./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2657838340 <...> Warning: Permanently added '10.128.0.38' (ED25519) to the list of known hosts. execve("./syz-executor2657838340", ["./syz-executor2657838340"], 0x7ffc715c85d0 /* 10 vars */) = 0 brk(NULL) = 0x555581abb000 brk(0x555581abbd40) = 0x555581abbd40 arch_prctl(ARCH_SET_FS, 0x555581abb3c0) = 0 set_tid_address(0x555581abb690) = 5222 set_robust_list(0x555581abb6a0, 24) = 0 rseq(0x555581abbce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2657838340", 4096) = 28 getrandom("\x3a\x29\xf0\xf3\x66\xd4\xd9\x37", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555581abbd40 brk(0x555581adcd40) = 0x555581adcd40 brk(0x555581add000) = 0x555581add000 mprotect(0x7f4f3b234000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.LDyku5", 0700) = 0 chmod("./syzkaller.LDyku5", 0777) = 0 chdir("./syzkaller.LDyku5") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached , child_tidptr=0x555581abb690) = 5223 [pid 5223] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5223] chdir("./0") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5223] write(1, "executing program\n", 18) = 18 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5223] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5225 attached [pid 5225] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5223] <... clone3 resumed> => {parent_tid=[5225]}, 88) = 5225 [pid 5225] <... rseq resumed>) = 0 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] set_robust_list(0x7f4f3b1629a0, 24 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] <... futex resumed>) = 0 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] memfd_create("syzkaller", 0 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5225] <... memfd_create resumed>) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5225] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./file0", 0777) = 0 syzkaller login: [ 61.732374][ T5225] loop0: detected capacity change from 0 to 32768 [ 61.765338][ T5225] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5225) [ 61.806343][ T5225] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 61.818048][ T5225] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 61.827675][ T5225] BTRFS info (device loop0): using free-space-tree [pid 5225] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_CLR_FD) = 0 [pid 5225] close(4) = 0 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5225] memfd_create("syzkaller", 0 [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] <... memfd_create resumed>) = 4 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5225] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5225] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5225] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5225] ioctl(5, LOOP_CLR_FD) = 0 [pid 5225] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5225] close(5) = 0 [pid 5225] close(4) = 0 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5225] pread64(-1, [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5223] <... futex resumed>) = 0 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5223] <... futex resumed>) = 0 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 1 [pid 5225] mkdir("./file1", 000) = 0 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5225] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5225] chdir("./file0" [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... chdir resumed>) = 0 [pid 5223] <... futex resumed>) = 0 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5225] openat(AT_FDCWD, ".", O_RDONLY [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 4 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5225] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 5 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5225] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5223] <... futex resumed>) = 0 [ 62.012374][ T5225] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5223] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5223] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5223] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5245 attached => {parent_tid=[5245]}, 88) = 5245 [pid 5245] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] <... rseq resumed>) = 0 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] set_robust_list(0x7f4f3b1419a0, 24 [pid 5223] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] <... futex resumed>) = 0 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5223] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... ioctl resumed>) = 0 [pid 5223] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5245] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... write resumed>) = 9740288 [pid 5225] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] exit_group(0 [pid 5225] <... futex resumed>) = ? [pid 5223] <... exit_group resumed>) = ? [pid 5245] <... futex resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 62.474825][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5246 ./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5246] chdir("./1") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5246] write(1, "executing program\n", 18) = 18 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5246] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5247 attached [pid 5247] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5246] <... clone3 resumed> => {parent_tid=[5247]}, 88) = 5247 [pid 5247] <... rseq resumed>) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] set_robust_list(0x7f4f3b1629a0, 24 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] <... set_robust_list resumed>) = 0 [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] <... futex resumed>) = 0 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] memfd_create("syzkaller", 0 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] <... memfd_create resumed>) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5247] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] close(4) = 0 [pid 5247] mkdir("./file0", 0777) = 0 [ 62.900732][ T5247] loop0: detected capacity change from 0 to 32768 [ 62.922602][ T5247] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5247) [ 62.943569][ T5247] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 62.953883][ T5247] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 62.962733][ T5247] BTRFS info (device loop0): using free-space-tree [pid 5247] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5247] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_CLR_FD) = 0 [pid 5247] close(4) = 0 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] <... futex resumed>) = 0 [pid 5247] memfd_create("syzkaller", 0 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] <... memfd_create resumed>) = 4 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5247] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5247] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5247] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5247] ioctl(5, LOOP_CLR_FD) = 0 [pid 5247] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5247] close(5) = 0 [pid 5247] close(4) = 0 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] pread64(-1, [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] mkdir("./file1", 000) = 0 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] chdir("./file0" [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... chdir resumed>) = 0 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] openat(AT_FDCWD, ".", O_RDONLY [pid 