./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2509138900 <...> Warning: Permanently added '10.128.0.247' (ED25519) to the list of known hosts. execve("./syz-executor2509138900", ["./syz-executor2509138900"], 0x7ffc75da8be0 /* 10 vars */) = 0 brk(NULL) = 0x5555626bb000 brk(0x5555626bbd40) = 0x5555626bbd40 arch_prctl(ARCH_SET_FS, 0x5555626bb3c0) = 0 set_tid_address(0x5555626bb690) = 5215 set_robust_list(0x5555626bb6a0, 24) = 0 rseq(0x5555626bbce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2509138900", 4096) = 28 getrandom("\x28\x26\xe8\x4f\x1b\x62\x04\xa6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555626bbd40 brk(0x5555626dcd40) = 0x5555626dcd40 brk(0x5555626dd000) = 0x5555626dd000 mprotect(0x7fa6efeb4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.apndDW", 0700) = 0 chmod("./syzkaller.apndDW", 0777) = 0 chdir("./syzkaller.apndDW") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5216] chdir("./0" [pid 5215] <... clone resumed>, child_tidptr=0x5555626bb690) = 5216 [pid 5216] <... chdir resumed>) = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5216] write(1, "executing program\n", 18) = 18 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5216] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5218 attached [pid 5218] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5216] <... clone3 resumed> => {parent_tid=[5218]}, 88) = 5218 [pid 5218] <... rseq resumed>) = 0 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5218] set_robust_list(0x7fa6efdd29a0, 24 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] <... set_robust_list resumed>) = 0 [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5216] <... futex resumed>) = 0 [pid 5218] memfd_create("syzkaller", 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] <... memfd_create resumed>) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5218] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] close(4) = 0 [pid 5218] mkdir("./file0", 0777) = 0 [ 60.426962][ T5218] loop0: detected capacity change from 0 to 32768 [ 60.453474][ T5218] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5218) [pid 5218] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 60.484825][ T5218] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 60.495308][ T5218] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 60.504008][ T5218] BTRFS info (device loop0): using free-space-tree [pid 5218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] memfd_create("syzkaller", 0 [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] <... memfd_create resumed>) = 5 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5218] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5218] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5218] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5218] ioctl(6, LOOP_CLR_FD) = 0 [pid 5218] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5218] close(6) = 0 [pid 5218] close(5) = 0 [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] pread64(4, [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] mkdir("./file1", 000) = 0 [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5216] <... futex resumed>) = 0 [pid 5218] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5218] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5218] mkdir("./file1", 000 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] openat(AT_FDCWD, ".", O_RDONLY [pid 5216] <... futex resumed>) = 0 [pid 5218] <... openat resumed>) = 5 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] chdir("./file0" [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... chdir resumed>) = 0 [pid 5216] <... futex resumed>) = 0 [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] openat(AT_FDCWD, ".", O_RDONLY [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... openat resumed>) = 6 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... openat resumed>) = 7 [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] <... futex resumed>) = 0 [pid 5218] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5216] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5216] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5216] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5239 attached [pid 5239] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5216] <... clone3 resumed> => {parent_tid=[5239]}, 88) = 5239 [pid 5239] <... rseq resumed>) = 0 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] set_robust_list(0x7fa6efdb19a0, 24 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] <... set_robust_list resumed>) = 0 [pid 5216] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] <... futex resumed>) = 0 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5239] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = 0 [pid 5218] <... write resumed>) = 9740288 [pid 5218] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] exit_group(0 [pid 5239] <... futex resumed>) = ? [pid 5218] <... futex resumed>) = ? [pid 5216] <... exit_group resumed>) = ? [pid 5218] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 60.797148][ T5218] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 61.233700][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached , child_tidptr=0x5555626bb690) = 5240 [pid 5240] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5240] chdir("./1") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5240] write(1, "executing program\n", 18) = 18 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5240] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5241 attached [pid 5241] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5240] <... clone3 resumed> => {parent_tid=[5241]}, 88) = 5241 [pid 5241] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] memfd_create("syzkaller", 0) = 3 [pid 5240] <... futex resumed>) = 0 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] <... mmap resumed>) = 0x7fa6e7800000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5241] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] close(4) = 0 [pid 5241] mkdir("./file0", 0777) = 0 [ 61.719768][ T5241] loop0: detected capacity change from 0 to 32768 [ 61.753509][ T5241] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5241) [ 61.776114][ T5241] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 61.787106][ T5241] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 61.796046][ T5241] BTRFS info (device loop0): using free-space-tree [pid 5241] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_CLR_FD) = 0 [pid 5241] close(4) = 0 [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] memfd_create("syzkaller", 0 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... memfd_create resumed>) = 5 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5241] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5241] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5241] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5241] ioctl(6, LOOP_CLR_FD) = 0 [pid 5241] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5241] close(6) = 0 [pid 5241] close(5) = 0 [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] pread64(4, [pid 5240] <... futex resumed>) = 0 [pid 5241] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] mkdir("./file1", 000 [pid 5240] <... futex resumed>) = 1 [pid 5241] <... mkdir resumed>) = 0 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] <... futex resumed>) = 0 [pid 5241] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] <... futex resumed>) = 0 [pid 5241] mkdir("./file1", 000 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5240] <... futex resumed>) = 0 [pid 5241] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] openat(AT_FDCWD, ".", O_RDONLY [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... openat resumed>) = 5 [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] chdir("./file0") = 0 [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] openat(AT_FDCWD, ".", O_RDONLY [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... openat resumed>) = 6 [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5240] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5240] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5261 attached => {parent_tid=[5261]}, 88) = 5261 [pid 5261] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5261] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... ioctl resumed>) = 0 [pid 5240] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5261] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... write resumed>) = 9740288 [pid 5241] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] exit_group(0 [pid 5261] <... futex resumed>) = ? [pid 5241] <... futex resumed>) = ? [pid 5240] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 62.019094][ T5241] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 62.462210][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5262 attached , child_tidptr=0x5555626bb690) = 5262 [pid 5262] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5262] chdir("./2") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] write(1, "executing program\n", 18executing program ) = 18 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5262] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5262] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5263 attached => {parent_tid=[5263]}, 88) = 5263 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] set_robust_list(0x7fa6efdd29a0, 24 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... set_robust_list resumed>) = 0 [pid 5262] <... futex resumed>) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5263] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] close(4) = 0 [pid 5263] mkdir("./file0", 0777) = 0 [ 62.988525][ T5263] loop0: detected capacity change from 0 to 32768 [ 63.008177][ T5263] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5263) [ 63.027883][ T5263] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 63.038636][ T5263] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 63.047762][ T5263] BTRFS info (device loop0): using free-space-tree [pid 5263] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5262] <... futex resumed>) = 0 [pid 5263] <... openat resumed>) = 4 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] memfd_create("syzkaller", 0 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] <... memfd_create resumed>) = 5 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5263] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5263] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5263] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5263] ioctl(6, LOOP_CLR_FD) = 0 [pid 5263] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5263] close(6) = 0 [pid 5263] close(5) = 0 [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 0 [pid 5263] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] mkdir("./file1", 000) = 0 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] mkdir("./file1", 000 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] openat(AT_FDCWD, ".", O_RDONLY [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... openat resumed>) = 5 [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] chdir("./file0") = 0 [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5263] <... futex resumed>) = 1 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] openat(AT_FDCWD, ".", O_RDONLY [pid 5262] <... futex resumed>) = 0 [pid 5263] <... openat resumed>) = 6 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] <... futex resumed>) = 1 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5262] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5262] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5262] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5262] <... clone3 resumed> => {parent_tid=[5282]}, 88) = 5282 [pid 5282] <... rseq resumed>) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] set_robust_list(0x7fa6efdb19a0, 24 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5262] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5262] <... futex resumed>) = 0 [pid 5282] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5262] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... ioctl resumed>) = 0 [pid 5262] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5282] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] <... write resumed>) = 9740288 [pid 5263] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] exit_group(0 [pid 5282] <... futex resumed>) = ? [pid 5262] <... exit_group resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5263] <... futex resumed>) = ? [pid 5263] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 63.216034][ T5263] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 63.618560][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5283 ./strace-static-x86_64: Process 5283 attached [pid 5283] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5283] chdir("./3") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5283] write(1, "executing program\n", 18) = 18 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5283] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5284 attached => {parent_tid=[5284]}, 88) = 5284 [pid 5284] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5284] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] memfd_create("syzkaller", 0 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] <... memfd_create resumed>) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5284] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] close(4) = 0 [pid 5284] mkdir("./file0", 0777) = 0 [ 64.199288][ T5284] loop0: detected capacity change from 0 to 32768 [ 64.210550][ T5284] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5284) [ 64.233088][ T5284] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 5284] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 64.244532][ T5284] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 64.253565][ T5284] BTRFS info (device loop0): using free-space-tree [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_CLR_FD) = 0 [pid 5284] close(4) = 0 [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5283] <... futex resumed>) = 0 [pid 5284] <... openat resumed>) = 4 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] memfd_create("syzkaller", 0 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] <... memfd_create resumed>) = 5 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5284] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5284] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5284] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5284] ioctl(6, LOOP_CLR_FD) = 0 [pid 5284] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5284] close(6) = 0 [pid 5284] close(5) = 0 [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... futex resumed>) = 0 [pid 5284] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] mkdir("./file1", 000) = 0 [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] mkdir("./file1", 000 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5284] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, ".", O_RDONLY [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = 5 [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] chdir("./file0" [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... chdir resumed>) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] <... futex resumed>) = 0 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] openat(AT_FDCWD, ".", O_RDONLY [pid 5283] <... futex resumed>) = 0 [pid 5284] <... openat resumed>) = 6 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = 7 [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5283] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5283] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5283] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5303 attached => {parent_tid=[5303]}, 88) = 5303 [pid 5303] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] set_robust_list(0x7fa6efdb19a0, 24 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... set_robust_list resumed>) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5283] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5303] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... write resumed>) = 9740288 [pid 5284] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] exit_group(0 [pid 5303] <... futex resumed>) = ? [pid 5284] <... futex resumed>) = ? [pid 5283] <... exit_group resumed>) = ? [pid 5303] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 64.476702][ T5284] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 64.900647][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5304 attached , child_tidptr=0x5555626bb690) = 5304 [pid 5304] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5304] chdir("./4") = 0 [pid 5304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5304] setpgid(0, 0) = 0 [pid 5304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5304] write(3, "1000", 4) = 4 [pid 5304] close(3) = 0 [pid 5304] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5304] write(1, "executing program\n", 18) = 18 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5304] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5305 attached [pid 5305] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5304] <... clone3 resumed> => {parent_tid=[5305]}, 88) = 5305 [pid 5305] <... rseq resumed>) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5305] set_robust_list(0x7fa6efdd29a0, 24 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5305] <... set_robust_list resumed>) = 0 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5305] memfd_create("syzkaller", 0) = 3 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5305] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5305] close(3) = 0 [pid 5305] close(4) = 0 [pid 5305] mkdir("./file0", 0777) = 0 [ 65.450441][ T5305] loop0: detected capacity change from 0 to 32768 [ 65.481865][ T5305] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5305) [ 65.519651][ T5305] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 65.544948][ T5305] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 65.553894][ T5305] BTRFS info (device loop0): using free-space-tree [pid 5305] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5305] ioctl(4, LOOP_CLR_FD) = 0 [pid 5305] close(4) = 0 [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] memfd_create("syzkaller", 0 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5305] <... memfd_create resumed>) = 5 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5305] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5305] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5305] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5305] ioctl(6, LOOP_CLR_FD) = 0 [pid 5305] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5305] close(6) = 0 [pid 5305] close(5) = 0 [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] pread64(4, [pid 5304] <... futex resumed>) = 0 [pid 5305] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mkdir("./file1", 000) = 0 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] mkdir("./file1", 000 [pid 5304] <... futex resumed>) = 0 [pid 5305] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5304] <... futex resumed>) = 0 [pid 5305] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5305] openat(AT_FDCWD, ".", O_RDONLY [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... openat resumed>) = 5 [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] chdir("./file0" [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... chdir resumed>) = 0 [pid 5304] <... futex resumed>) = 0 [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5305] openat(AT_FDCWD, ".", O_RDONLY [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... openat resumed>) = 6 [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... openat resumed>) = 7 [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5305] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5304] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5304] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5304] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5324 attached [pid 5324] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5304] <... clone3 resumed> => {parent_tid=[5324]}, 88) = 5324 [pid 5324] set_robust_list(0x7fa6efdb19a0, 24 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... set_robust_list resumed>) = 0 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5324] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... futex resumed>) = 0 [pid 5305] <... write resumed>) = 9740288 [pid 5305] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] exit_group(0 [pid 5324] <... futex resumed>) = ? [pid 5305] <... futex resumed>) = ? [pid 5304] <... exit_group resumed>) = ? [pid 5324] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ [pid 5304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5304, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 65.799968][ T5305] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 66.216337][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5325 attached , child_tidptr=0x5555626bb690) = 5325 [pid 5325] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5325] chdir("./5") = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5325] setpgid(0, 0) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5325] write(1, "executing program\n", 18) = 18 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5325] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5326 attached [pid 5326] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5325] <... clone3 resumed> => {parent_tid=[5326]}, 88) = 5326 [pid 5326] <... rseq resumed>) = 0 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5326] set_robust_list(0x7fa6efdd29a0, 24 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] <... set_robust_list resumed>) = 0 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5326] memfd_create("syzkaller", 0) = 3 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5326] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5326] close(3) = 0 [pid 5326] close(4) = 0 [pid 5326] mkdir("./file0", 0777) = 0 [ 66.750487][ T5326] loop0: detected capacity change from 0 to 32768 [ 66.781505][ T5326] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5326) [pid 5326] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.814977][ T5326] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 66.825674][ T5326] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 66.834333][ T5326] BTRFS info (device loop0): using free-space-tree [pid 5326] ioctl(4, LOOP_CLR_FD) = 0 [pid 5326] close(4) = 0 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... openat resumed>) = 4 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5326] <... futex resumed>) = 1 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] memfd_create("syzkaller", 0 [pid 5325] <... futex resumed>) = 0 [pid 5326] <... memfd_create resumed>) = 5 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5326] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5326] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5326] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5326] ioctl(6, LOOP_CLR_FD) = 0 [pid 5326] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5326] close(6) = 0 [pid 5326] close(5) = 0 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] mkdir("./file1", 000 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... mkdir resumed>) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5326] <... futex resumed>) = 1 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5326] <... futex resumed>) = 1 [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5325] <... futex resumed>) = 0 [pid 5326] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5326] mkdir("./file1", 000 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5326] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5326] openat(AT_FDCWD, ".", O_RDONLY [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... openat resumed>) = 5 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] chdir("./file0" [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... chdir resumed>) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5326] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... openat resumed>) = 7 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5326] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5325] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5325] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5325] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5345 attached => {parent_tid=[5345]}, 88) = 5345 [pid 5345] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] <... rseq resumed>) = 0 [pid 5325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5325] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], [pid 