binderfs" [pid 16642] <... mmap resumed>) = 0x7fda9371b000 [pid 16643] <... symlink resumed>) = 0 [pid 16643] memfd_create("syzkaller", 0) = 3 [pid 16643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [pid 5069] <... umount2 resumed>) = 0 [pid 5069] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5069] newfstatat(4, "", [pid 16638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./106/file0") = 0 [pid 5069] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./106") = 0 [pid 5069] mkdir("./107", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16644 attached [pid 16644] set_robust_list(0x555557145760, 24 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 16644 [pid 16644] <... set_robust_list resumed>) = 0 [pid 16644] chdir("./107") = 0 [pid 16644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16644] setpgid(0, 0) = 0 [pid 16644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 16614] <... write resumed>) = 16777216 [pid 16644] <... openat resumed>) = 3 [pid 16644] write(3, "1000", 4 [pid 16614] munmap(0x7fda9371b000, 138412032 [pid 16644] <... write resumed>) = 4 [pid 16644] close(3) = 0 [pid 16644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16644] memfd_create("syzkaller", 0 [pid 16614] <... munmap resumed>) = 0 [pid 16644] <... memfd_create resumed>) = 3 [pid 16614] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 16614] ioctl(4, LOOP_SET_FD, 3 [pid 16644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 311.892523][T16614] loop2: detected capacity change from 0 to 32768 [pid 16614] <... ioctl resumed>) = 0 [pid 16614] close(3) = 0 [pid 16614] mkdir("./file0", 0777) = 0 [pid 16614] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 311.963148][T16614] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (16614) [pid 16642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16637] <... write resumed>) = 16777216 [pid 16637] munmap(0x7fda9371b000, 138412032) = 0 [pid 16637] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 16637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16637] close(3) = 0 [pid 16637] mkdir("./file0", 0777) = 0 [ 312.180192][T16637] loop3: detected capacity change from 0 to 32768 [pid 16637] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16638] <... write resumed>) = 16777216 [pid 16638] munmap(0x7fda9371b000, 138412032) = 0 [pid 16638] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 312.238820][T16637] BTRFS: device /dev/loop3 using temp-fsid fed8d0cc-8f47-4ce7-afe8-e6429402f3f2 [ 312.247921][T16637] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (16637) [pid 16638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16638] close(3) = 0 [pid 16638] mkdir("./file0", 0777) = 0 [ 312.296351][T16638] loop4: detected capacity change from 0 to 32768 [ 312.318929][T16638] BTRFS: device /dev/loop4 using temp-fsid 35012ace-1e19-4a5a-9080-1692357bfdc4 [ 312.327990][T16638] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (16638) [pid 16638] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16614] <... mount resumed>) = 0 [pid 16614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16614] chdir("./file0") = 0 [pid 16614] ioctl(4, LOOP_CLR_FD) = 0 [pid 16614] close(4) = 0 [pid 16614] open("./file0", O_RDONLY) = 4 [pid 16614] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 16614] open("./file0", O_RDONLY) = 5 [pid 16614] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16614] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16614] exit_group(0 [pid 16644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16614] <... exit_group resumed>) = ? [pid 16614] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16614, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=23 /* 0.23 s */} --- [pid 5066] umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./108/binderfs") = 0 [pid 5066] umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16643] <... write resumed>) = 16777216 [pid 16638] <... mount resumed>) = 0 [pid 16637] <... mount resumed>) = 0 [pid 16643] munmap(0x7fda9371b000, 138412032 [pid 16638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16643] <... munmap resumed>) = 0 [pid 16638] <... openat resumed>) = 3 [pid 16637] <... openat resumed>) = 3 [pid 16638] chdir("./file0") = 0 [pid 16637] chdir("./file0" [pid 16638] ioctl(4, LOOP_CLR_FD) = 0 [pid 16637] <... chdir resumed>) = 0 [pid 16638] close(4 [pid 16637] ioctl(4, LOOP_CLR_FD [pid 16638] <... close resumed>) = 0 [pid 16637] <... ioctl resumed>) = 0 [pid 16637] close(4) = 0 [pid 16637] open("./file0", O_RDONLY [pid 16644] <... write resumed>) = 16777216 [pid 16643] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 16638] open("./file0", O_RDONLY [pid 16637] <... open resumed>) = 4 [pid 16643] <... openat resumed>) = 4 [pid 16638] <... open resumed>) = 4 [pid 16643] ioctl(4, LOOP_SET_FD, 3 [pid 16638] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16637] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16644] munmap(0x7fda9371b000, 138412032 [pid 16638] <... ioctl resumed>) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 16638] open("./file0", O_RDONLY) = 5 [pid 16638] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16643] <... ioctl resumed>) = 0 [pid 16644] <... munmap resumed>) = 0 [pid 16642] <... write resumed>) = 16777216 [pid 16637] <... ioctl resumed>) = 0 [pid 5066] umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 312.704666][T16643] loop1: detected capacity change from 0 to 32768 [ 312.731169][ T1047] _btrfs_printk: 60 callbacks suppressed [ 312.731182][ T1047] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [pid 16644] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 16642] munmap(0x7fda9371b000, 138412032 [pid 16637] open("./file0", O_RDONLY [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16638] <... ioctl resumed>) = 0 [pid 16637] <... open resumed>) = 5 [pid 5066] newfstatat(AT_FDCWD, "./108/file0", [pid 16638] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16638] exit_group(0) = ? [pid 16638] +++ exited with 0 +++ [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16644] ioctl(4, LOOP_SET_FD, 3 [pid 16637] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5066] umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16638, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- [pid 5066] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16643] close(3) = 0 [pid 16643] mkdir("./file0", 0777) = 0 [pid 16637] <... ioctl resumed>) = 0 [pid 16637] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 16643] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16637] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5066] openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16642] <... munmap resumed>) = 0 [pid 16644] <... ioctl resumed>) = 0 [pid 16637] exit_group(0 [pid 5068] <... restart_syscall resumed>) = 0 [pid 16644] close(3 [pid 16642] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... openat resumed>) = 4 [pid 16644] <... close resumed>) = 0 [pid 5066] newfstatat(4, "", [pid 16644] mkdir("./file0", 0777 [pid 5066] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16644] <... mkdir resumed>) = 0 [pid 16642] <... openat resumed>) = 4 [pid 5068] umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] getdents64(4, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [ 312.763612][T16644] loop5: detected capacity change from 0 to 32768 [ 312.774421][ T42] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 312.774921][T16643] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (16643) [pid 16644] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16642] ioctl(4, LOOP_SET_FD, 3 [pid 16637] <... exit_group resumed>) = ? [pid 5068] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4 [pid 16637] +++ exited with 0 +++ [pid 5068] <... openat resumed>) = 3 [pid 5066] <... close resumed>) = 0 [pid 5068] newfstatat(3, "", [pid 5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16637, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 5066] rmdir("./108/file0" [pid 16642] <... ioctl resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] restart_syscall(<... resuming interrupted clone ...> [pid 5066] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5067] <... restart_syscall resumed>) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3 [pid 16642] close(3 [pid 5068] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5067] umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... close resumed>) = 0 [pid 16642] <... close resumed>) = 0 [pid 5068] umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] rmdir("./108" [pid 16642] mkdir("./file0", 0777 [pid 5067] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16642] <... mkdir resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... rmdir resumed>) = 0 [pid 16642] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5068] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5067] <... openat resumed>) = 3 [pid 5066] mkdir("./109", 0777 [pid 5067] newfstatat(3, "", [pid 5066] <... mkdir resumed>) = 0 [pid 5068] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5068] unlink("./106/binderfs" [pid 5067] getdents64(3, [pid 5066] <... openat resumed>) = 3 [pid 5068] <... unlink resumed>) = 0 [pid 5067] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] ioctl(3, LOOP_CLR_FD [pid 5068] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... ioctl resumed>) = 0 [ 312.810298][T16642] loop0: detected capacity change from 0 to 32768 [ 312.832724][T16642] BTRFS: device /dev/loop0 using temp-fsid 9a150788-4e4e-47c2-9b83-c704e9c8ef7d [ 312.855136][T16643] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5067] umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./107/binderfs", [pid 5066] close(3 [pid 5067] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... close resumed>) = 0 [pid 5067] unlink("./107/binderfs" [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16696 attached [pid 5067] <... unlink resumed>) = 0 [pid 5067] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16696] set_robust_list(0x555557145760, 24) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555557145750) = 16696 [pid 16696] chdir("./109") = 0 [pid 16696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16696] setpgid(0, 0) = 0 [pid 16696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16696] write(3, "1000", 4) = 4 [pid 16696] close(3) = 0 [pid 16696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16696] memfd_create("syzkaller", 0) = 3 [ 312.869783][T16642] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (16642) [ 312.886635][T16643] BTRFS info (device loop1): force clearing of disk cache [ 312.894478][T16643] BTRFS info (device loop1): setting nodatasum [pid 16696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 312.916297][T16642] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 312.926088][T16644] BTRFS: device /dev/loop5 using temp-fsid 096fa0c0-b122-430d-91ec-e5793de0581c [ 312.935567][T16643] BTRFS info (device loop1): allowing degraded mounts [ 312.954184][T16642] BTRFS info (device loop0): force clearing of disk