5246] <... futex resumed>) = 0 [pid 5247] <... openat resumed>) = 4 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.121280][ T5247] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... openat resumed>) = 5 [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5246] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5246] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5246] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5266 attached => {parent_tid=[5266]}, 88) = 5266 [pid 5266] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] <... rseq resumed>) = 0 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5246] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] <... futex resumed>) = 0 [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5266] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5266] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... write resumed>) = 9740288 [pid 5247] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] exit_group(0 [pid 5266] <... futex resumed>) = ? [pid 5266] +++ exited with 0 +++ [pid 5246] <... exit_group resumed>) = ? [pid 5247] <... futex resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 63.646811][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5267 ./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5267] chdir("./2") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 executing program [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] write(1, "executing program\n", 18) = 18 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5267] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5268 attached => {parent_tid=[5268]}, 88) = 5268 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5268] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5268] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] memfd_create("syzkaller", 0) = 3 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5268] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5268] close(3) = 0 [pid 5268] close(4) = 0 [pid 5268] mkdir("./file0", 0777) = 0 [ 64.083199][ T5268] loop0: detected capacity change from 0 to 32768 [ 64.113838][ T5268] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5268) [ 64.134628][ T5268] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 64.145397][ T5268] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 64.154919][ T5268] BTRFS info (device loop0): using free-space-tree [pid 5268] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_CLR_FD) = 0 [pid 5268] close(4) = 0 [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5268] memfd_create("syzkaller", 0) = 4 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5268] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5268] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5268] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5268] ioctl(5, LOOP_CLR_FD) = 0 [pid 5268] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5268] close(5) = 0 [pid 5268] close(4) = 0 [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5268] pread64(-1, [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5267] <... futex resumed>) = 0 [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5268] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5268] write(-1, "#! ./file0\n", 11 [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5267] <... futex resumed>) = 0 [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5268] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5268] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] <... futex resumed>) = 0 [pid 5268] mkdir("./file1", 000 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... mkdir resumed>) = 0 [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5267] <... futex resumed>) = 0 [pid 5268] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] chdir("./file0" [pid 5267] <... futex resumed>) = 0 [pid 5268] <... chdir resumed>) = 0 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5268] openat(AT_FDCWD, ".", O_RDONLY [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... openat resumed>) = 4 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... openat resumed>) = 5 [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5267] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5267] <... futex resumed>) = 0 [ 64.363563][ T5268] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5267] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5267] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5267] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0} => {parent_tid=[5287]}, 88) = 5287 ./strace-static-x86_64: Process 5287 attached [pid 5287] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] <... rseq resumed>) = 0 [pid 5287] set_robust_list(0x7f4f3b1419a0, 24 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] <... set_robust_list resumed>) = 0 [pid 5267] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5267] <... futex resumed>) = 0 [pid 5287] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5267] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5287] <... ioctl resumed>) = 0 [pid 5287] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... write resumed>) = 9740288 [pid 5268] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] exit_group(0 [pid 5287] <... futex resumed>) = ? [pid 5268] <... futex resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ [pid 5267] <... exit_group resumed>) = ? [pid 5267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5267, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 64.786781][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5288 ./strace-static-x86_64: Process 5288 attached [pid 5288] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5288] chdir("./3") = 0 [pid 5288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5288] setpgid(0, 0) = 0 [pid 5288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5288] write(3, "1000", 4) = 4 [pid 5288] close(3) = 0 [pid 5288] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5288] write(1, "executing program\n", 18) = 18 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5288] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5289 attached [pid 5289] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5288] <... clone3 resumed> => {parent_tid=[5289]}, 88) = 5289 [pid 5289] set_robust_list(0x7f4f3b1629a0, 24 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5289] <... set_robust_list resumed>) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5289] memfd_create("syzkaller", 0) = 3 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5289] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5289] close(3) = 0 [pid 5289] close(4) = 0 [pid 5289] mkdir("./file0", 0777) = 0 [ 65.208113][ T5289] loop0: detected capacity change from 0 to 32768 [ 65.218865][ T5289] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5289) [ 65.235446][ T5289] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 65.246334][ T5289] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 65.255543][ T5289] BTRFS info (device loop0): using free-space-tree [pid 5289] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5289] ioctl(4, LOOP_CLR_FD) = 0 [pid 5289] close(4) = 0 [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5289] <... futex resumed>) = 0 [pid 5289] memfd_create("syzkaller", 0) = 4 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5289] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5289] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5289] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5289] ioctl(5, LOOP_CLR_FD) = 