5325] <... futex resumed>) = 0 [pid 5345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5325] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5325] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5345] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] <... write resumed>) = 9740288 [pid 5326] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] exit_group(0 [pid 5345] <... futex resumed>) = ? [pid 5326] <... futex resumed>) = ? [pid 5325] <... exit_group resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5326] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 67.035254][ T5326] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 67.451017][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5346 attached , child_tidptr=0x5555626bb690) = 5346 [pid 5346] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5346] chdir("./6") = 0 [pid 5346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5346] setpgid(0, 0) = 0 [pid 5346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5346] write(3, "1000", 4) = 4 [pid 5346] close(3) = 0 [pid 5346] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5346] write(1, "executing program\n", 18) = 18 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5346] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5347 attached [pid 5347] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5347] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5346] <... clone3 resumed> => {parent_tid=[5347]}, 88) = 5347 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5347] memfd_create("syzkaller", 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5347] <... memfd_create resumed>) = 3 [pid 5347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5347] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5347] close(3) = 0 [pid 5347] close(4) = 0 [pid 5347] mkdir("./file0", 0777) = 0 [ 68.012805][ T5347] loop0: detected capacity change from 0 to 32768 [ 68.045314][ T5347] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5347) [pid 5347] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5347] ioctl(4, LOOP_CLR_FD) = 0 [ 68.068145][ T5347] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 68.079093][ T5347] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 68.088012][ T5347] BTRFS info (device loop0): using free-space-tree [pid 5347] close(4) = 0 [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5346] <... futex resumed>) = 0 [pid 5347] <... openat resumed>) = 4 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] memfd_create("syzkaller", 0 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5347] <... memfd_create resumed>) = 5 [pid 5347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5347] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5347] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5347] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5347] ioctl(6, LOOP_CLR_FD) = 0 [pid 5347] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5347] close(6) = 0 [pid 5347] close(5) = 0 [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5347] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] mkdir("./file1", 000 [pid 5346] <... futex resumed>) = 0 [pid 5347] <... mkdir resumed>) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... futex resumed>) = 1 [pid 5347] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] mkdir("./file1", 000 [pid 5346] <... futex resumed>) = 0 [pid 5347] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] openat(AT_FDCWD, ".", O_RDONLY [pid 5346] <... futex resumed>) = 0 [pid 5347] <... openat resumed>) = 5 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] <... futex resumed>) = 0 [pid 5347] chdir("./file0" [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... chdir resumed>) = 0 [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] openat(AT_FDCWD, ".", O_RDONLY [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... openat resumed>) = 6 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5346] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5346] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5346] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5366 attached [pid 5366] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5346] <... clone3 resumed> => {parent_tid=[5366]}, 88) = 5366 [pid 5366] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5346] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... ioctl resumed>) = 0 [pid 5366] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5366] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... write resumed>) = 9740288 [pid 5347] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] exit_group(0 [pid 5347] <... futex resumed>) = ? [pid 5346] <... exit_group resumed>) = ? [pid 5366] <... futex resumed>) = ? [pid 5347] +++ exited with 0 +++ [pid 5366] +++ exited with 0 +++ [pid 5346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5346, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 68.248757][ T5347] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 68.656750][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5367 attached [pid 5367] set_robust_list(0x5555626bb6a0, 24 [pid 5215] <... clone resumed>, child_tidptr=0x5555626bb690) = 5367 [pid 5367] <... set_robust_list resumed>) = 0 [pid 5367] chdir("./7") = 0 [pid 5367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5367] setpgid(0, 0) = 0 [pid 5367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5367] write(3, "1000", 4) = 4 [pid 5367] close(3) = 0 [pid 5367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5367] write(1, "executing program\n", 18executing program ) = 18 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5367] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5368 attached [pid 5368] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5367] <... clone3 resumed> => {parent_tid=[5368]}, 88) = 5368 [pid 5368] <... rseq resumed>) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] set_robust_list(0x7fa6efdd29a0, 24 [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5368] <... set_robust_list resumed>) = 0 [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5367] <... futex resumed>) = 0 [pid 5368] memfd_create("syzkaller", 0 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5368] <... memfd_create resumed>) = 3 [pid 5368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5368] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5368] close(3) = 0 [pid 5368] close(4) = 0 [pid 5368] mkdir("./file0", 0777) = 0 [ 69.190552][ T5368] loop0: detected capacity change from 0 to 32768 [ 69.225517][ T5368] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5368) [pid 5368] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 69.247231][ T5368] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 69.258288][ T5368] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 69.267685][ T5368] BTRFS info (device loop0): using free-space-tree [pid 5368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5368] ioctl(4, LOOP_CLR_FD) = 0 [pid 5368] close(4) = 0 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] <... futex resumed>) = 0 [pid 5368] memfd_create("syzkaller", 0 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5368] <... memfd_create resumed>) = 5 [pid 5368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5368] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5368] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5368] ioctl(6, LOOP_CLR_FD) = 0 [pid 5368] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5368] close(6) = 0 [pid 5368] close(5) = 0 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] pread64(4, [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] <... futex resumed>) = 0 [pid 5368] mkdir("./file1", 000 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... mkdir resumed>) = 0 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5367] <... futex resumed>) = 1 [pid 5368] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5367] <... futex resumed>) = 1 [pid 5368] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] mkdir("./file1", 000 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] <... futex resumed>) = 0 [pid 5368] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] openat(AT_FDCWD, ".", O_RDONLY [pid 5367] <... futex resumed>) = 0 [pid 5368] <... openat resumed>) = 5 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] chdir("./file0" [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... chdir resumed>) = 0 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5367] <... futex resumed>) = 0 [pid 5368] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... openat resumed>) = 7 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5367] <... futex resumed>) = 1 [pid 5368] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5367] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5367] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5367] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5387 attached [pid 5387] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5367] <... clone3 resumed> => {parent_tid=[5387]}, 88) = 5387 [pid 5387] <... rseq resumed>) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] set_robust_list(0x7fa6efdb19a0, 24 [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] <... set_robust_list resumed>) = 0 [pid 5367] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5367] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5387] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... futex resumed>) = 0 [pid 5368] <... write resumed>) = 9740288 [pid 5368] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] exit_group(0 [pid 5387] <... futex resumed>) = ? [pid 5368] <... futex resumed>) = ? [pid 5367] <... exit_group resumed>) = ? [pid 5387] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ [pid 5367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5367, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 69.468395][ T5368] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 69.903341][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5388 attached [pid 5388] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5388] chdir("./8" [pid 5215] <... clone resumed>, child_tidptr=0x5555626bb690) = 5388 [pid 5388] <... chdir resumed>) = 0 [pid 5388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5388] setpgid(0, 0) = 0 [pid 5388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5388] write(3, "1000", 4) = 4 [pid 5388] close(3) = 0 [pid 5388] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5388] write(1, "executing program\n", 18) = 18 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5388] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5389 attached [pid 5389] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5388] <... clone3 resumed> => {parent_tid=[5389]}, 88) = 5389 [pid 5389] set_robust_list(0x7fa6efdd29a0, 24 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] <... set_robust_list resumed>) = 0 [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] <... futex resumed>) = 0 [pid 5389] memfd_create("syzkaller", 0 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5389] <... memfd_create resumed>) = 3 [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5389] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5389] close(3) = 0 [pid 5389] close(4) = 0 [pid 5389] mkdir("./file0", 0777) = 0 [ 70.412612][ T5389] loop0: detected capacity change from 0 to 32768 [ 70.434957][ T5389] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5389) [ 70.454284][ T5389] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 70.465540][ T5389] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 70.474209][ T5389] BTRFS info (device loop0): using free-space-tree [pid 5389] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5389] ioctl(4, LOOP_CLR_FD) = 0 [pid 5389] close(4) = 0 [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5388] <... futex resumed>) = 1 [pid 5389] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] memfd_create("syzkaller", 0 [pid 5388] <... futex resumed>) = 0 [pid 5389] <... memfd_create resumed>) = 5 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5389] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5389] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5389] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5389] ioctl(6, LOOP_CLR_FD) = 0 [pid 5389] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5389] close(6) = 0 [pid 5389] close(5) = 0 [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] pread64(4, [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] mkdir("./file1", 000 [pid 5388] <... futex resumed>) = 0 [pid 5389] <... mkdir resumed>) = 0 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] <... futex resumed>) = 0 [pid 5389] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] <... futex resumed>) = 0 [pid 5389] mkdir("./file1", 000 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] <... futex resumed>) = 0 [pid 5389] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5388] <... futex resumed>) = 1 [pid 5389] openat(AT_FDCWD, ".", O_RDONLY [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... openat resumed>) = 5 [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] <... futex resumed>) = 0 [pid 5389] chdir("./file0") = 0 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] openat(AT_FDCWD, ".", O_RDONLY [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... openat resumed>) = 6 [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] <... futex resumed>) = 0 [pid 5389] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... openat resumed>) = 7 [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5388] <... futex resumed>) = 0 [pid 5389] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5388] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5388] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5388] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5408 attached => {parent_tid=[5408]}, 88) = 5408 [pid 5408] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], [pid 5408] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], [pid 5388] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5388] <... futex resumed>) = 0 [pid 5408] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5388] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... ioctl resumed>) = 0 [pid 5408] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5408] <... futex resumed>) = 0 [pid 5408] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... write resumed>) = 9740288 [pid 5389] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] exit_group(0 [pid 5408] <... futex resumed>) = ? [pid 5389] <... futex resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5388] <... exit_group resumed>) = ? [pid 5389] +++ exited with 0 +++ [pid 5388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5388, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 70.621156][ T5389] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 71.108013][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5409 ./strace-static-x86_64: Process 5409 attached [pid 5409] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5409] chdir("./9") = 0 [pid 5409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5409] setpgid(0, 0) = 0 [pid 5409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5409] write(3, "1000", 4) = 4 [pid 5409] close(3) = 0 [pid 5409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5409] write(1, "executing program\n", 18executing program ) = 18 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5409] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5410 attached => {parent_tid=[5410]}, 88) = 5410 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] set_robust_list(0x7fa6efdd29a0, 24 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... set_robust_list resumed>) = 0 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5409] <... futex resumed>) = 0 [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5410] memfd_create("syzkaller", 0) = 3 [pid 5410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5410] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5410] close(3) = 0 [pid 5410] close(4) = 0 [pid 5410] mkdir("./file0", 0777) = 0 [ 71.644264][ T5410] loop0: detected capacity change from 0 to 32768 [ 71.665387][ T5410] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5410) [ 71.685054][ T5410] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 71.695902][ T5410] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 71.704582][ T5410] BTRFS info (device loop0): using free-space-tree [pid 5410] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5410] ioctl(4, LOOP_CLR_FD) = 0 [pid 5410] close(4) = 0 [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... openat resumed>) = 4 [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5410] memfd_create("syzkaller", 0) = 5 [pid 5410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5410] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5410] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5410] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5410] ioctl(6, LOOP_CLR_FD) = 0 [pid 5410] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5410] close(6) = 0 [pid 5410] close(5) = 0 [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] pread64(4, [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 955 [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5409] <... futex resumed>) = 1 [pid 5410] mkdir("./file1", 000 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... mkdir resumed>) = 0 [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... futex resumed>) = 0 [pid 5410] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] <... futex resumed>) = 0 [pid 5410] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5409] <... futex resumed>) = 1 [pid 5410] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5409] <... futex resumed>) = 1 [pid 5410] mkdir("./file1", 000 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] <... futex resumed>) = 0 [pid 5410] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] <... futex resumed>) = 0 [pid 5410] openat(AT_FDCWD, ".", O_RDONLY [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... openat resumed>) = 5 [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] chdir("./file0" [pid 5409] <... futex resumed>) = 0 [pid 5410] <... chdir resumed>) = 0 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] openat(AT_FDCWD, ".", O_RDONLY [pid 5409] <... futex resumed>) = 0 [pid 5410] <... openat resumed>) = 6 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] <... openat resumed>) = 7 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5409] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5409] <... futex resumed>) = 1 [pid 5410] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5409] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5409] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5409] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5429 attached [pid 5429] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5429] set_robust_list(0x7fa6efdb19a0, 24 [pid 5409] <... clone3 resumed> => {parent_tid=[5429]}, 88) = 5429 [pid 5429] <... set_robust_list resumed>) = 0 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5409] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... ioctl resumed>) = 0 [pid 5429] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5429] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... write resumed>) = 9740288 [pid 5410] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] exit_group(0 [pid 5410] <... futex resumed>) = ? [pid 5409] <... exit_group resumed>) = ? [pid 5429] <... futex resumed>) = ? [pid 5429] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ [pid 5409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5409, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 71.938692][ T5410] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 72.367781][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5430 ./strace-static-x86_64: Process 5430 attached [pid 5430] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5430] chdir("./10") = 0 [pid 5430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5430] setpgid(0, 0) = 0 [pid 5430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5430] write(3, "1000", 4) = 4 [pid 5430] close(3) = 0 [pid 5430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5430] write(1, "executing program\n", 18executing program ) = 18 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5430] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5431 attached => {parent_tid=[5431]}, 88) = 5431 [pid 5431] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5431] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5431] memfd_create("syzkaller", 0) = 3 [pid 5431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5431] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5431] close(3) = 0 [pid 5431] close(4) = 0 [pid 5431] mkdir("./file0", 0777) = 0 [ 72.831621][ T5431] loop0: detected capacity change from 0 to 32768 [ 72.851036][ T5431] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5431) [ 72.874737][ T5431] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 72.885167][ T5431] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 72.893849][ T5431] BTRFS info (device loop0): using free-space-tree [pid 5431] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5431] ioctl(4, LOOP_CLR_FD) = 0 [pid 5431] close(4) = 0 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... openat resumed>) = 4 [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] memfd_create("syzkaller", 0) = 5 [pid 5431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5431] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5431] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5431] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5431] ioctl(6, LOOP_CLR_FD) = 0 [pid 5431] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5431] close(6) = 0 [pid 5431] close(5) = 0 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] pread64(4, [pid 5430] <... futex resumed>) = 0 [pid 5431] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mkdir("./file1", 000 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... mkdir resumed>) = 0 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5430] <... futex resumed>) = 0 [pid 5431] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5430] <... futex resumed>) = 0 [pid 5431] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] openat(AT_FDCWD, ".", O_RDONLY [pid 5430] <... futex resumed>) = 0 [pid 5431] <... openat resumed>) = 5 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] chdir("./file0" [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] <... chdir resumed>) = 0 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] openat(AT_FDCWD, ".", O_RDONLY [pid 5430] <... futex resumed>) = 0 [pid 5431] <... openat resumed>) = 6 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... openat resumed>) = 7 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5430] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5430] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5430] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5430] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5451 attached => {parent_tid=[5451]}, 88) = 5451 [pid 5451] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] set_robust_list(0x7fa6efdb19a0, 24 [pid 5430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] <... set_robust_list resumed>) = 0 [pid 5430] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5430] <... futex resumed>) = 0 [pid 5451] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5430] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... ioctl resumed>) = 0 [pid 5451] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5451] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... write resumed>) = 9740288 [pid 5431] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] exit_group(0 [pid 5451] <... futex resumed>) = ? [pid 5431] <... futex resumed>) = ? [pid 5430] <... exit_group resumed>) = ? [pid 5451] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ [pid 5430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5430, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 73.127670][ T5431] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 73.567727][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5452 ./strace-static-x86_64: Process 5452 attached [pid 5452] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5452] chdir("./11") = 0 [pid 5452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5452] setpgid(0, 0) = 0 [pid 5452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5452] write(3, "1000", 4) = 4 [pid 5452] close(3) = 