cache [ 312.962371][T16644] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor216 (16644) [ 312.975338][T16643] BTRFS info (device loop1): enabling disk space caching [ 312.996624][T16642] BTRFS info (device loop0): setting nodatasum [ 313.006481][T16643] BTRFS info (device loop1): disk space caching is enabled [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 313.018868][T16642] BTRFS info (device loop0): allowing degraded mounts [ 313.025771][T16642] BTRFS info (device loop0): enabling disk space caching [ 313.035868][T16642] BTRFS info (device loop0): disk space caching is enabled [ 313.051526][T16644] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5068] newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./106/file0") = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./106") = 0 [ 313.097896][T16644] BTRFS info (device loop5): force clearing of disk cache [ 313.136661][T16644] BTRFS info (device loop5): setting nodatasum [pid 5068] mkdir("./107", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = 0 [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16724 ./strace-static-x86_64: Process 16724 attached [pid 16724] set_robust_list(0x555557145760, 24) = 0 [pid 16724] chdir("./107") = 0 [pid 16724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 313.180373][T16644] BTRFS info (device loop5): allowing degraded mounts [ 313.187160][T16644] BTRFS info (device loop5): enabling disk space caching [pid 16724] setpgid(0, 0 [pid 16696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16724] <... setpgid resumed>) = 0 [pid 16724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16724] write(3, "1000", 4) = 4 [pid 16724] close(3) = 0 [pid 16724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16724] memfd_create("syzkaller", 0) = 3 [pid 16724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 313.236739][T16644] BTRFS info (device loop5): disk space caching is enabled [ 313.247665][T16643] BTRFS info (device loop1): enabling ssd optimizations [ 313.270324][T16642] BTRFS info (device loop0): enabling ssd optimizations [ 313.289586][T16643] BTRFS info (device loop1): auto enabling async discard [ 313.299957][T16643] BTRFS info (device loop1): rebuilding free space tree [ 313.308458][T16642] BTRFS info (device loop0): auto enabling async discard [ 313.379040][T16642] BTRFS info (device loop0): rebuilding free space tree [ 313.401636][T16643] BTRFS info (device loop1): disabling free space tree [ 313.403499][T16644] BTRFS info (device loop5): enabling ssd optimizations [ 313.408525][T16643] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5067] <... umount2 resumed>) = 0 [ 313.440106][T16644] BTRFS info (device loop5): auto enabling async discard [ 313.467166][T16644] BTRFS info (device loop5): rebuilding free space tree [pid 5067] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5067] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5067] openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5067] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5067] close(4) = 0 [pid 5067] rmdir("./107/file0") = 0 [pid 5067] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5067] rmdir("./107") = 0 [pid 5067] mkdir("./108", 0777) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5067] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5067] close(3) = 0 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16744 ./strace-static-x86_64: Process 16744 attached [pid 16744] set_robust_list(0x555557145760, 24) = 0 [pid 16744] chdir("./108") = 0 [pid 16744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16744] setpgid(0, 0) = 0 [ 313.489510][T16642] BTRFS info (device loop0): disabling free space tree [ 313.496577][T16642] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 313.503688][T16643] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 313.518716][T16642] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 16744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16744] write(3, "1000", 4 [pid 16724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16744] <... write resumed>) = 4 [pid 16744] close(3) = 0 [pid 16744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16744] memfd_create("syzkaller", 0) = 3 [pid 16744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 313.566724][T16642] BTRFS info (device loop0): checking UUID tree [ 313.586670][T16644] BTRFS info (device loop5): disabling free space tree [ 313.594938][T16643] BTRFS info (device loop1): checking UUID tree [pid 16642] <... mount resumed>) = 0 [pid 16642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16643] <... mount resumed>) = 0 [ 313.618981][T16644] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 16642] chdir("./file0" [pid 16643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16642] <... chdir resumed>) = 0 [pid 16642] ioctl(4, LOOP_CLR_FD [pid 16643] <... openat resumed>) = 3 [pid 16643] chdir("./file0" [pid 16642] <... ioctl resumed>) = 0 [pid 16643] <... chdir resumed>) = 0 [pid 16643] ioctl(4, LOOP_CLR_FD) = 0 [pid 16643] close(4) = 0 [pid 16643] open("./file0", O_RDONLY [pid 16642] close(4) = 0 [pid 16642] open("./file0", O_RDONLY [pid 16643] <... open resumed>) = 4 [pid 16642] <... open resumed>) = 4 [ 313.659319][T16644] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 16643] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16642] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 16696] <... write resumed>) = 16777216 [pid 16644] <... mount resumed>) = 0 [pid 16643] <... ioctl resumed>) = 0 [pid 16642] <... ioctl