0 [pid 5289] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5289] close(5) = 0 [pid 5289] close(4) = 0 [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5289] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5288] <... futex resumed>) = 0 [pid 5289] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] write(-1, "#! ./file0\n", 11 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5289] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] mkdir("./file1", 000) = 0 [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5288] <... futex resumed>) = 0 [pid 5289] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] chdir("./file0" [pid 5288] <... futex resumed>) = 0 [pid 5289] <... chdir resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5289] openat(AT_FDCWD, ".", O_RDONLY [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... openat resumed>) = 4 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5289] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] <... futex resumed>) = 0 [pid 5289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... openat resumed>) = 5 [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [ 65.430429][ T5289] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5289] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5288] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5288] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5288] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5308 attached [pid 5308] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5288] <... clone3 resumed> => {parent_tid=[5308]}, 88) = 5308 [pid 5308] set_robust_list(0x7f4f3b1419a0, 24 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5308] <... set_robust_list resumed>) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5308] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] <... futex resumed>) = 0 [pid 5308] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5288] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... ioctl resumed>) = 0 [pid 5308] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5289] <... write resumed>) = 9740288 [pid 5289] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] exit_group(0 [pid 5308] <... futex resumed>) = ? [pid 5288] <... exit_group resumed>) = ? [pid 5289] <... futex resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ [pid 5288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5288, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 65.908377][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached , child_tidptr=0x555581abb690) = 5309 [pid 5309] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5309] chdir("./4") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] write(1, "executing program\n", 18executing program ) = 18 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5309] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5310 attached => {parent_tid=[5310]}, 88) = 5310 [pid 5310] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5310] <... rseq resumed>) = 0 [pid 5310] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5310] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] close(4) = 0 [pid 5310] mkdir("./file0", 0777) = 0 [ 66.387256][ T5310] loop0: detected capacity change from 0 to 32768 [ 66.427260][ T5310] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5310) [ 66.447120][ T5310] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 66.460064][ T5310] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 66.468763][ T5310] BTRFS info (device loop0): using free-space-tree [pid 5310] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_CLR_FD) = 0 [pid 5310] close(4) = 0 [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5310] memfd_create("syzkaller", 0 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5310] <... memfd_create resumed>) = 4 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5310] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5310] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5310] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5310] ioctl(5, LOOP_CLR_FD) = 0 [pid 5310] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5310] close(5) = 0 [pid 5310] close(4) = 0 [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = 0 [pid 5310] pread64(-1, [pid 5309] <... futex resumed>) = 1 [pid 5310] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] <... futex resumed>) = 0 [pid 5310] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] write(-1, "#! ./file0\n", 11 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] mkdir("./file1", 000 [pid 5309] <... futex resumed>) = 0 [pid 5310] <... mkdir resumed>) = 0 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] chdir("./file0" [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... chdir resumed>) = 0 [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] openat(AT_FDCWD, ".", O_RDONLY [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... openat resumed>) = 4 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] <... futex resumed>) = 0 [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5309] <... futex resumed>) = 0 [pid 5310] <... openat resumed>) = 5 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = 0 [pid 5310] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5309] <... futex resumed>) = 1 [ 66.633264][ T5310] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5309] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5309] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5309] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5329 attached [pid 5329] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5309] <... clone3 resumed> => {parent_tid=[5329]}, 88) = 5329 [pid 5329] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5309] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5309] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... ioctl resumed>) = 0 [pid 5329] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5329] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] <... write resumed>) = 9740288 [pid 5310] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] exit_group(0) = ? [pid 5329] <... futex resumed>) = ? [pid 5310] <... futex resumed>) = ? [pid 5329] +++ exited with 0 +++ [pid 5310] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 67.074888][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5330 attached , child_tidptr=0x555581abb690) = 5330 [pid 5330] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5330] chdir("./5") = 0 [pid 5330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5330] setpgid(0, 0) = 0 [pid 5330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5330] write(3, "1000", 4) = 4 [pid 5330] close(3) = 0 [pid 5330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5330] write(1, "executing program\n", 18executing program ) = 18 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5330] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5330] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5331 attached => {parent_tid=[5331]}, 88) = 5331 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5331] <... rseq resumed>) = 0 [pid 5331] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] memfd_create("syzkaller", 0) = 3 [pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5331] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5331] close(3) = 0 [pid 5331] close(4) = 0 [pid 5331] mkdir("./file0", 0777) = 0 [ 67.415862][ T5331] loop0: detected capacity change from 0 to 32768 [ 67.436678][ T5331] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5331) [ 