0 [pid 5452] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5452] write(1, "executing program\n", 18) = 18 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5452] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5452] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5453 attached [pid 5453] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5452] <... clone3 resumed> => {parent_tid=[5453]}, 88) = 5453 [pid 5453] <... rseq resumed>) = 0 [pid 5452] rt_sigprocmask(SIG_SETMASK, [], [pid 5453] set_robust_list(0x7fa6efdd29a0, 24 [pid 5452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5453] <... set_robust_list resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5452] <... futex resumed>) = 0 [pid 5453] memfd_create("syzkaller", 0 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5453] <... memfd_create resumed>) = 3 [pid 5453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5453] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5453] close(3) = 0 [pid 5453] close(4) = 0 [pid 5453] mkdir("./file0", 0777) = 0 [ 74.136764][ T5453] loop0: detected capacity change from 0 to 32768 [ 74.167249][ T5453] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5453) [pid 5453] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5453] ioctl(4, LOOP_CLR_FD) = 0 [pid 5453] close(4) = 0 [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... openat resumed>) = 4 [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] memfd_create("syzkaller", 0 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5453] <... memfd_create resumed>) = 5 [pid 5453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5453] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [ 74.193416][ T5453] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 74.203914][ T5453] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 74.212745][ T5453] BTRFS info (device loop0): using free-space-tree [pid 5453] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5453] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5453] ioctl(6, LOOP_CLR_FD) = 0 [pid 5453] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5453] close(6) = 0 [pid 5453] close(5) = 0 [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5452] <... futex resumed>) = 1 [pid 5453] pread64(4, [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5452] <... futex resumed>) = 1 [pid 5453] mkdir("./file1", 000 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... mkdir resumed>) = 0 [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5452] <... futex resumed>) = 0 [pid 5453] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] mkdir("./file1", 000 [pid 5452] <... futex resumed>) = 0 [pid 5453] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] <... futex resumed>) = 0 [pid 5453] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5453] chdir("./file0" [pid 5452] <... futex resumed>) = 1 [pid 5453] <... chdir resumed>) = 0 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5452] <... futex resumed>) = 1 [pid 5453] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5452] <... futex resumed>) = 0 [pid 5453] <... openat resumed>) = 7 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... futex resumed>) = 1 [pid 5453] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5452] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5452] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5452] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5472 attached [pid 5472] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5452] <... clone3 resumed> => {parent_tid=[5472]}, 88) = 5472 [pid 5472] <... rseq resumed>) = 0 [pid 5452] rt_sigprocmask(SIG_SETMASK, [], [pid 5472] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5472] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5452] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5452] <... futex resumed>) = 1 [pid 5472] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5452] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... ioctl resumed>) = 0 [pid 5452] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5472] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] <... write resumed>) = 9740288 [pid 5453] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] exit_group(0 [pid 5472] <... futex resumed>) = ? [pid 5453] <... futex resumed>) = ? [pid 5453] +++ exited with 0 +++ [pid 5472] +++ exited with 0 +++ [pid 5452] <... exit_group resumed>) = ? [pid 5452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5452, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 74.355693][ T5453] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 74.780482][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5473 ./strace-static-x86_64: Process 5473 attached [pid 5473] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5473] chdir("./12") = 0 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5473] setpgid(0, 0) = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3) = 0 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5473] write(1, "executing program\n", 18) = 18 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5473] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5474 attached [pid 5474] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5473] <... clone3 resumed> => {parent_tid=[5474]}, 88) = 5474 [pid 5474] <... rseq resumed>) = 0 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5474] set_robust_list(0x7fa6efdd29a0, 24 [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] <... set_robust_list resumed>) = 0 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], [pid 5473] <... futex resumed>) = 0 [pid 5474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] memfd_create("syzkaller", 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5474] <... memfd_create resumed>) = 3 [pid 5474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5474] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5474] close(3) = 0 [pid 5474] close(4) = 0 [pid 5474] mkdir("./file0", 0777) = 0 [ 75.260309][ T5474] loop0: detected capacity change from 0 to 32768 [ 75.271325][ T5474] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5474) [ 75.290615][ T5474] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 75.301789][ T5474] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5474] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5474] ioctl(4, LOOP_CLR_FD) = 0 [pid 5474] close(4) = 0 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [ 75.311175][ T5474] BTRFS info (device loop0): using free-space-tree [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5473] <... futex resumed>) = 0 [pid 5474] <... openat resumed>) = 4 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5474] memfd_create("syzkaller", 0) = 5 [pid 5474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5474] <... mmap resumed>) = 0x7fa6e7800000 [pid 5474] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5474] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5474] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5474] ioctl(6, LOOP_CLR_FD) = 0 [pid 5474] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5474] close(6) = 0 [pid 5474] close(5) = 0 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = 0 [pid 5474] mkdir("./file1", 000) = 0 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = 1 [pid 5474] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = 1 [pid 5474] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] <... futex resumed>) = 0 [pid 5474] openat(AT_FDCWD, ".", O_RDONLY [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... openat resumed>) = 5 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5474] <... futex resumed>) = 1 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] chdir("./file0" [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... chdir resumed>) = 0 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5474] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5473] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5473] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5473] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5493 attached => {parent_tid=[5493]}, 88) = 5493 [pid 5493] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5493] <... rseq resumed>) = 0 [pid 5493] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5493] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5473] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5493] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5473] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... ioctl resumed>) = 0 [pid 5493] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... write resumed>) = 9740288 [pid 5474] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] exit_group(0 [pid 5493] <... futex resumed>) = ? [pid 5493] +++ exited with 0 +++ [pid 5473] <... exit_group resumed>) = ? [pid 5474] <... futex resumed>) = ? [pid 5474] +++ exited with 0 +++ [pid 5473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 75.544406][ T5474] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 75.969457][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5494 attached , child_tidptr=0x5555626bb690) = 5494 [pid 5494] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5494] chdir("./13") = 0 [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5494] setpgid(0, 0) = 0 [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5494] write(3, "1000", 4) = 4 [pid 5494] close(3) = 0 [pid 5494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5494] write(1, "executing program\n", 18executing program ) = 18 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5494] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5495 attached [pid 5495] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5494] <... clone3 resumed> => {parent_tid=[5495]}, 88) = 5495 [pid 5495] <... rseq resumed>) = 0 [pid 5495] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5495] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5495] memfd_create("syzkaller", 0 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5495] <... memfd_create resumed>) = 3 [pid 5495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5495] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5495] close(3) = 0 [pid 5495] close(4) = 0 [pid 5495] mkdir("./file0", 0777) = 0 [ 76.491914][ T5495] loop0: detected capacity change from 0 to 32768 [ 76.511478][ T5495] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5495) [ 76.528346][ T5495] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 5495] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5495] ioctl(4, LOOP_CLR_FD) = 0 [pid 5495] close(4) = 0 [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... openat resumed>) = 4 [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] memfd_create("syzkaller", 0 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... memfd_create resumed>) = 5 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5495] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5495] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5495] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5495] ioctl(6, LOOP_CLR_FD) = 0 [ 76.538605][ T5495] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 76.547324][ T5495] BTRFS info (device loop0): using free-space-tree [pid 5495] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5495] close(6) = 0 [pid 5495] close(5) = 0 [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] pread64(4, [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5495] mkdir("./file1", 000 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... mkdir resumed>) = 0 [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] <... futex resumed>) = 0 [pid 5495] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5495] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5494] <... futex resumed>) = 1 [pid 5495] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5495] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] mkdir("./file1", 000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5495] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] openat(AT_FDCWD, ".", O_RDONLY [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... openat resumed>) = 5 [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] chdir("./file0" [pid 5494] <... futex resumed>) = 0 [pid 5495] <... chdir resumed>) = 0 [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5495] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] openat(AT_FDCWD, ".", O_RDONLY [pid 5494] <... futex resumed>) = 0 [pid 5495] <... openat resumed>) = 6 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... openat resumed>) = 7 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5495] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5494] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5494] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5494] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0} => {parent_tid=[5512]}, 88) = 5512 ./strace-static-x86_64: Process 5512 attached [pid 5494] rt_sigprocmask(SIG_SETMASK, [], [pid 5512] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5512] <... rseq resumed>) = 0 [pid 5494] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [ 76.645075][ T5495] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 76.763733][ T46] cfg80211: failed to load regulatory.db [pid 5512] set_robust_list(0x7fa6efdb19a0, 24 [pid 5494] <... futex resumed>) = 0 [pid 5512] <... set_robust_list resumed>) = 0 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5512] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5512] <... ioctl resumed>) = 0 [pid 5512] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] exit_group(0 [pid 5512] <... futex resumed>) = ? [pid 5495] <... write resumed>) = ? [pid 5494] <... exit_group resumed>) = ? [pid 5512] +++ exited with 0 +++ [pid 5495] +++ exited with 0 +++ [pid 5494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5494, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 77.365749][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5513 attached , child_tidptr=0x5555626bb690) = 5513 [pid 5513] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5513] chdir("./14") = 0 [pid 5513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5513] setpgid(0, 0) = 0 [pid 5513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5513] write(3, "1000", 4) = 4 [pid 5513] close(3) = 0 [pid 5513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5513] write(1, "executing program\n", 18executing program ) = 18 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5513] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5514 attached [pid 5514] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5513] <... clone3 resumed> => {parent_tid=[5514]}, 88) = 5514 [pid 5514] <... rseq resumed>) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], [pid 5514] set_robust_list(0x7fa6efdd29a0, 24 [pid 5513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5514] <... set_robust_list resumed>) = 0 [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] rt_sigprocmask(SIG_SETMASK, [], [pid 5513] <... futex resumed>) = 0 [pid 5514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5514] memfd_create("syzkaller", 0) = 3 [pid 5514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5514] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5514] close(3) = 0 [pid 5514] close(4) = 0 [pid 5514] mkdir("./file0", 0777) = 0 [ 77.814543][ T5514] loop0: detected capacity change from 0 to 32768 [ 77.846128][ T5514] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5514) [ 77.867079][ T5514] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 77.877773][ T5514] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 77.886578][ T5514] BTRFS info (device loop0): using free-space-tree [pid 5514] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5514] ioctl(4, LOOP_CLR_FD) = 0 [pid 5514] close(4) = 0 [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] memfd_create("syzkaller", 0 [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... memfd_create resumed>) = 5 [pid 5513] <... futex resumed>) = 0 [pid 5514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5514] <... mmap resumed>) = 0x7fa6e7800000 [pid 5514] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5514] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5514] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5514] ioctl(6, LOOP_CLR_FD) = 0 [pid 5514] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5514] close(6) = 0 [pid 5514] close(5) = 0 [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5514] pread64(4, [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] <... futex resumed>) = 0 [pid 5514] mkdir("./file1", 000 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... mkdir resumed>) = 0 [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] <... futex resumed>) = 0 [pid 5514] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5514] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 0 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5514] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] chdir("./file0" [pid 5513] <... futex resumed>) = 0 [pid 5514] <... chdir resumed>) = 0 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] <... futex resumed>) = 0 [pid 5514] openat(AT_FDCWD, ".", O_RDONLY [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... openat resumed>) = 6 [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] <... futex resumed>) = 0 [pid 5514] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... openat resumed>) = 7 [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] <... futex resumed>) = 0 [pid 5514] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5513] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5513] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5513] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5533 attached => {parent_tid=[5533]}, 88) = 5533 [pid 5533] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5533] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], [pid 5513] rt_sigprocmask(SIG_SETMASK, [], [pid 5533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5513] <... futex resumed>) = 0 [pid 5533] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5513] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5533] <... ioctl resumed>) = 0 [pid 5533] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... write resumed>) = 9740288 [pid 5514] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] exit_group(0 [pid 5533] <... futex resumed>) = ? [pid 5533] +++ exited with 0 +++ [pid 5514] <... futex resumed>) = ? [pid 5513] <... exit_group resumed>) = ? [pid 5514] +++ exited with 0 +++ [pid 5513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5513, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 78.083518][ T5514] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 78.580570][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5534 ./strace-static-x86_64: Process 5534 attached [pid 5534] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5534] chdir("./15") = 0 [pid 5534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5534] setpgid(0, 0) = 0 [pid 5534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5534] write(3, "1000", 4) = 4 [pid 5534] close(3) = 0 [pid 5534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5534] write(1, "executing program\n", 18executing program ) = 18 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5534] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5535 attached [pid 5535] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5534] <... clone3 resumed> => {parent_tid=[5535]}, 88) = 5535 [pid 5535] set_robust_list(0x7fa6efdd29a0, 24 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], [pid 5535] <... set_robust_list resumed>) = 0 [pid 5534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5534] <... futex resumed>) = 0 [pid 5535] memfd_create("syzkaller", 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5535] <... memfd_create resumed>) = 3 [pid 5535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5535] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5535] close(3) = 0 [pid 5535] close(4) = 0 [pid 5535] mkdir("./file0", 0777) = 0 [ 79.118122][ T5535] loop0: detected capacity change from 0 to 32768 [ 79.129405][ T5535] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5535) [ 79.147820][ T5535] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 79.158456][ T5535] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5535] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 79.167150][ T5535] BTRFS info (device loop0): using free-space-tree [pid 5535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5535] ioctl(4, LOOP_CLR_FD) = 0 [pid 5535] close(4) = 0 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... openat resumed>) = 4 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5535] memfd_create("syzkaller", 0) = 5 [pid 5535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5535] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5535] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5535] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5535] ioctl(6, LOOP_CLR_FD) = 0 [pid 5535] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5535] close(6) = 0 [pid 5535] close(5) = 0 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5535] pread64(4, [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] <... futex resumed>) = 0 [pid 5535] mkdir("./file1", 000 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... mkdir resumed>) = 0 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5535] <... futex resumed>) = 1 [pid 5535] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] mkdir("./file1", 000 [pid 5534] <... futex resumed>) = 0 [pid 5535] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... futex resumed>) = 1 [pid 5535] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] chdir("./file0" [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... chdir resumed>) = 0 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5535] openat(AT_FDCWD, ".", O_RDONLY [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... openat resumed>) = 6 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] <... futex resumed>) = 0 [pid 5535] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... openat resumed>) = 7 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5535] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5534] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5534] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5534] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5554 attached => {parent_tid=[5554]}, 88) = 5554 [pid 5554] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5554] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5554] rt_sigprocmask(SIG_SETMASK, [], [pid 5534] rt_sigprocmask(SIG_SETMASK, [], [pid 5554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5554] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5554] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... ioctl resumed>) = 0 [pid 5554] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5554] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] <... write resumed>) = 9740288 [pid 5535] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] exit_group(0 [pid 5535] <... futex resumed>) = ? [pid 5534] <... exit_group resumed>) = ? [pid 5554] <... futex resumed>) = ? [pid 5554] +++ exited with 0 +++ [pid 5535] +++ exited with 0 +++ [pid 5534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5534, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 79.347121][ T5535] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 79.809471][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5555 attached , child_tidptr=0x5555626bb690) = 5555 [pid 5555] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5555] chdir("./16") = 0 [pid 5555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5555] setpgid(0, 0) = 0 [pid 5555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5555] write(3, "1000", 4) = 4 [pid 5555] close(3) = 0 [pid 5555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5555] write(1, "executing program\n", 18executing program ) = 18 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5555] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5556 attached [pid 5556] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5555] <... clone3 resumed> => {parent_tid=[5556]}, 88) = 5556 [pid 5556] <... rseq resumed>) = 0 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] set_robust_list(0x7fa6efdd29a0, 24 [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5556] <... set_robust_list resumed>) = 0 [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5555] <... futex resumed>) = 0 [pid 5556] memfd_create("syzkaller", 0 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5556] <... memfd_create