resumed>) = 0 [pid 16644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 16642] open("./file0", O_RDONLY [pid 16643] open("./file0", O_RDONLY [pid 16644] <... openat resumed>) = 3 [pid 16643] <... open resumed>) = 5 [pid 16642] <... open resumed>) = 5 [ 313.700884][T16644] BTRFS info (device loop5): checking UUID tree [pid 16644] chdir("./file0" [pid 16643] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16642] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 16644] <... chdir resumed>) = 0 [pid 16643] <... ioctl resumed>) = 0 [pid 16642] <... ioctl resumed>) = 0 [pid 16644] ioctl(4, LOOP_CLR_FD [pid 16642] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16644] <... ioctl resumed>) = 0 [pid 16642] exit_group(0 [pid 16644] close(4) = 0 [pid 16642] <... exit_group resumed>) = ? [pid 16642] +++ exited with 0 +++ [pid 16644] open("./file0", O_RDONLY) = 4 [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16642, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [pid 16644] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16643] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1} [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16643] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16643] exit_group(0 [pid 5064] <... openat resumed>) = 3 [pid 16643] <... exit_group resumed>) = ? [pid 5064] newfstatat(3, "", [pid 16696] munmap(0x7fda9371b000, 138412032 [pid 16643] +++ exited with 0 +++ [pid 16696] <... munmap resumed>) = 0 [pid 5065] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16643, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5065] umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5065] <... openat resumed>) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5065] newfstatat(3, "", [pid 5064] unlink("./106/binderfs" [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] <... unlink resumed>) = 0 [pid 16644] <... ioctl resumed>) = 0 [pid 5065] getdents64(3, [pid 5064] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16644] open("./file0", O_RDONLY) = 5 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 4 entries */, 32768) = 112 [ 313.807654][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 313.818146][ T2497] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 16644] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 5065] umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16644] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16696] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 16696] <... openat resumed>) = 4 [pid 16644] exit_group(0 [pid 5065] newfstatat(AT_FDCWD, "./106/binderfs", [pid 16696] ioctl(4, LOOP_SET_FD, 3 [pid 5065] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 16644] <... exit_group resumed>) = ? [pid 5065] unlink("./106/binderfs") = 0 [pid 5065] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16644] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16644, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- [pid 5069] umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16696] <... ioctl resumed>) = 0 [pid 16696] close(3) = 0 [pid 16696] mkdir("./file0", 0777) = 0 [ 313.865534][T16696] loop2: detected capacity change from 0 to 32768 [ 313.900543][ T1047] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 16696] mount("/dev/loop2", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5069] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] unlink("./107/binderfs") = 0 [ 313.916382][T16696] BTRFS: device /dev/loop2 using temp-fsid 7347d886-e76a-4eb5-8141-c63a5a03c551 [ 313.926768][T16696] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor216 (16696) [ 313.969027][T16696] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 313.986396][T16696] BTRFS info (device loop2): force clearing of disk cache [pid 5069] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16724] <... write resumed>) = 16777216 [pid 16724] munmap(0x7fda9371b000, 138412032) = 0 [pid 5064] <... umount2 resumed>) = 0 [pid 5065] <... umount2 resumed>) = 0 [pid 5064] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5064] newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5065] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... openat resumed>) = 4 [pid 5064] newfstatat(4, "", [pid 5065] newfstatat(AT_FDCWD, "./106/file0", [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5064] getdents64(4, [pid 5065] umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5065] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] getdents64(4, [pid 5065] openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5065] <... openat resumed>) = 4 [pid 5064] close(4 [pid 5065] newfstatat(4, "", [pid 5064] <... close resumed>) = 0 [pid 5065] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5064] rmdir("./106/file0" [pid 5065] getdents64(4, [pid 5064] <... rmdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(3, [pid 16744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5065] getdents64(4, [pid 5064] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5064] close(3 [pid 5065] close(4 [pid 5064] <... close resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 5064] rmdir("./106" [pid 5065] rmdir("./106/file0" [pid 5064] <... rmdir resumed>) = 0 [pid 16724] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] mkdir("./107", 0777 [pid 16724] ioctl(4, LOOP_SET_FD, 3 [pid 5065] getdents64(3, [pid 5064] <... mkdir resumed>) = 0 [pid 5065] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [ 314.018565][T16696] BTRFS info (device loop2): setting nodatasum [ 314.029600][T16696] BTRFS