67.455217][ T5331] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 5331] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 67.465532][ T5331] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 67.474613][ T5331] BTRFS info (device loop0): using free-space-tree [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5331] ioctl(4, LOOP_CLR_FD) = 0 [pid 5331] close(4) = 0 [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] memfd_create("syzkaller", 0 [pid 5330] <... futex resumed>) = 1 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5331] <... memfd_create resumed>) = 4 [pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5331] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5331] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5331] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5331] ioctl(5, LOOP_CLR_FD) = 0 [pid 5331] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5331] close(5) = 0 [pid 5331] close(4) = 0 [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5331] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] <... futex resumed>) = 0 [pid 5331] pread64(-1, [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5331] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] <... futex resumed>) = 0 [pid 5331] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5331] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] <... futex resumed>) = 0 [pid 5331] write(-1, "#! ./file0\n", 11 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5331] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] mkdir("./file1", 000) = 0 [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5331] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5330] <... futex resumed>) = 0 [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5331] chdir("./file0" [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... chdir resumed>) = 0 [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5331] openat(AT_FDCWD, ".", O_RDONLY [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... openat resumed>) = 4 [pid 5330] <... futex resumed>) = 0 [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5330] <... futex resumed>) = 0 [pid 5331] <... openat resumed>) = 5 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] <... futex resumed>) = 0 [pid 5330] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.615255][ T5331] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5331] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5330] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5330] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5330] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0} => {parent_tid=[5350]}, 88) = 5350 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5330] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5350 attached ) = 0 [pid 5350] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5330] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... rseq resumed>) = 0 [pid 5350] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5330] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5350] <... ioctl resumed>) = 0 [pid 5350] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] exit_group(0) = ? [pid 5331] <... write resumed>) = ? [pid 5350] <... futex resumed>) = ? [pid 5331] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ [pid 5330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5330, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 68.169435][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5351 attached , child_tidptr=0x555581abb690) = 5351 [pid 5351] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5351] chdir("./6") = 0 [pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5351] setpgid(0, 0) = 0 [pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5351] write(3, "1000", 4) = 4 [pid 5351] close(3) = 0 [pid 5351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5351] write(1, "executing program\n", 18executing program ) = 18 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5351] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5352 attached [pid 5352] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5351] <... clone3 resumed> => {parent_tid=[5352]}, 88) = 5352 [pid 5352] <... rseq resumed>) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5352] set_robust_list(0x7f4f3b1629a0, 24 [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] <... set_robust_list resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5352] memfd_create("syzkaller", 0) = 3 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5352] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5352] close(3) = 0 [pid 5352] close(4) = 0 [pid 5352] mkdir("./file0", 0777) = 0 [ 68.521452][ T5352] loop0: detected capacity change from 0 to 32768 [ 68.552831][ T5352] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5352) [ 68.572609][ T5352] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 68.584426][ T5352] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 68.594099][ T5352] BTRFS info (device loop0): using free-space-tree [pid 5352] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_CLR_FD) = 0 [pid 5352] close(4) = 0 [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] memfd_create("syzkaller", 0 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5352] <... memfd_create resumed>) = 4 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5352] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5352] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5352] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5352] ioctl(5, LOOP_CLR_FD) = 0 [pid 5352] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5352] close(5) = 0 [pid 5352] close(4) = 0 [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] pread64(-1, [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5352] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL) = -1 EINVAL (Invalid argument) [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] mkdir("./file1", 000) = 0 [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... futex resumed>) = 1 [pid 5352] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] chdir("./file0" [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... chdir resumed>) = 0 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5352] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] <... futex resumed>) = 0 [pid 5352] openat(AT_FDCWD, ".", O_RDONLY [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... openat resumed>) = 4 [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5352] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 68.770151][ T5352] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5351] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5351] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5351] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0} => {parent_tid=[5371]}, 88) = 5371 ./strace-static-x86_64: Process 5371 attached [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] <... rseq resumed>) = 0 [pid 5371] set_robust_list(0x7f4f3b1419a0, 24 [pid 5351] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... set_robust_list resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] <... futex resumed>) = 0 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5371] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5352] <... write resumed>) = 9740288 [pid 5352] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] exit_group(0 [pid 5371] <... futex resumed>) = ? [pid 5371] +++ exited with 0 +++ [pid 5351] <... exit_group resumed>) = ? [pid 