resumed>) = 3 [pid 5556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5556] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5556] close(3) = 0 [pid 5556] close(4) = 0 [pid 5556] mkdir("./file0", 0777) = 0 [ 80.325162][ T5556] loop0: detected capacity change from 0 to 32768 [ 80.346358][ T5556] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5556) [pid 5556] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5556] ioctl(4, LOOP_CLR_FD) = 0 [pid 5556] close(4) = 0 [ 80.367172][ T5556] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.378157][ T5556] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 80.387262][ T5556] BTRFS info (device loop0): using free-space-tree [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] <... futex resumed>) = 0 [pid 5556] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... openat resumed>) = 4 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5556] memfd_create("syzkaller", 0) = 5 [pid 5556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5556] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5556] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5556] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5556] ioctl(6, LOOP_CLR_FD) = 0 [pid 5556] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5556] close(6) = 0 [pid 5556] close(5) = 0 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5555] <... futex resumed>) = 0 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... futex resumed>) = 0 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] mkdir("./file1", 000 [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... mkdir resumed>) = 0 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] <... futex resumed>) = 0 [pid 5556] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5555] <... futex resumed>) = 1 [pid 5556] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5555] <... futex resumed>) = 1 [pid 5556] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5556] openat(AT_FDCWD, ".", O_RDONLY [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... openat resumed>) = 5 [pid 5555] <... futex resumed>) = 0 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5556] chdir("./file0" [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... chdir resumed>) = 0 [pid 5555] <... futex resumed>) = 0 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... futex resumed>) = 0 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... openat resumed>) = 7 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... futex resumed>) = 1 [pid 5556] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5555] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5555] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5555] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5575 attached => {parent_tid=[5575]}, 88) = 5575 [pid 5575] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5575] set_robust_list(0x7fa6efdb19a0, 24 [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] <... set_robust_list resumed>) = 0 [pid 5555] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5575] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... futex resumed>) = 0 [pid 5556] <... write resumed>) = 9740288 [pid 5556] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] exit_group(0 [pid 5575] <... futex resumed>) = ? [pid 5555] <... exit_group resumed>) = ? [pid 5575] +++ exited with 0 +++ [pid 5556] <... futex resumed>) = ? [pid 5556] +++ exited with 0 +++ [pid 5555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5555, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 80.564820][ T5556] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 81.046254][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5576 ./strace-static-x86_64: Process 5576 attached [pid 5576] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5576] chdir("./17") = 0 [pid 5576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5576] setpgid(0, 0) = 0 [pid 5576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5576] write(3, "1000", 4) = 4 [pid 5576] close(3) = 0 [pid 5576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5576] write(1, "executing program\n", 18executing program ) = 18 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5576] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5577 attached [pid 5577] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5576] <... clone3 resumed> => {parent_tid=[5577]}, 88) = 5577 [pid 5577] <... rseq resumed>) = 0 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], [pid 5577] set_robust_list(0x7fa6efdd29a0, 24 [pid 5576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5577] <... set_robust_list resumed>) = 0 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5576] <... futex resumed>) = 0 [pid 5577] memfd_create("syzkaller", 0 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5577] <... memfd_create resumed>) = 3 [pid 5577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5577] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5577] close(3) = 0 [pid 5577] close(4) = 0 [pid 5577] mkdir("./file0", 0777) = 0 [ 81.569762][ T5577] loop0: detected capacity change from 0 to 32768 [ 81.590931][ T5577] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5577) [pid 5577] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 81.614384][ T5577] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 81.624615][ T5577] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 81.633379][ T5577] BTRFS info (device loop0): using free-space-tree [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5577] ioctl(4, LOOP_CLR_FD) = 0 [pid 5577] close(4) = 0 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5576] <... futex resumed>) = 0 [pid 5577] <... openat resumed>) = 4 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5577] memfd_create("syzkaller", 0 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5577] <... memfd_create resumed>) = 5 [pid 5577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5577] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5577] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5577] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5577] ioctl(6, LOOP_CLR_FD) = 0 [pid 5577] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5577] close(6) = 0 [pid 5577] close(5) = 0 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] mkdir("./file1", 000 [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... mkdir resumed>) = 0 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5577] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5577] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] mkdir("./file1", 000 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = 0 [pid 5577] <... futex resumed>) = 1 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] openat(AT_FDCWD, ".", O_RDONLY [pid 5576] <... futex resumed>) = 0 [pid 5577] <... openat resumed>) = 5 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] <... futex resumed>) = 0 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] chdir("./file0") = 0 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] openat(AT_FDCWD, ".", O_RDONLY [pid 5576] <... futex resumed>) = 0 [pid 5577] <... openat resumed>) = 6 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5577] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5576] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5576] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5576] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5596 attached [pid 5596] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5576] <... clone3 resumed> => {parent_tid=[5596]}, 88) = 5596 [pid 5596] <... rseq resumed>) = 0 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], [pid 5596] set_robust_list(0x7fa6efdb19a0, 24 [pid 5576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] <... set_robust_list resumed>) = 0 [pid 5576] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5576] <... futex resumed>) = 0 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5576] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] <... ioctl resumed>) = 0 [pid 5576] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5596] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] <... write resumed>) = 9740288 [pid 5577] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] exit_group(0 [pid 5596] <... futex resumed>) = ? [pid 5577] <... futex resumed>) = ? [pid 5576] <... exit_group resumed>) = ? [pid 5596] +++ exited with 0 +++ [pid 5577] +++ exited with 0 +++ [pid 5576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5576, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 81.751244][ T5577] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 82.230788][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5597 attached , child_tidptr=0x5555626bb690) = 5597 [pid 5597] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5597] chdir("./18") = 0 [pid 5597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5597] setpgid(0, 0) = 0 [pid 5597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5597] write(3, "1000", 4) = 4 [pid 5597] close(3) = 0 [pid 5597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5597] write(1, "executing program\n", 18executing program ) = 18 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5597] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5598 attached [pid 5598] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5597] <... clone3 resumed> => {parent_tid=[5598]}, 88) = 5598 [pid 5598] <... rseq resumed>) = 0 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], [pid 5598] set_robust_list(0x7fa6efdd29a0, 24 [pid 5597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5598] <... set_robust_list resumed>) = 0 [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5598] memfd_create("syzkaller", 0) = 3 [pid 5598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5598] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5598] close(3) = 0 [pid 5598] close(4) = 0 [pid 5598] mkdir("./file0", 0777) = 0 [ 82.794483][ T5598] loop0: detected capacity change from 0 to 32768 [ 82.811783][ T5598] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5598) [pid 5598] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 82.838109][ T5598] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.848340][ T5598] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 82.857406][ T5598] BTRFS info (device loop0): using free-space-tree [pid 5598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5598] ioctl(4, LOOP_CLR_FD) = 0 [pid 5598] close(4) = 0 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5597] <... futex resumed>) = 1 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] <... futex resumed>) = 0 [pid 5598] memfd_create("syzkaller", 0 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5598] <... memfd_create resumed>) = 5 [pid 5598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5598] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5598] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5598] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5598] ioctl(6, LOOP_CLR_FD) = 0 [pid 5598] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5598] close(6) = 0 [pid 5598] close(5) = 0 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5598] mkdir("./file1", 000) = 0 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] <... futex resumed>) = 0 [pid 5598] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5597] <... futex resumed>) = 0 [pid 5598] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] <... futex resumed>) = 0 [pid 5598] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... futex resumed>) = 0 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] <... futex resumed>) = 0 [pid 5598] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5598] <... futex resumed>) = 0 [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] openat(AT_FDCWD, ".", O_RDONLY [pid 5597] <... futex resumed>) = 0 [pid 5598] <... openat resumed>) = 5 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = 0 [pid 5598] <... futex resumed>) = 1 [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] chdir("./file0" [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... chdir resumed>) = 0 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5598] <... futex resumed>) = 0 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] <... futex resumed>) = 0 [pid 5598] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... openat resumed>) = 7 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] <... futex resumed>) = 0 [pid 5598] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5597] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5597] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5597] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5617 attached => {parent_tid=[5617]}, 88) = 5617 [pid 5617] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], [pid 5617] <... rseq resumed>) = 0 [pid 5597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5617] set_robust_list(0x7fa6efdb19a0, 24 [pid 5597] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] <... set_robust_list resumed>) = 0 [pid 5597] <... futex resumed>) = 0 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5597] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5617] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] <... futex resumed>) = 0 [pid 5598] <... write resumed>) = 9740288 [pid 5598] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5598] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] exit_group(0 [pid 5617] <... futex resumed>) = ? [pid 5617] +++ exited with 0 +++ [pid 5597] <... exit_group resumed>) = ? [pid 5598] <... futex resumed>) = ? [pid 5598] +++ exited with 0 +++ [pid 5597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5597, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 83.069234][ T5598] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 83.537153][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5618 attached , child_tidptr=0x5555626bb690) = 5618 [pid 5618] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5618] chdir("./19") = 0 [pid 5618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5618] setpgid(0, 0) = 0 [pid 5618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5618] write(3, "1000", 4) = 4 [pid 5618] close(3) = 0 [pid 5618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5618] write(1, "executing program\n", 18executing program ) = 18 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5618] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5619 attached [pid 5619] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5618] <... clone3 resumed> => {parent_tid=[5619]}, 88) = 5619 [pid 5619] <... rseq resumed>) = 0 [pid 5618] rt_sigprocmask(SIG_SETMASK, [], [pid 5619] set_robust_list(0x7fa6efdd29a0, 24 [pid 5618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5619] <... set_robust_list resumed>) = 0 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5618] <... futex resumed>) = 0 [pid 5619] memfd_create("syzkaller", 0 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5619] <... memfd_create resumed>) = 3 [pid 5619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5619] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5619] close(3) = 0 [pid 5619] close(4) = 0 [pid 5619] mkdir("./file0", 0777) = 0 [ 84.049648][ T5619] loop0: detected capacity change from 0 to 32768 [ 84.072113][ T5619] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5619) [pid 5619] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 84.092845][ T5619] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 84.103843][ T5619] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 84.112981][ T5619] BTRFS info (device loop0): using free-space-tree [pid 5619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5619] ioctl(4, LOOP_CLR_FD) = 0 [pid 5619] close(4) = 0 [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... openat resumed>) = 4 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] memfd_create("syzkaller", 0 [pid 5618] <... futex resumed>) = 0 [pid 5619] <... memfd_create resumed>) = 5 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5619] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5619] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5619] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5619] ioctl(6, LOOP_CLR_FD) = 0 [pid 5619] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5619] close(6) = 0 [pid 5619] close(5) = 0 [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5618] <... futex resumed>) = 1 [pid 5619] pread64(4, [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] mkdir("./file1", 000 [pid 5618] <... futex resumed>) = 0 [pid 5619] <... mkdir resumed>) = 0 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5619] <... futex resumed>) = 1 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] mkdir("./file1", 000 [pid 5618] <... futex resumed>) = 0 [pid 5619] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... futex resumed>) = 0 [pid 5619] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] openat(AT_FDCWD, ".", O_RDONLY [pid 5618] <... futex resumed>) = 0 [pid 5619] <... openat resumed>) = 5 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] chdir("./file0" [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... chdir resumed>) = 0 [pid 5618] <... futex resumed>) = 0 [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] <... futex resumed>) = 0 [pid 5619] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... openat resumed>) = 7 [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5618] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5618] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5618] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5638 attached => {parent_tid=[5638]}, 88) = 5638 [pid 5638] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5638] set_robust_list(0x7fa6efdb19a0, 24 [pid 5618] rt_sigprocmask(SIG_SETMASK, [], [pid 5638] <... set_robust_list resumed>) = 0 [pid 5618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], [pid 5618] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5618] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5638] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] <... write resumed>) = 9740288 [pid 5619] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] exit_group(0 [pid 5638] <... futex resumed>) = ? [pid 5619] <... futex resumed>) = ? [pid 5618] <... exit_group resumed>) = ? [pid 5638] +++ exited with 0 +++ [pid 5619] +++ exited with 0 +++ [pid 5618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5618, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 84.316552][ T5619] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 84.715788][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5639 ./strace-static-x86_64: Process 5639 attached [pid 5639] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5639] chdir("./20") = 0 [pid 5639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5639] setpgid(0, 0) = 0 [pid 5639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5639] write(3, "1000", 4) = 4 [pid 5639] close(3) = 0 [pid 5639] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5639] write(1, "executing program\n", 18) = 18 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5639] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5640 attached [pid 5640] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5639] <... clone3 resumed> => {parent_tid=[5640]}, 88) = 5640 [pid 5640] set_robust_list(0x7fa6efdd29a0, 24 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], [pid 5640] <... set_robust_list resumed>) = 0 [pid 5639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] memfd_create("syzkaller", 0 [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5640] <... memfd_create resumed>) = 3 [pid 5640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5640] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5640] close(3) = 0 [pid 5640] close(4) = 0 [pid 5640] mkdir("./file0", 0777) = 0 [ 85.223102][ T5640] loop0: detected capacity change from 0 to 32768 [ 85.250304][ T5640] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5640) [pid 5640] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 85.273866][ T5640] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 85.284499][ T5640] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 85.293704][ T5640] BTRFS info (device loop0): using free-space-tree [pid 5640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5640] ioctl(4, LOOP_CLR_FD) = 0 [pid 5640] close(4) = 0 [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5640] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5639] <... futex resumed>) = 0 [pid 5640] <... openat resumed>) = 4 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] memfd_create("syzkaller", 0 [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... memfd_create resumed>) = 5 [pid 5639] <... futex resumed>) = 0 [pid 5640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5640] <... mmap resumed>) = 0x7fa6e7800000 [pid 5640] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5640] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5640] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5640] ioctl(6, LOOP_CLR_FD) = 0 [pid 5640] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5640] close(6) = 0 [pid 5640] close(5) = 0 [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] pread64(4, [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] mkdir("./file1", 000 [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5640] <... mkdir resumed>) = 0 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] <... futex resumed>) = 0 [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5640] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... futex resumed>) = 0 [pid 5640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5639] <... futex resumed>) = 0 [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] <... futex resumed>) = 0 [pid 5640] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] <... futex resumed>) = 0 [pid 5640] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] <... futex resumed>) = 0 [pid 5640] openat(AT_FDCWD, ".", O_RDONLY [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] <... openat resumed>) = 5 [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5640] <... futex resumed>) = 1 [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] chdir("./file0" [pid 5639] <... futex resumed>) = 0 [pid 5640] <... chdir resumed>) = 0 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] openat(AT_FDCWD, ".", O_RDONLY [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... openat resumed>) = 6 [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] <... futex resumed>) = 0 [pid 5640] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] <... openat resumed>) = 7 [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5639] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5639] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5639] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5659 attached => {parent_tid=[5659]}, 88) = 5659 [pid 5659] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], [pid 5659] set_robust_list(0x7fa6efdb19a0, 24 [pid 5639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5659] <... set_robust_list resumed>) = 0 [pid 5639] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], [pid 5639] <... futex resumed>) = 0 [pid 5659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5659] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5639] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... ioctl resumed>) = 0 [pid 5659] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5659] <... futex resumed>) = 1 [pid 5659] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] <... write resumed>) = 9740288 [pid 5640] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] exit_group(0 [pid 5640] <... futex resumed>) = 0 [pid 5659] <... futex resumed>) = ? [pid 5639] <... exit_group resumed>) = ? [pid 5659] +++ exited with 0 +++ [pid 5640] +++ exited with 0 +++ [pid 5639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5639, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 85.517783][ T5640] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 85.900580][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5660 attached , child_tidptr=0x5555626bb690) = 5660 [pid 5660] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5660] chdir("./21") = 0 [pid 5660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5660] setpgid(0, 0) = 0 [pid 5660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5660] write(3, "1000", 4) = 4 [pid 5660] close(3) = 0 [pid 5660] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5660] write(1, "executing program\n", 18) = 18 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5660] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5661 