info (device loop2): allowing degraded mounts [ 314.036983][T16696] BTRFS info (device loop2): enabling disk space caching [ 314.054344][T16696] BTRFS info (device loop2): disk space caching is enabled [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5065] close(3 [pid 5064] <... openat resumed>) = 3 [pid 5065] <... close resumed>) = 0 [pid 5064] ioctl(3, LOOP_CLR_FD) = 0 [pid 5064] close(3 [pid 5065] rmdir("./106" [pid 5064] <... close resumed>) = 0 [pid 5065] <... rmdir resumed>) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16753 ./strace-static-x86_64: Process 16753 attached [pid 5065] mkdir("./107", 0777) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 16724] <... ioctl resumed>) = 0 [pid 5065] <... openat resumed>) = 3 [pid 16753] set_robust_list(0x555557145760, 24 [pid 16724] close(3 [pid 16753] <... set_robust_list resumed>) = 0 [pid 5065] ioctl(3, LOOP_CLR_FD [pid 16724] <... close resumed>) = 0 [pid 16724] mkdir("./file0", 0777 [pid 16753] chdir("./107" [pid 5065] <... ioctl resumed>) = 0 [pid 16753] <... chdir resumed>) = 0 [pid 5065] close(3 [pid 16753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16724] <... mkdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5065] <... close resumed>) = 0 [pid 16753] setpgid(0, 0 [pid 5069] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 314.101091][T16724] loop4: detected capacity change from 0 to 32768 [pid 16724] mount("/dev/loop4", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 5065] <... clone resumed>, child_tidptr=0x555557145750) = 16761 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 16761 attached [pid 16753] <... setpgid resumed>) = 0 [pid 5069] newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5069] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16761] set_robust_list(0x555557145760, 24 [pid 16753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 16761] <... set_robust_list resumed>) = 0 [pid 16753] <... openat resumed>) = 3 [pid 5069] <... openat resumed>) = 4 [pid 16753] write(3, "1000", 4) = 4 [pid 5069] newfstatat(4, "", [pid 16753] close(3 [pid 5069] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 16761] chdir("./107" [pid 16753] <... close resumed>) = 0 [pid 5069] getdents64(4, [pid 16753] symlink("/dev/binderfs", "./binderfs" [pid 16761] <... chdir resumed>) = 0 [pid 16753] <... symlink resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, [pid 16761] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 16753] memfd_create("syzkaller", 0 [pid 5069] <... getdents64 resumed>0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5069] close(4 [pid 16753] <... memfd_create resumed>) = 3 [pid 5069] <... close resumed>) = 0 [pid 5069] rmdir("./107/file0" [pid 16761] <... prctl resumed>) = 0 [pid 16753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... rmdir resumed>) = 0 [pid 16753] <... mmap resumed>) = 0x7fda9371b000 [ 314.145417][T16724] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz-executor216 (16724) [pid 16761] setpgid(0, 0 [pid 5069] getdents64(3, [pid 16761] <... setpgid resumed>) = 0 [pid 16761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16761] write(3, "1000", 4) = 4 [pid 16761] close(3) = 0 [pid 5069] <... getdents64 resumed>0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 16761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16761] memfd_create("syzkaller", 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./107" [pid 16761] <... memfd_create resumed>) = 3 [pid 5069] <... rmdir resumed>) = 0 [pid 5069] mkdir("./108", 0777 [pid 16761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5069] <... mkdir resumed>) = 0 [pid 16761] <... mmap resumed>) = 0x7fda9371b000 [pid 5069] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = 0 [pid 5069] close(3) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 16766 attached [pid 16766] set_robust_list(0x555557145760, 24) = 0 [pid 16766] chdir("./108") = 0 [pid 5069] <... clone resumed>, child_tidptr=0x555557145750) = 16766 [ 314.253306][T16724] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [pid 16766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16766] setpgid(0, 0) = 0 [pid 16766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16766] write(3, "1000", 4) = 4 [pid 16766] close(3) = 0 [pid 16766] symlink("/dev/binderfs", "./binderfs") = 0 [ 314.321908][T16696] BTRFS info (device loop2): enabling ssd optimizations [ 314.349178][T16724] BTRFS info (device loop4): force clearing of disk cache [ 314.356473][T16724] BTRFS info (device loop4): setting nodatasum [pid 16766] memfd_create("syzkaller", 0) = 3 [pid 16766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 314.373080][T16696] BTRFS info (device loop2): auto enabling async discard [ 314.429363][T16696] BTRFS info (device loop2): rebuilding free space tree [ 314.437003][T16724] BTRFS info (device loop4): allowing degraded mounts [ 314.483970][T16724] BTRFS info (device loop4): enabling disk space caching [ 314.494939][T16696] BTRFS info (device loop2): disabling free space tree [ 314.510593][T16724] BTRFS info (device loop4): disk space caching is enabled [pid 16761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16744] <... write resumed>) = 16777216 [pid 16744] munmap(0x7fda9371b000, 138412032) = 0 [pid 16744] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 314.534128][T16696] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 314.563837][T16696] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 16744] ioctl(4, LOOP_SET_FD, 3) = 0 [ 314.602857][T16744] loop3: detected capacity change from 0 to 32768 [ 314.628449][T16696] BTRFS info (device loop2): checking UUID tree [pid 16744] close(3) = 0 [pid 16744] mkdir("./file0", 0777) = 0 [pid 16744] mount("/dev/loop3", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16696] <... mount resumed>) = 0 [pid 16696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16696] chdir("./file0") = 0 [pid 16696] ioctl(4, LOOP_CLR_FD) = 0 [pid 16696] close(4) = 0 [ 314.659849][T16744] BTRFS: device /dev/loop3 using temp-fsid e5bf8114-df60-461e-bd60-57bb996e44e3 [pid 16696] open("./file0", O_RDONLY) = 4 [pid 16753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16696] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 314.721862][T16744] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz-executor216 (16744) [pid 16696] open("./file0", O_RDONLY) = 5 [pid 16696] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [pid 16696] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16696] exit_group(0) = ? [pid 16696] +++ exited with 0 +++ [pid 5066] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16696, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [pid 5066] umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5066] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5066] umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] unlink("./109/binderfs") = 0 [ 314.816508][T16744] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 314.841466][ T1047] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [pid 5066] umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16761] <... write resumed>) = 16777216 [pid 16766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 16761] munmap(0x7fda9371b000, 138412032) = 0 [ 314.874239][T16744] BTRFS info (device loop3): force clearing of disk cache [ 314.881947][T16724] BTRFS info (device loop4): enabling ssd optimizations [ 314.910308][T16744] BTRFS info (device loop3): setting nodatasum [ 314.917264][T16724] BTRFS info (device loop4): auto enabling async discard [pid 16761] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 16761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16761] close(3) = 0 [ 314.924345][T16744] BTRFS info (device loop3): allowing degraded mounts [ 314.935771][T16761] loop1: detected capacity change from 0 to 32768 [ 314.962262][T16744] BTRFS info (device loop3): enabling disk space caching [pid 16761] mkdir("./file0", 0777) = 0 [pid 5066] <... umount2 resumed>) = 0 [pid 5066] umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5066] openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5066] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] getdents64(4, 0x55555714e830 /* 2 entries */, 32768) = 48 [pid 5066] getdents64(4, 0x55555714e830 /* 0 entries */, 32768) = 0 [pid 5066] close(4) = 0 [pid 5066] rmdir("./109/file0") = 0 [pid 5066] getdents64(3, 0x5555571467f0 /* 0 entries */, 32768) = 0 [pid 5066] close(3) = 0 [pid 5066] rmdir("./109") = 0 [pid 5066] mkdir("./110", 0777) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5066] ioctl(3, LOOP_CLR_FD) = 0 [pid 5066] close(3) = 0 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557145750) = 16787 [pid 16761] mount("/dev/loop1", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,"./strace-static-x86_64: Process 16787 attached [pid 16787] set_robust_list(0x555557145760, 24) = 0 [pid 16787] chdir("./110") = 0 [pid 16787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16787] setpgid(0, 0) = 0 [ 314.962388][T16724] BTRFS info (device loop4): rebuilding free space tree [ 314.988775][T16744] BTRFS info (device loop3): disk space caching is enabled [ 315.010529][T16761] BTRFS: device /dev/loop1 using temp-fsid 4665a912-6c90-4c0a-85aa-ec5060c6df9b [pid 16787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16787] write(3, "1000", 4) = 4 [pid 16787] close(3) = 0 [pid 16787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16787] memfd_create("syzkaller", 0) = 3 [pid 16787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda9371b000 [ 315.032185][T16761] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz-executor216 (16761) [ 315.070345][T16724] BTRFS info (device loop4): disabling free space tree [ 315.077262][T16724] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 315.142131][T16761] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 315.188545][T16724] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 315.202667][T16724] BTRFS info (device loop4): checking UUID tree [ 315.219736][T16761] BTRFS info (device loop1): force clearing of disk cache [ 315.226863][T16761] BTRFS info (device loop1): setting nodatasum [pid 16724] <... mount resumed>) = 0 [pid 16724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 16724] chdir("./file0") = 0 [pid 16724] ioctl(4, LOOP_CLR_FD) = 0 [pid 16724] close(4) = 0 [pid 16724] open("./file0", O_RDONLY) = 4 [pid 16724] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 16724] open("./file0", O_RDONLY) = 5 [ 315.235222][T16744] BTRFS info (device loop3): enabling ssd optimizations [ 315.242336][T16744] BTRFS info (device loop3): auto enabling async discard [ 315.252569][T16744] BTRFS info (device loop3): rebuilding free space tree [ 315.273123][T16761] BTRFS info (device loop1): allowing degraded mounts [ 315.280787][T16761] BTRFS info (device loop1): enabling disk space caching [pid 16724] ioctl(5, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5}) = 0 [ 315.288225][T16761] BTRFS info (device loop1): disk space caching is enabled [ 315.295255][ T48] ================================================================== [ 315.303479][ T48] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x13e/0x1b0 [ 315.312706][ T48] Read of size 8 at addr ffff88802894b4b0 by task kworker/u4:3/48 [ 315.320509][ T48] [ 315.322832][ T48] CPU: 1 PID: 48 Comm: kworker/u4:3 Not tainted 6.6.0-syzkaller-14142-g90b0c2b2edd1 #0 [pid 16766] <... write resumed>) = 16777216 [pid 16753] <... write resumed>) = 16777216 [pid 16766] munmap(0x7fda9371b000, 138412032 [ 315.332460][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 315.342512][ T48] Workqueue: btrfs-qgroup-rescan btrfs_work_helper [ 315.349048][ T48] Call Trace: [ 315.352330][ T48] [ 315.355259][ T48] dump_stack_lvl+0xd9/0x1b0 [ 315.359862][ T48] print_report+0xc4/0x620 [ 315.364287][ T48] ? __virt_addr_valid+0x5e/0x2d0 [ 315.369327][ T48] ? __phys_addr+0xc6/0x140 [ 315.370035][T16744] BTRFS info (device loop3): disabling free space tree [ 315.373844][ T48] kasan_report+0xda/0x110 [pid 16753] munmap(0x7fda9371b000, 138412032) = 0 [pid 16766] <... munmap resumed>) = 0 [pid 16766] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 16753] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 16766] <... openat resumed>) = 4 [pid 16753] <... openat resumed>) = 4 [pid 16766] ioctl(4, LOOP_SET_FD, 3 [pid 16753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16753] close(3) = 0 [pid 16753] mkdir("./file0", 0777) = 0 [ 315.373871][ T48] ? __list_del_entry_valid_or_report+0x13e/0x1b0 [ 315.391499][ T48] ? __list_del_entry_valid_or_report+0x13e/0x1b0 [ 315.391629][T16744] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 315.397912][ T48] __list_del_entry_valid_or_report+0x13e/0x1b0 [ 315.397940][ T48] btrfs_qgroup_account_extent+0x795/0x1020 [ 315.409636][T16753] loop0: detected capacity change from 0 to 32768 [ 315.413923][ T48] ? btrfs_qgroup_trace_subtree+0x1030/0x1030 [ 315.413958][ T48] qgroup_rescan_leaf+0x6b4/0xc20 [pid 16753] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16766] <... ioctl resumed>) = 0 [ 315.420079][T16766] loop5: detected capacity change from 0 to 32768 [ 315.426200][ T48] ? btrfs_qgroup_account_extent+0x1020/0x1020 [ 315.436858][T16753] BTRFS: device /dev/loop0 using temp-fsid ef0c5b63-b247-4d66-afef-ae4907da498b [ 315.437231][ T48] ? record_root_in_trans+0x2f7/0x3e0 [ 315.444053][T16753] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (16753) [ 315.449752][ T48] btrfs_qgroup_rescan_worker+0x43a/0xa00 [ 315.449787][ T48] btrfs_work_helper+0x210/0xbe0 [ 315.470939][T16744] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 315.476809][ T48] process_one_work+0x884/0x15c0 [ 315.476840][ T48] ? lock_sync+0x190/0x190 [ 315.506603][T16744] BTRFS info (device loop3): checking UUID tree [ 315.506903][ T48] ? init_worker_pool+0x770/0x770 [ 315.518292][ T48] ? assign_work+0x1a0/0x240 [ 315.522909][ T48] worker_thread+0x8b9/0x1290 [ 315.527606][ T48] ? __kthread_parkme+0x14b/0x220 [ 315.532649][ T48] ? process_one_work+0x15c0/0x15c0 [ 315.537875][ T48] kthread+0x33c/0x440 [ 315.541956][ T48] ? _raw_spin_unlock_irq+0x23/0x50 [ 315.547175][ T48] ? kthread_complete_and_exit+0x40/0x40 [ 315.552833][ T48] ret_from_fork+0x45/0x80 [ 315.557279][ T48] ? kthread_complete_and_exit+0x40/0x40 [ 315.562939][ T48] ret_from_fork_asm+0x11/0x20 [ 315.567733][ T48] [ 315.570852][ T48] [ 315.573180][ T48] Allocated by task 16724: [ 315.577600][ T48] kasan_save_stack+0x33/0x50 [ 315.582298][ T48] kasan_set_track+0x25/0x30 [ 315.586907][ T48] __kasan_kmalloc+0xa2/0xb0 [ 315.591518][ T48] btrfs_quota_enable+0xb0b/0x1eb0 [ 315.596659][ T48] btrfs_ioctl+0x4caf/0x5d90 [ 315.601266][ T48] __x64_sys_ioctl+0x18f/0x210 [ 315.606051][ T48] do_syscall_64+0x3f/0x110 [ 315.610572][ T48] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 315.616489][ T48] [ 315.618825][ T48] Freed by task 16724: [ 315.622903][ T48] kasan_save_stack+0x33/0x50 [ 315.627603][ T48] kasan_set_track+0x25/0x30 [ 315.632217][ T48] kasan_save_free_info+0x2b/0x40 [ 315.637265][ T48] ____kasan_slab_free+0x15b/0x1b0 [ 315.642398][ T48] slab_free_freelist_hook+0x114/0x1e0 [ 315.647875][ T48] __kmem_cache_free+0xc0/0x180 [ 315.652735][ T48] btrfs_remove_qgroup+0x541/0x7c0 [ 315.657829][ T48] btrfs_ioctl+0x5042/0x5d90 [ 315.662404][ T48] __x64_sys_ioctl+0x18f/0x210 [ 315.667173][ T48] do_syscall_64+0x3f/0x110 [ 315.671685][ T48] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 315.677615][ T48] [ 315.679952][ T48] Last potentially related work creation: [ 315.685676][ T48] kasan_save_stack+0x33/0x50 [ 315.690416][ T48] __kasan_record_aux_stack+0xbc/0xd0 [ 315.695818][ T48] __call_rcu_common.constprop.0+0x9a/0x790 [ 315.701825][ T48] pwq_release_workfn+0x244/0x380 [ 315.706869][ T48] kthread_worker_fn+0x2ff/0xac0 [ 315.711823][ T48] kthread+0x33c/0x440 [ 315.715904][ T48] ret_from_fork+0x45/0x80 [ 315.720330][ T48] ret_from_fork_asm+0x11/0x20 [ 315.725122][ T48] [ 315.727449][ T48] Second to last potentially related work creation: [ 315.734034][ T48] kasan_save_stack+0x33/0x50 [ 315.738733][ T48] __kasan_record_aux_stack+0xbc/0xd0 [ 315.744138][ T48] __call_rcu_common.constprop.0+0x9a/0x790 [ 315.750043][ T48] pwq_release_workfn+0x244/0x380 [ 315.755085][ T48] kthread_worker_fn+0x2ff/0xac0 [ 315.760091][ T48] kthread+0x33c/0x440 [ 315.764163][ T48] ret_from_fork+0x45/0x80 [ 315.768580][ T48] ret_from_fork_asm+0x11/0x20 [ 315.773360][ T48] [ 315.775696][ T48] The buggy address belongs to the object at ffff88802894b400 [ 315.775696][ T48] which belongs to the cache kmalloc-512 of size 512 [ 315.789762][ T48] The buggy address is located 