attached [pid 5661] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5660] <... clone3 resumed> => {parent_tid=[5661]}, 88) = 5661 [pid 5661] set_robust_list(0x7fa6efdd29a0, 24 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], [pid 5661] <... set_robust_list resumed>) = 0 [pid 5660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5660] <... futex resumed>) = 0 [pid 5661] memfd_create("syzkaller", 0 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5661] <... memfd_create resumed>) = 3 [pid 5661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5661] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5661] close(3) = 0 [pid 5661] close(4) = 0 [pid 5661] mkdir("./file0", 0777) = 0 [ 86.473980][ T5661] loop0: detected capacity change from 0 to 32768 [ 86.495373][ T5661] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5661) [ 86.514966][ T5661] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 86.526950][ T5661] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 86.536237][ T5661] BTRFS info (device loop0): using free-space-tree [pid 5661] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5661] ioctl(4, LOOP_CLR_FD) = 0 [pid 5661] close(4) = 0 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5661] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... openat resumed>) = 4 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5661] <... futex resumed>) = 1 [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] memfd_create("syzkaller", 0 [pid 5660] <... futex resumed>) = 0 [pid 5661] <... memfd_create resumed>) = 5 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5661] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5661] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5661] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5661] ioctl(6, LOOP_CLR_FD) = 0 [pid 5661] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5661] close(6) = 0 [pid 5661] close(5) = 0 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5661] pread64(4, [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5661] <... futex resumed>) = 0 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] mkdir("./file1", 000) = 0 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5661] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 1 [pid 5661] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5661] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 0 [pid 5661] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5660] <... futex resumed>) = 0 [pid 5661] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5661] <... futex resumed>) = 0 [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5661] openat(AT_FDCWD, ".", O_RDONLY [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... openat resumed>) = 5 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] chdir("./file0") = 0 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5660] <... futex resumed>) = 0 [pid 5661] openat(AT_FDCWD, ".", O_RDONLY [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... openat resumed>) = 6 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5661] <... openat resumed>) = 7 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5660] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5661] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5660] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5660] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5660] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5680 attached [pid 5680] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5660] <... clone3 resumed> => {parent_tid=[5680]}, 88) = 5680 [pid 5680] <... rseq resumed>) = 0 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], [pid 5680] set_robust_list(0x7fa6efdb19a0, 24 [pid 5660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5680] <... set_robust_list resumed>) = 0 [pid 5660] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5660] <... futex resumed>) = 0 [pid 5680] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5660] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5680] <... ioctl resumed>) = 0 [pid 5660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5680] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5661] <... write resumed>) = 9740288 [pid 5661] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5661] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] exit_group(0 [pid 5680] <... futex resumed>) = ? [pid 5661] <... futex resumed>) = ? [pid 5660] <... exit_group resumed>) = ? [pid 5680] +++ exited with 0 +++ [pid 5661] +++ exited with 0 +++ [pid 5660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5660, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 86.684018][ T5661] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 87.168395][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5681 attached , child_tidptr=0x5555626bb690) = 5681 [pid 5681] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5681] chdir("./22") = 0 [pid 5681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5681] setpgid(0, 0) = 0 [pid 5681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5681] write(3, "1000", 4) = 4 [pid 5681] close(3) = 0 [pid 5681] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5681] write(1, "executing program\n", 18) = 18 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5681] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5681] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5681] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5682 attached [pid 5682] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5681] <... clone3 resumed> => {parent_tid=[5682]}, 88) = 5682 [pid 5682] <... rseq resumed>) = 0 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], [pid 5682] set_robust_list(0x7fa6efdd29a0, 24 [pid 5681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] <... set_robust_list resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5681] <... futex resumed>) = 0 [pid 5682] memfd_create("syzkaller", 0 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5682] <... memfd_create resumed>) = 3 [pid 5682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5682] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5682] close(3) = 0 [pid 5682] close(4) = 0 [pid 5682] mkdir("./file0", 0777) = 0 [ 87.670567][ T5682] loop0: detected capacity change from 0 to 32768 [ 87.691563][ T5682] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5682) [pid 5682] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 87.712161][ T5682] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 87.723131][ T5682] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 87.732090][ T5682] BTRFS info (device loop0): using free-space-tree [pid 5682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5682] ioctl(4, LOOP_CLR_FD) = 0 [pid 5682] close(4) = 0 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5681] <... futex resumed>) = 0 [pid 5682] <... openat resumed>) = 4 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = 0 [pid 5682] <... futex resumed>) = 1 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] memfd_create("syzkaller", 0 [pid 5681] <... futex resumed>) = 0 [pid 5682] <... memfd_create resumed>) = 5 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5682] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5682] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5682] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5682] ioctl(6, LOOP_CLR_FD) = 0 [pid 5682] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5682] close(6) = 0 [pid 5682] close(5) = 0 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5682] pread64(4, [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] <... futex resumed>) = 0 [pid 5682] mkdir("./file1", 000 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... mkdir resumed>) = 0 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5681] <... futex resumed>) = 0 [pid 5682] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] mkdir("./file1", 000 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5681] <... futex resumed>) = 0 [pid 5682] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5682] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5682] chdir("./file0" [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... chdir resumed>) = 0 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] openat(AT_FDCWD, ".", O_RDONLY [pid 5681] <... futex resumed>) = 0 [pid 5682] <... openat resumed>) = 6 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5682] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... openat resumed>) = 7 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5682] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5681] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5681] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5681] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5681] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5701 attached [pid 5701] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5681] <... clone3 resumed> => {parent_tid=[5701]}, 88) = 5701 [pid 5701] <... rseq resumed>) = 0 [pid 5701] set_robust_list(0x7fa6efdb19a0, 24 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], [pid 5701] <... set_robust_list resumed>) = 0 [pid 5701] rt_sigprocmask(SIG_SETMASK, [], [pid 5681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5681] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5681] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5701] <... ioctl resumed>) = 0 [pid 5701] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... write resumed>) = 9740288 [pid 5682] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] exit_group(0 [pid 5701] <... futex resumed>) = ? [pid 5682] <... futex resumed>) = ? [pid 5681] <... exit_group resumed>) = ? [pid 5701] +++ exited with 0 +++ [pid 5682] +++ exited with 0 +++ [pid 5681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5681, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 87.904263][ T5682] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 88.354379][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5702 attached , child_tidptr=0x5555626bb690) = 5702 [pid 5702] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5702] chdir("./23") = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5702] write(1, "executing program\n", 18) = 18 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5702] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5703 attached => {parent_tid=[5703]}, 88) = 5703 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5703] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5703] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5703] memfd_create("syzkaller", 0) = 3 [pid 5703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5703] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5703] close(3) = 0 [pid 5703] close(4) = 0 [pid 5703] mkdir("./file0", 0777) = 0 [ 88.861940][ T5703] loop0: detected capacity change from 0 to 32768 [ 88.883507][ T5703] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5703) [ 88.904702][ T5703] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 88.917933][ T5703] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 88.926777][ T5703] BTRFS info (device loop0): using free-space-tree [pid 5703] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5703] ioctl(4, LOOP_CLR_FD) = 0 [pid 5703] close(4) = 0 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 0 [pid 5703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... openat resumed>) = 4 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5703] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] <... futex resumed>) = 0 [pid 5703] memfd_create("syzkaller", 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5703] <... memfd_create resumed>) = 5 [pid 5703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5703] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5703] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5703] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5703] ioctl(6, LOOP_CLR_FD) = 0 [pid 5703] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5703] close(6) = 0 [pid 5703] close(5) = 0 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] pread64(4, [pid 5702] <... futex resumed>) = 0 [pid 5703] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] mkdir("./file1", 000 [pid 5702] <... futex resumed>) = 0 [pid 5703] <... mkdir resumed>) = 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5703] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5702] <... futex resumed>) = 0 [pid 5703] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = 1 [pid 5703] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... futex resumed>) = 1 [pid 5703] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... futex resumed>) = 1 [pid 5703] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... futex resumed>) = 1 [pid 5703] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5703] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] chdir("./file0" [pid 5702] <... futex resumed>) = 0 [pid 5703] <... chdir resumed>) = 0 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5703] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] <... futex resumed>) = 0 [pid 5703] openat(AT_FDCWD, ".", O_RDONLY [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... openat resumed>) = 6 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5703] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... openat resumed>) = 7 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5703] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5702] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5702] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5723 attached [pid 5723] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5702] <... clone3 resumed> => {parent_tid=[5723]}, 88) = 5723 [pid 5723] <... rseq resumed>) = 0 [pid 5723] set_robust_list(0x7fa6efdb19a0, 24 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5723] <... set_robust_list resumed>) = 0 [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], [pid 5702] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5723] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5723] <... futex resumed>) = 0 [pid 5723] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] <... write resumed>) = 9740288 [pid 5703] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] exit_group(0 [pid 5723] <... futex resumed>) = ? [pid 5703] <... futex resumed>) = ? [pid 5702] <... exit_group resumed>) = ? [pid 5723] +++ exited with 0 +++ [pid 5703] +++ exited with 0 +++ [pid 5702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5702, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 89.149397][ T5703] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 89.610517][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5724 attached , child_tidptr=0x5555626bb690) = 5724 [pid 5724] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5724] chdir("./24") = 0 [pid 5724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5724] setpgid(0, 0) = 0 [pid 5724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5724] write(3, "1000", 4) = 4 [pid 5724] close(3) = 0 [pid 5724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5724] write(1, "executing program\n", 18executing program ) = 18 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5724] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5724] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5724] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5725 attached [pid 5725] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5724] <... clone3 resumed> => {parent_tid=[5725]}, 88) = 5725 [pid 5725] <... rseq resumed>) = 0 [pid 5725] set_robust_list(0x7fa6efdd29a0, 24 [pid 5724] rt_sigprocmask(SIG_SETMASK, [], [pid 5725] <... set_robust_list resumed>) = 0 [pid 5724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5725] rt_sigprocmask(SIG_SETMASK, [], [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5725] memfd_create("syzkaller", 0 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5725] <... memfd_create resumed>) = 3 [pid 5725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5725] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5725] close(3) = 0 [pid 5725] close(4) = 0 [pid 5725] mkdir("./file0", 0777) = 0 [ 90.124906][ T5725] loop0: detected capacity change from 0 to 32768 [ 90.157655][ T5725] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5725) [pid 5725] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5725] ioctl(4, LOOP_CLR_FD) = 0 [pid 5725] close(4) = 0 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] <... futex resumed>) = 0 [pid 5725] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... openat resumed>) = 4 [ 90.185355][ T5725] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 90.195970][ T5725] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 90.205110][ T5725] BTRFS info (device loop0): using free-space-tree [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] memfd_create("syzkaller", 0 [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] <... memfd_create resumed>) = 5 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5725] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5725] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5725] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5725] ioctl(6, LOOP_CLR_FD) = 0 [pid 5725] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5725] close(6) = 0 [pid 5725] close(5) = 0 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] pread64(4, [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] mkdir("./file1", 000 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... mkdir resumed>) = 0 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = 0 [pid 5724] <... futex resumed>) = 1 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = 0 [pid 5724] <... futex resumed>) = 1 [pid 5725] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5724] <... futex resumed>) = 0 [pid 5725] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... futex resumed>) = 0 [pid 5724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] <... futex resumed>) = 0 [pid 5725] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] openat(AT_FDCWD, ".", O_RDONLY [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... openat resumed>) = 5 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] chdir("./file0" [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... chdir resumed>) = 0 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] openat(AT_FDCWD, ".", O_RDONLY [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... openat resumed>) = 6 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... futex resumed>) = 1 [pid 5725] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5724] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5724] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5724] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5724] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5744 attached => {parent_tid=[5744]}, 88) = 5744 [pid 5744] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5724] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] <... rseq resumed>) = 0 [pid 5724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5744] set_robust_list(0x7fa6efdb19a0, 24 [pid 5724] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... set_robust_list resumed>) = 0 [pid 5724] <... futex resumed>) = 0 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], [pid 5724] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5744] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5744] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5744] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] <... write resumed>) = 9740288 [pid 5725] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] exit_group(0 [pid 5744] <... futex resumed>) = ? [pid 5744] +++ exited with 0 +++ [pid 5725] <... futex resumed>) = ? [pid 5724] <... exit_group resumed>) = ? [pid 5725] +++ exited with 0 +++ [pid 5724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5724, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 90.337750][ T5725] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 90.804598][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5745 attached , child_tidptr=0x5555626bb690) = 5745 [pid 5745] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5745] chdir("./25") = 0 [pid 5745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5745] setpgid(0, 0) = 0 [pid 5745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5745] write(3, "1000", 4) = 4 [pid 5745] close(3) = 0 [pid 5745] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5745] write(1, "executing program\n", 18) = 18 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5745] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5745] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5746 attached [pid 5746] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5745] <... clone3 resumed> => {parent_tid=[5746]}, 88) = 5746 [pid 5746] <... rseq resumed>) = 0 [pid 5745] rt_sigprocmask(SIG_SETMASK, [], [pid 5746] set_robust_list(0x7fa6efdd29a0, 24 [pid 5745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5746] <... set_robust_list resumed>) = 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5745] <... futex resumed>) = 0 [pid 5746] memfd_create("syzkaller", 0 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5746] <... memfd_create resumed>) = 3 [pid 5746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5746] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5746] close(3) = 0 [pid 5746] close(4) = 0 [pid 5746] mkdir("./file0", 0777) = 0 [ 91.315880][ T5746] loop0: detected capacity change from 0 to 32768 [ 91.345943][ T5746] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5746) [pid 5746] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 91.364120][ T5746] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 91.375058][ T5746] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 91.383727][ T5746] BTRFS info (device loop0): using free-space-tree [pid 5746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5746] ioctl(4, LOOP_CLR_FD) = 0 [pid 5746] close(4) = 0 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5745] <... futex resumed>) = 0 [pid 5746] <... openat resumed>) = 4 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] <... futex resumed>) = 0 [pid 5746] memfd_create("syzkaller", 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... memfd_create resumed>) = 5 [pid 5745] <... futex resumed>) = 0 [pid 5746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5746] <... mmap resumed>) = 0x7fa6e7800000 [pid 5746] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5746] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5746] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5746] ioctl(6, LOOP_CLR_FD) = 0 [pid 5746] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5746] close(6) = 0 [pid 5746] close(5) = 0 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5745] <... futex resumed>) = 1 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] <... futex resumed>) = 0 [pid 5746] mkdir("./file1", 000 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... mkdir resumed>) = 0 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 1 [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5745] <... futex resumed>) = 1 [pid 5746] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5745] <... futex resumed>) = 1 [pid 5746] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5746] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... futex resumed>) = 1 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5746] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... futex resumed>) = 1 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5745] <... futex resumed>) = 1 [pid 5746] chdir("./file0") = 0 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = 0 [pid 5746] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5745] <... futex resumed>) = 1 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... futex resumed>) = 0 [pid 5745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5746] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... openat resumed>) = 7 [pid 5745] <... futex resumed>) = 0 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5745] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5745] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5745] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5765 attached [pid 5765] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5745] <... clone3 resumed> => {parent_tid=[5765]}, 88) = 5765 [pid 5765] <... rseq resumed>) = 0 [pid 5765] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5745] rt_sigprocmask(SIG_SETMASK, [], [pid 5765] rt_sigprocmask(SIG_SETMASK, [], [pid 5745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5745] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5765] <... ioctl resumed>) = 0 [pid 5765] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] <... write resumed>) = 9740288 [pid 5746] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] exit_group(0 [pid 5765] <... futex resumed>) = ? [pid 5746] <... futex resumed>) = ? [pid 5745] <... exit_group resumed>) = ? [pid 5765] +++ exited with 0 +++ [pid 5746] +++ exited with 0 +++ [pid 5745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5745, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 91.570180][ T5746] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 91.958121][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5766 attached , child_tidptr=0x5555626bb690) = 5766 [pid 5766] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5766] chdir("./26") = 0 [pid 5766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5766] setpgid(0, 0) = 0 [pid 5766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5766] write(3, "1000", 4) = 4 [pid 5766] close(3) = 0 [pid 5766] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5766] write(1, "executing program\n", 18) = 18 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5766] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5767 attached [pid 5767] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5766] <... clone3 resumed> => {parent_tid=[5767]}, 88) = 5767 [pid 5767] <... rseq resumed>) = 0 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], [pid 5767] set_robust_list(0x7fa6efdd29a0, 24 [pid 5766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5767] <... set_robust_list resumed>) = 0 [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] rt_sigprocmask(SIG_SETMASK, [], [pid 5766] <... futex resumed>) = 0 [pid 5767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5767] memfd_create("syzkaller", 0 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5767] <... memfd_create resumed>) = 3 [pid 5767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5767] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5767] close(3) = 0 [pid 5767] close(4) = 0 [pid 5767] mkdir("./file0", 0777) = 0 [ 92.478031][ T5767] loop0: detected capacity change from 0 to 32768 [ 92.511521][ T5767] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5767) [pid 5767] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 92.536034][ T5767] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 92.546740][ T5767] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 92.555487][ T5767] BTRFS info (device loop0): using free-space-tree [pid 5767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5767] ioctl(4, LOOP_CLR_FD) = 0 [pid 5767] close(4) = 0 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... openat resumed>) = 4 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = 1 [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] memfd_create("syzkaller", 0 [pid 5766] <... futex resumed>) = 0 [pid 5767] <... memfd_create resumed>) = 5 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5767] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5767] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5767] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5767] ioctl(6, LOOP_CLR_FD) = 0 [pid 5767] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5767] close(6) = 0 [pid 5767] close(5) = 0 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = 1 [pid 5767] pread64(4, [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] <... futex resumed>) = 0 [pid 5767] mkdir("./file1", 000 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... mkdir resumed>) = 0 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... futex resumed>) = 1 [pid 5767] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5766] <... futex resumed>) = 0 [pid 5767] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] <... futex resumed>) = 0 [pid 5767] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = 1 [pid 5767] openat(AT_FDCWD, ".", O_RDONLY [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... openat resumed>) = 5 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] chdir("./file0" [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... chdir resumed>) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] openat(AT_FDCWD, ".", O_RDONLY [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... openat resumed>) = 6 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... openat resumed>) = 7 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5766] <... futex resumed>) = 0 [pid 5766] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5766] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5766] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5787 attached [pid 5787] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5766] <... clone3 resumed> => {parent_tid=[5787]}, 88) = 5787 [pid 5787] <... rseq resumed>) = 0 [pid 5787] set_robust_list(0x7fa6efdb19a0, 24 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5787] <... set_robust_list resumed>) = 0 [pid 5766] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5787] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5766] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... ioctl resumed>) = 0 [pid 5787] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5787] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = 0 [pid 5767] <... write resumed>) = 9740288 [pid 5767] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] exit_group(0 [pid 5787] <... futex resumed>) = ? [pid 5767] <... futex resumed>) = ? [pid 5766] <... exit_group resumed>) = ? [pid 5787] +++ exited with 0 +++ [pid 5767] +++ exited with 0 +++ [pid 5766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5766, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 92.786369][ T5767] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 93.208213][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5788 attached , child_tidptr=0x5555626bb690) = 5788 [pid 5788] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5788] chdir("./27") = 0 [pid 5788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5788] setpgid(0, 0) = 0 [pid 5788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5788] write(3, "1000", 4) = 4 [pid 5788] close(3) = 0 [pid 5788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5788] write(1, "executing program\n", 18executing program ) = 18 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5788] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5789 attached [pid 5789] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5788] <... clone3 resumed> => {parent_tid=[5789]}, 88) = 5789 [pid 5789] <... rseq resumed>) = 0 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] set_robust_list(0x7fa6efdd29a0, 24 [pid 5788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] <... set_robust_list resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5789] memfd_create("syzkaller", 0) = 3 [pid 5789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5789] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5789] close(3) = 0 [pid 5789] close(4) = 0 [pid 5789] mkdir("./file0", 0777) = 0 [ 93.762128][ T5789] loop0: detected capacity change from 0 to 32768 [ 93.793141][ T5789] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5789) [pid 5789] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 93.813897][ T5789] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 93.826426][ T5789] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 93.835629][ T5789] BTRFS info (device loop0): using free-space-tree [pid 5789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5789] ioctl(4, LOOP_CLR_FD) = 0 [pid 5789] close(4) = 0 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5788] <... futex resumed>) = 1 [pid 5789] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... openat resumed>) = 4 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5788] <... futex resumed>) = 0 [pid 5789] memfd_create("syzkaller", 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5789] <... memfd_create resumed>) = 5 [pid 5789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5789] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5789] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5789] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5789] ioctl(6, LOOP_CLR_FD) = 0 [pid 5789] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5789] close(6) = 0 [pid 5789] close(5) = 0 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5788] <... futex resumed>) = 0 [pid 5789] pread64(4, [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5788] <... futex resumed>) = 0 [pid 5789] mkdir("./file1", 000 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... mkdir resumed>) = 0 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... futex resumed>) = 1 [pid 5789] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... futex resumed>) = 1 [pid 5789] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... futex resumed>) = 1 [pid 5789] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... futex resumed>) = 1 [pid 5789] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] chdir("./file0" [pid 5788] <... futex resumed>) = 0 [pid 5789] <... chdir resumed>) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] openat(AT_FDCWD, ".", O_RDONLY [pid 5788] <... futex resumed>) = 0 [pid 5789] <... openat resumed>) = 6 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5789] <... futex resumed>) = 1 [pid 5789] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5788] <... futex resumed>) = 0 [pid 5789] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5788] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5788] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5788] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5808 attached [pid 5808] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5788] <... clone3 resumed> => {parent_tid=[5808]}, 88) = 5808 [pid 5808] <... rseq resumed>) = 0 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5808] set_robust_list(0x7fa6efdb19a0, 24 [pid 5788] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... set_robust_list resumed>) = 0 [pid 5788] <... futex resumed>) = 0 [pid 5808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5788] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5788] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5808] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5808] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... write resumed>) = 9740288 [pid 5789] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5788] exit_group(0 [pid 5808] <... futex resumed>) = ? [pid 5808] +++ exited with 0 +++ [pid 5788] <... exit_group resumed>) = ? [pid 5789] <... futex resumed>) = ? [pid 5789] +++ exited with 0 +++ [pid 5788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5788, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 93.986008][ T5789] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 94.448898][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5809 ./strace-static-x86_64: Process 5809 attached [pid 5809] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5809] chdir("./28") = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5809] write(1, "executing program\n", 18) = 18 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5809] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5810 attached [pid 5810] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5809] <... clone3 resumed> => {parent_tid=[5810]}, 88) = 5810 [pid 5810] <... rseq resumed>) = 0 [pid 5810] set_robust_list(0x7fa6efdd29a0, 24 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] <... set_robust_list resumed>) = 0 [pid 5809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5809] <... futex resumed>) = 0 [pid 5810] memfd_create("syzkaller", 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5810] <... memfd_create resumed>) = 3 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5810] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5810] close(3) = 0 [pid 5810] close(4) = 0 [pid 5810] mkdir("./file0", 0777) = 0 [ 94.965834][ T5810] loop0: detected capacity change from 0 to 32768 [ 94.997213][ T5810] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5810) [pid 5810] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 95.016030][ T5810] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 95.028054][ T5810] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 95.037332][ T5810] BTRFS info (device loop0): using free-space-tree [pid 5810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5810] ioctl(4, LOOP_CLR_FD) = 0 [pid 5810] close(4) = 0 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5809] <... futex resumed>) = 0 [pid 5810] <... openat resumed>) = 4 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5810] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5809] <... futex resumed>) = 0 [pid 5810] memfd_create("syzkaller", 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5810] <... memfd_create resumed>) = 5 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5810] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5810] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5810] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5810] ioctl(6, LOOP_CLR_FD) = 0 [pid 5810] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5810] close(6) = 0 [pid 5810] close(5) = 0 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... futex resumed>) = 1 [pid 5810] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... futex resumed>) = 1 [pid 5810] mkdir("./file1", 000) = 0 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... futex resumed>) = 1 [pid 5810] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... futex resumed>) = 1 [pid 5810] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] mkdir("./file1", 000 [pid 5809] <... futex resumed>) = 0 [pid 5810] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5809] <... futex resumed>) = 0 [pid 5810] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5810] openat(AT_FDCWD, ".", O_RDONLY [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... openat resumed>) = 5 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... futex resumed>) = 1 [pid 5810] chdir("./file0") = 0 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5810] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5809] <... futex resumed>) = 0 [pid 5810] openat(AT_FDCWD, ".", O_RDONLY [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... openat resumed>) = 6 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] <... futex resumed>) = 1 [pid 5810] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5810] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5809] <... futex resumed>) = 0 [pid 5809] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5809] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5809] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0} => {parent_tid=[5830]}, 88) = 5830 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5809] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5830 attached [pid 5830] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5830] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5809] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5830] <... ioctl resumed>) = 0 [pid 5830] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... write resumed>) = 9740288 [pid 5810] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] exit_group(0 [pid 5830] <... futex resumed>) = ? [pid 5809] <... exit_group resumed>) = ? [pid 5830] +++ exited with 0 +++ [pid 5810] <... futex resumed>) = ? [pid 5810] +++ exited with 0 +++ [pid 5809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 95.244509][ T5810] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 95.740750][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached [pid 5832] set_robust_list(0x5555626bb6a0, 24 [pid 5215] <... clone resumed>, child_tidptr=0x5555626bb690) = 5832 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5832] chdir("./29") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5832] write(1, "executing program\n", 18) = 18 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5832] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5832] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] set_robust_list(0x7fa6efdd29a0, 24 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] memfd_create("syzkaller", 0 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... memfd_create resumed>) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file0", 0777) = 0 [ 96.265739][ T5833] loop0: detected capacity change from 0 to 32768 [pid 5833] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 96.303751][ T5833] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5833) [ 96.323071][ T5833] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 96.334177][ T5833] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 96.343827][ T5833] BTRFS info (device loop0): using free-space-tree [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_CLR_FD) = 0 [pid 5833] close(4) = 0 [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5832] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] memfd_create("syzkaller", 0 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] <... memfd_create resumed>) = 5 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5833] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5833] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5833] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5833] ioctl(6, LOOP_CLR_FD) = 0 [pid 5833] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5833] close(6) = 0 [pid 5833] close(5) = 0 [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5833] pread64(4, [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] mkdir("./file1", 000 [pid 5832] <... futex resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5833] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5833] mkdir("./file1", 000 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] openat(AT_FDCWD, ".", O_RDONLY [pid 5832] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 5 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] chdir("./file0" [pid 5832] <... futex resumed>) = 0 [pid 5833] <... chdir resumed>) = 0 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, ".", O_RDONLY [pid 5832] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 6 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5833] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 7 [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = 0 [pid 5832] <... futex resumed>) = 1 [pid 5833] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5832] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5832] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5832] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5852 attached => {parent_tid=[5852]}, 88) = 5852 [pid 5852] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5852] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5832] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... ioctl resumed>) = 0 [pid 5852] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... futex resumed>) = 0 [pid 5833] <... write resumed>) = 9740288 [pid 5833] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] exit_group(0) = ? [pid 5852] <... futex resumed>) = ? [pid 5852] +++ exited with 0 +++ [pid 5833] <... futex resumed>) = ? [pid 5833] +++ exited with 0 +++ [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 96.526416][ T5833] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 96.943427][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached [pid 5856] set_robust_list(0x5555626bb6a0, 24 [pid 5215] <... clone resumed>, child_tidptr=0x5555626bb690) = 5856 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] chdir("./30") = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] write(1, "executing program\n", 18executing program ) = 18 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5856] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5856] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5857 attached [pid 5857] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5856] <... clone3 resumed> => {parent_tid=[5857]}, 88) = 5857 [pid 5857] <... rseq resumed>) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] set_robust_list(0x7fa6efdd29a0, 24 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5857] memfd_create("syzkaller", 0) = 3 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5857] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5857] close(3) = 0 [pid 5857] close(4) = 0 [pid 5857] mkdir("./file0", 0777) = 0 [ 97.448215][ T5857] loop0: detected capacity change from 0 to 32768 [ 97.488441][ T5857] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5857) [ 97.507943][ T5857] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 97.521374][ T5857] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 97.530252][ T5857] BTRFS info (device loop0): using free-space-tree [pid 5857] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_CLR_FD) = 0 [pid 5857] close(4) = 0 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5857] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... openat resumed>) = 4 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5857] memfd_create("syzkaller", 0) = 5 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5857] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5857] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5857] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5857] ioctl(6, LOOP_CLR_FD) = 0 [pid 5857] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5857] close(6) = 0 [pid 5857] close(5) = 0 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] pread64(4, [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] mkdir("./file1", 000 [pid 5856] <... futex resumed>) = 0 [pid 5857] <... mkdir resumed>) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5857] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] mkdir("./file1", 000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5857] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5856] <... futex resumed>) = 0 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... futex resumed>) = 1 [pid 5857] chdir("./file0") = 0 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] openat(AT_FDCWD, ".", O_RDONLY [pid 5856] <... futex resumed>) = 0 [pid 5857] <... openat resumed>) = 6 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5857] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] <... futex resumed>) = 0 [pid 5857] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... openat resumed>) = 7 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5857] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5856] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5856] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5856] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5856] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5876 attached [pid 5876] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5856] <... clone3 resumed> => {parent_tid=[5876]}, 88) = 5876 [pid 5876] <... rseq resumed>) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5856] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5876] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... write resumed>) = 9740288 [pid 5857] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] exit_group(0 [pid 5876] <... futex resumed>) = ? [pid 5856] <... exit_group resumed>) = ? [pid 5876] +++ exited with 0 +++ [pid 5857] <... futex resumed>) = ? [pid 5857] +++ exited with 0 +++ [pid 5856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 97.744211][ T5857] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 98.148677][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5877 attached , child_tidptr=0x5555626bb690) = 5877 [pid 5877] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5877] chdir("./31") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] write(1, "executing program\n", 18executing program ) = 18 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5877] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5879 attached [pid 5879] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5877] <... clone3 resumed> => {parent_tid=[5879]}, 88) = 5879 [pid 5879] set_robust_list(0x7fa6efdd29a0, 24 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] <... set_robust_list resumed>) = 0 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5879] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [ 98.659306][ T5879] loop0: detected capacity change from 0 to 32768 [ 98.689173][ T5879] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5879) [pid 5879] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 