176 bytes inside of [ 315.789762][ T48] freed 512-byte region [ffff88802894b400, ffff88802894b600) [ 315.803577][ T48] [ 315.805910][ T48] The buggy address belongs to the physical page: [ 315.812498][ T48] page:ffffea0000a25200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28948 [ 315.822667][ T48] head:ffffea0000a25200 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 315.831608][ T48] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 315.839607][ T48] page_type: 0xffffffff() [ 315.843949][ T48] raw: 00fff00000000840 ffff888013041c80 ffffea000072a700 dead000000000002 [ 315.852543][ T48] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 315.861136][ T48] page dumped because: kasan: bad access detected [ 315.867549][ T48] page_owner tracks the page as allocated [ 315.873262][ T48] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 10886426299, free_ts 0 [ 315.892996][ T48] post_alloc_hook+0x2cf/0x340 [ 315.897786][ T48] get_page_from_freelist+0xa25/0x36c0 [ 315.903260][ T48] __alloc_pages+0x1d0/0x4a0 [ 315.907877][ T48] alloc_pages_mpol+0x258/0x5f0 [ 315.912754][ T48] allocate_slab+0x251/0x380 [ 315.917363][ T48] ___slab_alloc+0x8c7/0x1580 [ 315.922056][ T48] __slab_alloc.constprop.0+0x56/0xa0 [ 315.927448][ T48] __kmem_cache_alloc_node+0x131/0x310 [ 315.932920][ T48] __kmalloc_node_track_caller+0x50/0x100 [ 315.938756][ T48] krealloc+0x5d/0x100 [ 315.942851][ T48] add_sysfs_param+0xca/0x960 [ 315.947547][ T48] param_sysfs_builtin_init+0x2ca/0x450 [ 315.953118][ T48] do_one_initcall+0x11c/0x640 [ 315.957890][ T48] kernel_init_freeable+0x5c2/0x900 [ 315.963092][ T48] kernel_init+0x1c/0x2a0 [ 315.967425][ T48] ret_from_fork+0x45/0x80 [ 315.971850][ T48] page_owner free stack trace missing [ 315.977218][ T48] [ 315.979544][ T48] Memory state around the buggy address: [pid 16766] close(3) = 0 [pid 16766] mkdir("./file0", 0777) = 0 [pid 16766] mount("/dev/loop5", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1," [pid 16724] ioctl(-1, BTRFS_IOC_QGROUP_CREATE, {create=1, qgroupid=1}) = -1 EBADF (Bad file descriptor) [pid 16724] exit_group(0) = ? [pid 16724] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16724, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- [pid 5068] umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x5555571467f0 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./107/binderfs") = 0 [pid 5068] umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 16787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 16787] munmap(0x7fda9371b000, 138412032) = 0 [pid 16787] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 16787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16787] close(3) = 0 [pid 16787] mkdir("./file0", 0777) = 0 [ 315.985186][ T48] ffff88802894b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.993253][ T48] ffff88802894b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 316.001295][ T48] >ffff88802894b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 316.009333][ T48] ^ [ 316.014943][ T48] ffff88802894b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 316.021727][T16787] loop2: detected capacity change from 0 to 32768 [ 316.023067][ T48] ffff88802894b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 316.037503][ T48] ================================================================== [ 316.048080][ T48] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 316.055282][ T48] CPU: 0 PID: 48 Comm: kworker/u4:3 Not tainted 6.6.0-syzkaller-14142-g90b0c2b2edd1 #0 [ 316.064900][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 316.074943][ T48] Workqueue: btrfs-qgroup-rescan btrfs_work_helper [ 316.081471][ T48] Call Trace: [ 316.084741][ T48] [ 316.087667][ T48] dump_stack_lvl+0xd9/0x1b0 [ 316.092255][ T48] panic+0x6dc/0x790 [ 316.096144][ T48] ? panic_smp_self_stop+0xa0/0xa0 [ 316.101248][ T48] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 316.107400][ T48] ? preempt_schedule_thunk+0x1a/0x30 [ 316.112769][ T48] ? preempt_schedule_common+0x45/0xc0 [ 316.118226][ T48] ? check_panic_on_warn+0x1f/0xb0 [ 316.123329][ T48] check_panic_on_warn+0xab/0xb0 [ 316.128268][ T48] end_report+0x108/0x150 [ 316.132606][ T48] kasan_report+0xea/0x110 [ 316.137051][ T48] ? __list_del_entry_valid_or_report+0x13e/0x1b0 [ 316.143463][ T48] ? __list_del_entry_valid_or_report+0x13e/0x1b0 [ 316.149878][ T48] __list_del_entry_valid_or_report+0x13e/0x1b0 [ 316.156113][ T48] btrfs_qgroup_account_extent+0x795/0x1020 [ 316.162096][ T48] ? btrfs_qgroup_trace_subtree+0x1030/0x1030 [ 316.168164][ T48] qgroup_rescan_leaf+0x6b4/0xc20 [ 316.173184][ T48] ? btrfs_qgroup_account_extent+0x1020/0x1020 [ 316.179334][ T48] ? record_root_in_trans+0x2f7/0x3e0 [ 316.184703][ T48] btrfs_qgroup_rescan_worker+0x43a/0xa00 [ 316.190421][ T48] btrfs_work_helper+0x210/0xbe0 [ 316.195361][ T48] process_one_work+0x884/0x15c0 [ 316.200298][ T48] ? lock_sync+0x190/0x190 [ 316.204711][ T48] ? init_worker_pool+0x770/0x770 [ 316.209728][ T48] ? assign_work+0x1a0/0x240 [ 316.214313][ T48] worker_thread+0x8b9/0x1290 [ 316.218985][ T48] ? __kthread_parkme+0x14b/0x220 [ 316.223997][ T48] ? process_one_work+0x15c0/0x15c0 [ 316.229188][ T48] kthread+0x33c/0x440 [ 316.233248][ T48] ? _raw_spin_unlock_irq+0x23/0x50 [ 316.238437][ T48] ? kthread_complete_and_exit+0x40/0x40 [ 316.244145][ T48] ret_from_fork+0x45/0x80 [ 316.248639][ T48] ? kthread_complete_and_exit+0x40/0x40 [ 316.254264][ T48] ret_from_fork_asm+0x11/0x20 [ 316.259081][ T48] [ 316.262350][ T48] Kernel Offset: disabled [ 316.266654][ T48] Rebooting in 86400 seconds..