98.715122][ T5879] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.725506][ T5879] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 98.734163][ T5879] BTRFS info (device loop0): using free-space-tree [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_CLR_FD) = 0 [pid 5879] close(4) = 0 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] memfd_create("syzkaller", 0 [pid 5877] <... futex resumed>) = 0 [pid 5879] <... memfd_create resumed>) = 5 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5879] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5879] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5879] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5879] ioctl(6, LOOP_CLR_FD) = 0 [pid 5879] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5879] close(6) = 0 [pid 5879] close(5) = 0 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] pread64(4, [pid 5877] <... futex resumed>) = 0 [pid 5879] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] mkdir("./file1", 000 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... mkdir resumed>) = 0 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... futex resumed>) = 1 [pid 5879] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5879] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5877] <... futex resumed>) = 0 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5879] mkdir("./file1", 000 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... futex resumed>) = 1 [pid 5879] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... futex resumed>) = 1 [pid 5879] chdir("./file0") = 0 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] openat(AT_FDCWD, ".", O_RDONLY [pid 5877] <... futex resumed>) = 0 [pid 5879] <... openat resumed>) = 6 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5879] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... openat resumed>) = 7 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5877] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5877] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5877] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5898 attached => {parent_tid=[5898]}, 88) = 5898 [pid 5898] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] set_robust_list(0x7fa6efdb19a0, 24 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5877] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... futex resumed>) = 0 [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5877] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... ioctl resumed>) = 0 [pid 5877] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5898] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] <... write resumed>) = 9740288 [pid 5879] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] exit_group(0 [pid 5898] <... futex resumed>) = ? [pid 5879] <... futex resumed>) = ? [pid 5877] <... exit_group resumed>) = ? [pid 5898] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 98.919266][ T5879] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 99.340266][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached [pid 5899] set_robust_list(0x5555626bb6a0, 24 [pid 5215] <... clone resumed>, child_tidptr=0x5555626bb690) = 5899 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5899] chdir("./32") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5899] write(1, "executing program\n", 18executing program ) = 18 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5899] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5899] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5900 attached => {parent_tid=[5900]}, 88) = 5900 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5900] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] set_robust_list(0x7fa6efdd29a0, 24 [pid 5899] <... futex resumed>) = 0 [pid 5900] <... set_robust_list resumed>) = 0 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5900] memfd_create("syzkaller", 0) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5900] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5900] close(3) = 0 [pid 5900] close(4) = 0 [pid 5900] mkdir("./file0", 0777) = 0 [ 99.860848][ T5900] loop0: detected capacity change from 0 to 32768 [ 99.881387][ T5900] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5900) [ 99.900438][ T5900] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 5900] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5900] ioctl(4, LOOP_CLR_FD) = 0 [ 99.914128][ T5900] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 99.923118][ T5900] BTRFS info (device loop0): using free-space-tree [pid 5900] close(4) = 0 [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5900] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] memfd_create("syzkaller", 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... memfd_create resumed>) = 5 [pid 5899] <... futex resumed>) = 0 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5900] <... mmap resumed>) = 0x7fa6e7800000 [pid 5900] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5900] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5900] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5900] ioctl(6, LOOP_CLR_FD) = 0 [pid 5900] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5900] close(6) = 0 [pid 5900] close(5) = 0 [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] pread64(4, [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] mkdir("./file1", 000 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... mkdir resumed>) = 0 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5900] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5900] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5899] <... futex resumed>) = 0 [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5900] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5899] <... futex resumed>) = 0 [pid 5900] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5900] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5900] chdir("./file0" [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... chdir resumed>) = 0 [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] openat(AT_FDCWD, ".", O_RDONLY [pid 5899] <... futex resumed>) = 0 [pid 5900] <... openat resumed>) = 6 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... openat resumed>) = 7 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] <... futex resumed>) = 0 [pid 5899] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5899] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5899] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5899] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5919 attached [pid 5919] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5899] <... clone3 resumed> => {parent_tid=[5919]}, 88) = 5919 [pid 5919] <... rseq resumed>) = 0 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] set_robust_list(0x7fa6efdb19a0, 24 [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5899] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5919] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5919] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] <... write resumed>) = 9740288 [pid 5900] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] exit_group(0) = ? [pid 5919] <... futex resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5900] <... futex resumed>) = ? [pid 5900] +++ exited with 0 +++ [pid 5899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 100.070664][ T5900] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 100.511308][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5920 ./strace-static-x86_64: Process 5920 attached [pid 5920] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5920] chdir("./33") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5920] write(1, "executing program\n", 18executing program ) = 18 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5920] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5921 attached => {parent_tid=[5921]}, 88) = 5921 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5921] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./file0", 0777) = 0 [ 101.019219][ T5921] loop0: detected capacity change from 0 to 32768 [ 101.029577][ T5921] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5921) [ 101.048378][ T5921] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 101.060570][ T5921] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5921] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 101.069755][ T5921] BTRFS info (device loop0): using free-space-tree [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_CLR_FD) = 0 [pid 5921] close(4) = 0 [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] memfd_create("syzkaller", 0 [pid 5920] <... futex resumed>) = 0 [pid 5921] <... memfd_create resumed>) = 5 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5921] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5921] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5921] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5921] ioctl(6, LOOP_CLR_FD) = 0 [pid 5921] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5921] close(6) = 0 [pid 5921] close(5) = 0 [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = 1 [pid 5921] pread64(4, [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] mkdir("./file1", 000 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... mkdir resumed>) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 1 [pid 5921] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 1 [pid 5921] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 1 [pid 5921] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 1 [pid 5921] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] chdir("./file0" [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... chdir resumed>) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] openat(AT_FDCWD, ".", O_RDONLY [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... openat resumed>) = 6 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 7 [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5920] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5920] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5920] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5941 attached [pid 5941] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5941] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 5920] <... clone3 resumed> => {parent_tid=[5941]}, 88) = 5941 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5941] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5920] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... ioctl resumed>) = 0 [pid 5920] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] <... write resumed>) = 9740288 [pid 5921] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] exit_group(0 [pid 5941] <... futex resumed>) = ? [pid 5921] <... futex resumed>) = ? [pid 5920] <... exit_group resumed>) = ? [pid 5941] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ [pid 5920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 101.280603][ T5921] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 101.750113][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached , child_tidptr=0x5555626bb690) = 5942 [pid 5942] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5942] chdir("./34") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5942] write(1, "executing program\n", 18executing program ) = 18 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5942] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5943 attached [pid 5943] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5943] <... rseq resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] set_robust_list(0x7fa6efdd29a0, 24 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5942] <... futex resumed>) = 0 [pid 5943] memfd_create("syzkaller", 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... memfd_create resumed>) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5943] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./file0", 0777) = 0 [ 102.252628][ T5943] loop0: detected capacity change from 0 to 32768 [ 102.282065][ T5943] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5943) [pid 5943] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 102.301986][ T5943] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 102.313118][ T5943] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 102.322332][ T5943] BTRFS info (device loop0): using free-space-tree [pid 5943] ioctl(4, LOOP_CLR_FD) = 0 [pid 5943] close(4) = 0 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5943] memfd_create("syzkaller", 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... memfd_create resumed>) = 5 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5943] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5943] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5943] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5943] ioctl(6, LOOP_CLR_FD) = 0 [pid 5943] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5943] close(6) = 0 [pid 5943] close(5) = 0 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] pread64(4, [pid 5942] <... futex resumed>) = 0 [pid 5943] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] mkdir("./file1", 000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... mkdir resumed>) = 0 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] mkdir("./file1", 000 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5943] openat(AT_FDCWD, ".", O_RDONLY [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... openat resumed>) = 5 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5943] chdir("./file0" [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... chdir resumed>) = 0 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5943] openat(AT_FDCWD, ".", O_RDONLY [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... openat resumed>) = 6 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5942] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5942] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5962 attached => {parent_tid=[5962]}, 88) = 5962 [pid 5962] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] <... rseq resumed>) = 0 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] set_robust_list(0x7fa6efdb19a0, 24 [pid 5942] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... set_robust_list resumed>) = 0 [pid 5942] <... futex resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5962] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... write resumed>) = 9740288 [pid 5943] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] exit_group(0 [pid 5962] <... futex resumed>) = ? [pid 5942] <... exit_group resumed>) = ? [pid 5962] +++ exited with 0 +++ [pid 5943] <... futex resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 102.519833][ T5943] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 102.917954][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5963 ./strace-static-x86_64: Process 5963 attached [pid 5963] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5963] chdir("./35") = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5963] write(3, "1000", 4) = 4 [pid 5963] close(3) = 0 [pid 5963] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5963] write(1, "executing program\n", 18) = 18 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5963] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5964 attached [pid 5964] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5963] <... clone3 resumed> => {parent_tid=[5964]}, 88) = 5964 [pid 5964] set_robust_list(0x7fa6efdd29a0, 24 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] <... set_robust_list resumed>) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] memfd_create("syzkaller", 0 [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] <... memfd_create resumed>) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5964] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5964] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5964] close(3) = 0 [pid 5964] close(4) = 0 [pid 5964] mkdir("./file0", 0777) = 0 [ 103.458801][ T5964] loop0: detected capacity change from 0 to 32768 [ 103.499630][ T5964] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5964) [ 103.530596][ T5964] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 103.541528][ T5964] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5964] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5964] ioctl(4, LOOP_CLR_FD) = 0 [ 103.550249][ T5964] BTRFS info (device loop0): using free-space-tree [pid 5964] close(4) = 0 [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5964] <... futex resumed>) = 1 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5963] <... futex resumed>) = 0 [pid 5964] <... openat resumed>) = 4 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] memfd_create("syzkaller", 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... memfd_create resumed>) = 5 [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5964] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5964] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5964] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5964] ioctl(6, LOOP_CLR_FD) = 0 [pid 5964] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5964] close(6) = 0 [pid 5964] close(5) = 0 [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = 1 [pid 5964] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5963] <... futex resumed>) = 0 [pid 5964] mkdir("./file1", 000) = 0 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546 [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = 1 [pid 5964] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5963] <... futex resumed>) = 0 [pid 5964] mkdir("./file1", 000 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5963] <... futex resumed>) = 0 [pid 5964] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] openat(AT_FDCWD, ".", O_RDONLY [pid 5963] <... futex resumed>) = 0 [pid 5964] <... openat resumed>) = 5 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] chdir("./file0" [pid 5963] <... futex resumed>) = 0 [pid 5964] <... chdir resumed>) = 0 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5963] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5963] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5963] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5963] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 5983 attached [pid 5983] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 5963] <... clone3 resumed> => {parent_tid=[5983]}, 88) = 5983 [pid 5983] <... rseq resumed>) = 0 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5983] set_robust_list(0x7fa6efdb19a0, 24 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5963] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5963] <... futex resumed>) = 0 [pid 5983] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5963] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... ioctl resumed>) = 0 [pid 5983] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] <... futex resumed>) = 0 [pid 5964] <... write resumed>) = 9740288 [pid 5964] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] exit_group(0 [pid 5983] <... futex resumed>) = ? [pid 5963] <... exit_group resumed>) = ? [pid 5964] <... futex resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ [pid 5963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 103.688867][ T5964] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 104.113045][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 5984 ./strace-static-x86_64: Process 5984 attached [pid 5984] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 5984] chdir("./36") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] write(1, "executing program\n", 18executing program ) = 18 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 5984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 5984] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 5985 attached [pid 5985] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 5984] <... clone3 resumed> => {parent_tid=[5985]}, 88) = 5985 [pid 5985] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] memfd_create("syzkaller", 0 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5985] <... memfd_create resumed>) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5985] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] close(4) = 0 [pid 5985] mkdir("./file0", 0777) = 0 [ 104.594777][ T5985] loop0: detected capacity change from 0 to 32768 [ 104.616120][ T5985] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (5985) [ 104.637060][ T5985] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 104.647733][ T5985] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 104.656583][ T5985] BTRFS info (device loop0): using free-space-tree [pid 5985] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_CLR_FD) = 0 [pid 5985] close(4) = 0 [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... openat resumed>) = 4 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] memfd_create("syzkaller", 0) = 5 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 5985] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5985] munmap(0x7fa6e7800000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5985] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5985] ioctl(6, LOOP_CLR_FD) = 0 [pid 5985] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5985] close(6) = 0 [pid 5985] close(5) = 0 [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] pread64(4, [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] mkdir("./file1", 000 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] <... mkdir resumed>) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 5985] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5985] mkdir("./file1", 000 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5985] <... futex resumed>) = 1 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5984] <... futex resumed>) = 0 [pid 5985] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] <... futex resumed>) = 0 [pid 5985] openat(AT_FDCWD, ".", O_RDONLY [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... openat resumed>) = 5 [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 5985] chdir("./file0" [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... chdir resumed>) = 0 [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] openat(AT_FDCWD, ".", O_RDONLY [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... openat resumed>) = 6 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 5985] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 5984] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5984] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 5984] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 6004 attached [pid 6004] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 5984] <... clone3 resumed> => {parent_tid=[6004]}, 88) = 6004 [pid 6004] set_robust_list(0x7fa6efdb19a0, 24 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] <... set_robust_list resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] <... ioctl resumed>) = 0 [pid 6004] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5985] <... write resumed>) = 9740288 [pid 5985] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] exit_group(0 [pid 6004] <... futex resumed>) = ? [pid 5985] <... futex resumed>) = ? [pid 5984] <... exit_group resumed>) = ? [pid 6004] +++ exited with 0 +++ [pid 5985] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 104.806465][ T5985] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 105.248943][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached [pid 6005] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 6005] chdir("./37" [pid 5215] <... clone resumed>, child_tidptr=0x5555626bb690) = 6005 [pid 6005] <... chdir resumed>) = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] write(1, "executing program\n", 18executing program ) = 18 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 6005] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 6005] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 6006 attached [pid 6006] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 6005] <... clone3 resumed> => {parent_tid=[6006]}, 88) = 6006 [pid 6006] <... rseq resumed>) = 0 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] set_robust_list(0x7fa6efdd29a0, 24 [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] <... set_robust_list resumed>) = 0 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] <... futex resumed>) = 0 [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] memfd_create("syzkaller", 0 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6006] <... memfd_create resumed>) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6006] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] close(4) = 0 [pid 6006] mkdir("./file0", 0777) = 0 [ 105.727097][ T6006] loop0: detected capacity change from 0 to 32768 [ 105.748657][ T6006] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (6006) [pid 6006] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 105.772899][ T6006] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 105.783532][ T6006] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 105.792888][ T6006] BTRFS info (device loop0): using free-space-tree [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_CLR_FD) = 0 [pid 6006] close(4) = 0 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... openat resumed>) = 4 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] memfd_create("syzkaller", 0 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... memfd_create resumed>) = 5 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6006] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6006] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6006] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6006] ioctl(6, LOOP_CLR_FD) = 0 [pid 6006] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6006] close(6) = 0 [pid 6006] close(5) = 0 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6006] pread64(4, [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] mkdir("./file1", 000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... mkdir resumed>) = 0 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6006] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6006] mkdir("./file1", 000 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6006] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6006] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6006] <... futex resumed>) = 0 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] chdir("./file0" [pid 6005] <... futex resumed>) = 0 [pid 6006] <... chdir resumed>) = 0 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6006] <... futex resumed>) = 0 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... openat resumed>) = 7 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 1 [pid 6006] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 6005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6005] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6005] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 6005] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 6025 attached [pid 6025] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 6005] <... clone3 resumed> => {parent_tid=[6025]}, 88) = 6025 [pid 6025] <... rseq resumed>) = 0 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6025] set_robust_list(0x7fa6efdb19a0, 24 [pid 6005] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6005] <... futex resumed>) = 0 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6005] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6025] <... ioctl resumed>) = 0 [pid 6025] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] exit_group(0 [pid 6025] <... futex resumed>) = ? [pid 6005] <... exit_group resumed>) = ? [pid 6025] +++ exited with 0 +++ [pid 6006] <... write resumed>) = ? [pid 6006] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 105.933552][ T6006] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 106.517352][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 6026] chdir("./38") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6026] write(1, "executing program\n", 18) = 18 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 6026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 6026] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 6027 attached [pid 6027] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 6026] <... clone3 resumed> => {parent_tid=[6027]}, 88) = 6027 [pid 6027] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], [pid 6027] rt_sigprocmask(SIG_SETMASK, [], [pid 6026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] memfd_create("syzkaller", 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] <... memfd_create resumed>) = 3 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6027] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] close(4) = 0 [pid 6027] mkdir("./file0", 0777) = 0 [ 107.045765][ T6027] loop0: detected capacity change from 0 to 32768 [ 107.076705][ T6027] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (6027) [pid 6027] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_CLR_FD) = 0 [ 107.104387][ T6027] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 107.114731][ T6027] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 107.123405][ T6027] BTRFS info (device loop0): using free-space-tree [pid 6027] close(4) = 0 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... openat resumed>) = 4 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] memfd_create("syzkaller", 0 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6027] <... memfd_create resumed>) = 5 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6027] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6027] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6027] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6027] ioctl(6, LOOP_CLR_FD) = 0 [pid 6027] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6027] close(6) = 0 [pid 6027] close(5) = 0 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] mkdir("./file1", 000 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... mkdir resumed>) = 0 [pid 6026] <... futex resumed>) = 0 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6027] <... futex resumed>) = 1 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288) = -1 EINVAL (Invalid argument) [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] mkdir("./file1", 000) = -1 EEXIST (File exists) [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 6027] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] chdir("./file0") = 0 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 6026] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6026] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 6026] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 6047 attached => {parent_tid=[6047]}, 88) = 6047 [pid 6047] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6026] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... rseq resumed>) = 0 [pid 6047] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 6047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6047] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 6047] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] <... write resumed>) = 9740288 [pid 6027] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] exit_group(0) = ? [pid 6027] <... futex resumed>) = ? [pid 6027] +++ exited with 0 +++ [pid 6047] <... futex resumed>) = ? [pid 6047] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 107.354977][ T6027] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 107.768970][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6048 attached , child_tidptr=0x5555626bb690) = 6048 [pid 6048] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 6048] chdir("./39") = 0 [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6048] setpgid(0, 0) = 0 [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6048] write(3, "1000", 4) = 4 [pid 6048] close(3) = 0 [pid 6048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6048] write(1, "executing program\n", 18executing program ) = 18 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 6048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 6048] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 6049 attached [pid 6049] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053 [pid 6048] <... clone3 resumed> => {parent_tid=[6049]}, 88) = 6049 [pid 6049] <... rseq resumed>) = 0 [pid 6048] rt_sigprocmask(SIG_SETMASK, [], [pid 6049] set_robust_list(0x7fa6efdd29a0, 24 [pid 6048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6049] <... set_robust_list resumed>) = 0 [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6049] memfd_create("syzkaller", 0) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6049] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6049] close(3) = 0 [pid 6049] close(4) = 0 [pid 6049] mkdir("./file0", 0777) = 0 [ 108.305173][ T6049] loop0: detected capacity change from 0 to 32768 [ 108.342242][ T6049] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (6049) [pid 6049] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6049] ioctl(4, LOOP_CLR_FD) = 0 [pid 6049] close(4) = 0 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] <... futex resumed>) = 0 [pid 6049] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... openat resumed>) = 4 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6049] <... futex resumed>) = 1 [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6049] memfd_create("syzkaller", 0) = 5 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6049] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6049] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6049] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6049] ioctl(6, LOOP_CLR_FD) = 0 [ 108.363328][ T6049] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 108.374263][ T6049] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 108.383532][ T6049] BTRFS info (device loop0): using free-space-tree [pid 6049] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6049] close(6) = 0 [pid 6049] close(5) = 0 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] pread64(4, "ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] mkdir("./file1", 000) = 0 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"... [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] <... futex resumed>) = 0 [pid 6049] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] mkdir("./file1", 000 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = 1 [pid 6049] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6049] <... futex resumed>) = 1 [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] openat(AT_FDCWD, ".", O_RDONLY [pid 6048] <... futex resumed>) = 0 [pid 6049] <... openat resumed>) = 5 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] chdir("./file0" [pid 6048] <... futex resumed>) = 0 [pid 6049] <... chdir resumed>) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = 1 [pid 6049] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] <... futex resumed>) = 0 [pid 6049] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... openat resumed>) = 7 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6049] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6048] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 6048] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 6068 attached [pid 6068] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053) = 0 [pid 6048] <... clone3 resumed> => {parent_tid=[6068]}, 88) = 6068 [pid 6068] set_robust_list(0x7fa6efdb19a0, 24) = 0 [pid 6048] rt_sigprocmask(SIG_SETMASK, [], [pid 6068] rt_sigprocmask(SIG_SETMASK, [], [pid 6048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6048] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... ioctl resumed>) = 0 [pid 6068] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] <... write resumed>) = 9740288 [pid 6049] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] exit_group(0 [pid 6068] <... futex resumed>) = ? [pid 6049] <... futex resumed>) = ? [pid 6048] <... exit_group resumed>) = ? [pid 6068] +++ exited with 0 +++ [pid 6049] +++ exited with 0 +++ [pid 6048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 108.507565][ T6049] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 108.950265][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555626c4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555626c4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x5555626bc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555626bb690) = 6069 ./strace-static-x86_64: Process 6069 attached [pid 6069] set_robust_list(0x5555626bb6a0, 24) = 0 [pid 6069] chdir("./40") = 0 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6069] setpgid(0, 0) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] write(3, "1000", 4) = 4 [pid 6069] close(3) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6069] write(1, "executing program\n", 18executing program ) = 18 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] rt_sigaction(SIGRT_1, {sa_handler=0x7fa6efe43470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6efe34620}, NULL, 8) = 0 [pid 6069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efdb2000 [pid 6069] mprotect(0x7fa6efdb3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdd2990, parent_tid=0x7fa6efdd2990, exit_signal=0, stack=0x7fa6efdb2000, stack_size=0x20300, tls=0x7fa6efdd26c0}./strace-static-x86_64: Process 6070 attached [pid 6070] rseq(0x7fa6efdd2fe0, 0x20, 0, 0x53053053) = 0 [pid 6070] set_robust_list(0x7fa6efdd29a0, 24) = 0 [pid 6070] rt_sigprocmask(SIG_SETMASK, [], [pid 6069] <... clone3 resumed> => {parent_tid=[6070]}, 88) = 6070 [pid 6070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6070] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 0 [pid 6070] memfd_create("syzkaller", 0 [pid 6069] <... futex resumed>) = 1 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6070] <... memfd_create resumed>) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6070] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6070] close(3) = 0 [pid 6070] close(4) = 0 [pid 6070] mkdir("./file0", 0777) = 0 [ 109.416161][ T6070] loop0: detected capacity change from 0 to 32768 [ 109.444511][ T6070] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor250 (6070) [pid 6070] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 109.461525][ T6070] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 109.476529][ T6070] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 109.485951][ T6070] BTRFS info (device loop0): using free-space-tree [pid 6070] ioctl(4, LOOP_CLR_FD) = 0 [pid 6070] close(4) = 0 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 0 [pid 6069] <... futex resumed>) = 1 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] openat(AT_FDCWD, "/proc/self/mounts", O_RDWR) = 4 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] memfd_create("syzkaller", 0 [pid 6069] <... futex resumed>) = 0 [pid 6070] <... memfd_create resumed>) = 5 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7800000 [pid 6070] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6070] munmap(0x7fa6e7800000, 138412032) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6070] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6070] ioctl(6, LOOP_CLR_FD) = 0 [pid 6070] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6070] close(6) = 0 [pid 6070] close(5) = 0 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] pread64(4, [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... pread64 resumed>"ev/root / ext4 rw,relatime 0 0\ndevtmpfs /dev devtmpfs rw,relatime,size=3375576k,nr_inodes=843894,mod"..., 4096, 2) = 956 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 0 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] mkdir("./file1", 000 [pid 6069] <... futex resumed>) = 0 [pid 6070] <... mkdir resumed>) = 0 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6070] write(-1, "#! ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 65546) = -1 EBADF (Bad file descriptor) [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] mount("/dev/nullb0", "./file0", "reiserfs", 0, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"...) = -1 EINVAL (Invalid argument) [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 0 [pid 6069] <... futex resumed>) = 1 [pid 6070] write(4, "\x06\x00\x00\x00\x18\x01\x00\xfa\x00\x00\x00\x00\xbf\x11\x00\x00\x5e\xde\xe4\x80\x57\x58\xe9\xc3\x27\xb9\x0c\x39\x90\x48\x0f\x7d\x17\x0a\x18\xc8\xef\x96\xea\xfb\x95\xd8\x31\x0b\xcf\x4d\x0a\x54\x50\x87\xb1\x20\x55\xee\x70\xc3\xa0\x7d\xdb\x6a\xea\x37\x23\x5a\x53\xcf\xbb\x4d\xc0\x56\x4a\x4a\xcb\x2d\x60\x10\x99\xd1\xcc\x8d\x0a\x16\x04\x68\xa1\x29\x5a\xc4\xf2\xd9\xb5\x06\x53\x12\x0b\x83\xdb\xe0\xd4\x56"..., 288 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] mkdir("./file1", 000 [pid 6069] <... futex resumed>) = 0 [pid 6070] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 0 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] openat(AT_FDCWD, ".", O_RDONLY [pid 6069] <... futex resumed>) = 0 [pid 6070] <... openat resumed>) = 5 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] chdir("./file0" [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... chdir resumed>) = 0 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] <... futex resumed>) = 0 [pid 6070] openat(AT_FDCWD, ".", O_RDONLY [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... openat resumed>) = 6 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7fa6efeba708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 1 [pid 6070] write(7, "#! \naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 34136651 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7fa6efeba70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6069] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6efd91000 [pid 6069] mprotect(0x7fa6efd92000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa6efdb1990, parent_tid=0x7fa6efdb1990, exit_signal=0, stack=0x7fa6efd91000, stack_size=0x20300, tls=0x7fa6efdb16c0}./strace-static-x86_64: Process 6089 attached => {parent_tid=[6089]}, 88) = 6089 [pid 6089] rseq(0x7fa6efdb1fe0, 0x20, 0, 0x53053053 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6089] <... rseq resumed>) = 0 [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6089] set_robust_list(0x7fa6efdb19a0, 24 [pid 6069] futex(0x7fa6efeba718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... set_robust_list resumed>) = 0 [pid 6069] <... futex resumed>) = 0 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], [pid 6069] futex(0x7fa6efeba71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6089] ioctl(6, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6089] <... ioctl resumed>) = 0 [pid 6089] futex(0x7fa6efeba71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] futex(0x7fa6efeba718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] <... write resumed>) = 11165696 [pid 6070] futex(0x7fa6efeba70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] futex(0x7fa6efeba708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] exit_group(0) = ? [pid 6089] <... futex resumed>) = ? [pid 6070] <... futex resumed>) = ? [pid 6089] +++ exited with 0 +++ [pid 6070] +++ exited with 0 +++ [pid 6069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555626bc730 /* 5 entries */, 32768) = 144 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 109.654759][ T6070] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 110.116174][ T5215] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 110.480315][ T5215] assertion failed: list_empty(&fs_info->delalloc_roots), in fs/btrfs/disk-io.c:4340 [ 110.490102][ T5215] ------------[ cut here ]------------ [ 110.495596][ T5215] kernel BUG at fs/btrfs/disk-io.c:4340! [ 110.501257][ T5215] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 110.508188][ T5215] CPU: 0 UID: 0 PID: 5215 Comm: syz-executor250 Not tainted 6.11.0-rc5-syzkaller-00050-g3ec3f5fc4a91 #0 [ 110.519384][ T5215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 110.529440][ T5215] RIP: 0010:close_ctree+0x915/0xd20 [ 110.534652][ T5215] Code: ff ff 90 0f 0b e8 ab ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 e0 e8 2b 8c 48 c7 c2 20 b9 2b 8c b9 f4 10 00 00 e8 4c 9d ff ff 90 <0f> 0b e8 84 ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 80 04 2c 8c 48 [ 110.554253][ T5215] RSP: 0018:ffffc900033e7a40 EFLAGS: 00010246 [ 110.560302][ T5215] RAX: 0000000000000052 RBX: ffff888011a94f28 RCX: 73826e9590bd3500 [ 110.568365][ T5215] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 110.576320][ T5215] RBP: ffffc900033e7be0 R08: ffffffff817400cc R09: 1ffff9200067cee8 [ 110.584269][ T5215] R10: dffffc0000000000 R11: fffff5200067cee9 R12: ffff888011a94000 [ 110.592224][ T5215] R13: ffff888011a94fa0 R14: 1ffff11002352a72 R15: 0000000000000000 [ 110.600180][ T5215] FS: 00005555626bb3c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 110.609091][ T5215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.615745][ T5215] CR2: 00007ffe606ffb88 CR3: 00000000248fc000 CR4: 00000000003506f0 [ 110.623708][ T5215] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 110.631689][ T5215] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 110.639641][ T5215] Call Trace: [ 110.642905][ T5215] [ 110.645822][ T5215] ? __die_body+0x88/0xe0 [ 110.650145][ T5215] ? die+0xcf/0x110 [ 110.653935][ T5215] ? do_trap+0x15a/0x3a0 [ 110.658158][ T5215] ? close_ctree+0x915/0xd20 [ 110.662747][ T5215] ? do_error_trap+0x1dc/0x2c0 [ 110.667491][ T5215] ? close_ctree+0x915/0xd20 [ 110.672058][ T5215] ? _raw_spin_unlock_irq+0x2e/0x50 [ 110.677242][ T5215] ? __pfx_do_error_trap+0x10/0x10 [ 110.682335][ T5215] ? handle_invalid_op+0x34/0x40 [ 110.687252][ T5215] ? close_ctree+0x915/0xd20 [ 110.691820][ T5215] ? exc_invalid_op+0x38/0x50 [ 110.696476][ T5215] ? asm_exc_invalid_op+0x1a/0x20 [ 110.701476][ T5215] ? __wake_up_klogd+0xcc/0x110 [ 110.706305][ T5215] ? close_ctree+0x915/0xd20 [ 110.710894][ T5215] ? hook_sb_delete+0x846/0xb90 [ 110.715730][ T5215] ? __pfx_close_ctree+0x10/0x10 [ 110.720642][ T5215] ? hook_sb_delete+0x1a3/0xb90 [ 110.725577][ T5215] ? __pfx_fsnotify_sb_delete+0x10/0x10 [ 110.731116][ T5215] ? __pfx_evict_inodes+0x10/0x10 [ 110.736122][ T5215] ? btrfs_attach_transaction_barrier+0x34/0xa0 [ 110.742360][ T5215] ? btrfs_sync_fs+0x1d4/0x700 [ 110.747124][ T5215] ? __pfx_btrfs_put_super+0x10/0x10 [ 110.752399][ T5215] generic_shutdown_super+0x136/0x2d0 [ 110.757766][ T5215] kill_anon_super+0x3b/0x70 [ 110.762342][ T5215] btrfs_kill_super+0x41/0x50 [ 110.767085][ T5215] deactivate_locked_super+0xc4/0x130 [ 110.772456][ T5215] cleanup_mnt+0x41f/0x4b0 [ 110.776864][ T5215] ? lockdep_hardirqs_on+0x99/0x150 [ 110.782051][ T5215] task_work_run+0x24f/0x310 [ 110.786631][ T5215] ? __pfx_task_work_run+0x10/0x10 [ 110.791811][ T5215] ? path_umount+0x284/0xf70 [ 110.796472][ T5215] ptrace_notify+0x2d2/0x380 [ 110.801043][ T5215] ? __pfx_path_umount+0x10/0x10 [ 110.806048][ T5215] ? __pfx_ptrace_notify+0x10/0x10 [ 110.811144][ T5215] ? __x64_sys_umount+0x123/0x170 [ 110.816152][ T5215] ? __pfx___x64_sys_umount+0x10/0x10 [ 110.821602][ T5215] syscall_exit_work+0xc6/0x190 [ 110.826438][ T5215] syscall_exit_to_user_mode+0x279/0x370 [ 110.832063][ T5215] do_syscall_64+0x100/0x230 [ 110.836682][ T5215] ? clear_bhb_loop+0x35/0x90 [ 110.841343][ T5215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.847245][ T5215] RIP: 0033:0x7fa6efe1e2b7 [ 110.851645][ T5215] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 110.871253][ T5215] RSP: 002b:00007ffe60700338 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 110.879665][ T5215] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa6efe1e2b7 [ 110.887617][ T5215] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe607003f0 [ 110.895570][ T5215] RBP: 00007ffe607003f0 R08: 0000000000000000 R09: 0000000000000000 [ 110.903518][ T5215] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffe607014a0 [ 110.911473][ T5215] R13: 00005555626bc700 R14: 431bde82d7b634db R15: 00007ffe60701444 [ 110.919431][ T5215] [ 110.922517][ T5215] Modules linked in: [ 110.926767][ T5215] ---[ end trace 0000000000000000 ]--- [ 110.932236][ T5215] RIP: 0010:close_ctree+0x915/0xd20 [ 110.937882][ T5215] Code: ff ff 90 0f 0b e8 ab ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 e0 e8 2b 8c 48 c7 c2 20 b9 2b 8c b9 f4 10 00 00 e8 4c 9d ff ff 90 <0f> 0b e8 84 ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 80 04 2c 8c 48 [ 110.957531][ T5215] RSP: 0018:ffffc900033e7a40 EFLAGS: 00010246 [ 110.963607][ T5215] RAX: 0000000000000052 RBX: ffff888011a94f28 RCX: 73826e9590bd3500 [ 110.971625][ T5215] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 110.979611][ T5215] RBP: ffffc900033e7be0 R08: ffffffff817400cc R09: 1ffff9200067cee8 [ 110.987599][ T5215] R10: dffffc0000000000 R11: fffff5200067cee9 R12: ffff888011a94000 [ 110.995641][ T5215] R13: ffff888011a94fa0 R14: 1ffff11002352a72 R15: 0000000000000000 [ 111.003595][ T5215] FS: 00005555626bb3c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 111.012553][ T5215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.019155][ T5215] CR2: 00007ffe606ffb88 CR3: 00000000248fc000 CR4: 00000000003506f0 [ 111.027142][ T5215] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 111.035225][ T5215] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 111.043192][ T5215] Kernel panic - not syncing: Fatal exception [ 111.049350][ T5215] Kernel Offset: disabled [ 111.053748][ T5215] Rebooting in 86400 seconds..