5352] <... futex resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5351, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 69.275043][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5372 attached , child_tidptr=0x555581abb690) = 5372 [pid 5372] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5372] chdir("./7") = 0 [pid 5372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5372] setpgid(0, 0) = 0 [pid 5372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5372] write(3, "1000", 4) = 4 [pid 5372] close(3) = 0 [pid 5372] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5372] write(1, "executing program\n", 18) = 18 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5372] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5373 attached [pid 5373] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5372] <... clone3 resumed> => {parent_tid=[5373]}, 88) = 5373 [pid 5373] set_robust_list(0x7f4f3b1629a0, 24 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] <... set_robust_list resumed>) = 0 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] memfd_create("syzkaller", 0 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5373] <... memfd_create resumed>) = 3 [pid 5373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5373] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5373] close(3) = 0 [pid 5373] close(4) = 0 [pid 5373] mkdir("./file0", 0777) = 0 [ 69.730371][ T5373] loop0: detected capacity change from 0 to 32768 [ 69.772985][ T5373] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5373) [ 69.797877][ T5373] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 69.808581][ T5373] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 69.817396][ T5373] BTRFS info (device loop0): using free-space-tree [pid 5373] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5373] ioctl(4, LOOP_CLR_FD) = 0 [pid 5373] close(4) = 0 [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] memfd_create("syzkaller", 0 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5373] <... memfd_create resumed>) = 4 [pid 5373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5373] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5373] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5373] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5373] ioctl(5, LOOP_CLR_FD) = 0 [pid 5373] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5373] close(5) = 0 [pid 5373] close(4) = 0 [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] pread64(-1, [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5372] <... futex resumed>) = 0 [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 0 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5373] write(-1, "#! ./file0\n", 11 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] mkdir("./file1", 000 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... mkdir resumed>) = 0 [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5373] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] chdir("./file0" [pid 5372] <... futex resumed>) = 0 [pid 5373] <... chdir resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5373] openat(AT_FDCWD, ".", O_RDONLY [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... openat resumed>) = 4 [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... openat resumed>) = 5 [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5372] <... futex resumed>) = 1 [pid 5373] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 69.994522][ T5373] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5372] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5372] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5372] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5372] <... clone3 resumed> => {parent_tid=[5392]}, 88) = 5392 [pid 5392] <... rseq resumed>) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] set_robust_list(0x7f4f3b1419a0, 24 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] <... set_robust_list resumed>) = 0 [pid 5372] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5372] <... futex resumed>) = 0 [pid 5392] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5372] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... ioctl resumed>) = 0 [pid 5392] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... write resumed>) = 9740288 [pid 5373] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] exit_group(0 [pid 5392] <... futex resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5372] <... exit_group resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5372, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 70.441192][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5393 attached , child_tidptr=0x555581abb690) = 5393 [pid 5393] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5393] chdir("./8") = 0 [pid 5393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5393] setpgid(0, 0) = 0 [pid 5393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5393] write(3, "1000", 4) = 4 [pid 5393] close(3) = 0 [pid 5393] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5393] write(1, "executing program\n", 18) = 18 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5393] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5394 attached [pid 5394] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5393] <... clone3 resumed> => {parent_tid=[5394]}, 88) = 5394 [pid 5394] set_robust_list(0x7f4f3b1629a0, 24 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] <... set_robust_list resumed>) = 0 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] memfd_create("syzkaller", 0 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5394] <... memfd_create resumed>) = 3 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5394] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5394] close(3) = 0 [pid 5394] close(4) = 0 [pid 5394] mkdir("./file0", 0777) = 0 [ 70.898882][ T5394] loop0: detected capacity change from 0 to 32768 [ 70.930644][ T5394] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5394) [pid 5394] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 70.950626][ T5394] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 70.961104][ T5394] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 70.970264][ T5394] BTRFS info (device loop0): using free-space-tree [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5394] ioctl(4, LOOP_CLR_FD) = 0 [pid 5394] close(4) = 0 [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5394] memfd_create("syzkaller", 0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5394] <... memfd_create resumed>) = 4 [pid 5394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5394] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5394] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5394] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5394] ioctl(5, LOOP_CLR_FD) = 0 [pid 5394] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5394] close(5) = 0 [pid 5394] close(4) = 0 [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] pread64(-1, [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5393] <... futex resumed>) = 0 [pid 5394] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5394] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] <... futex resumed>) = 0 [pid 5394] write(-1, "#! ./file0\n", 11 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... futex resumed>) = 0 [pid 5393] <... futex resumed>) = 0 [pid 5394] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] mkdir("./file1", 000) = 0 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... futex resumed>) = 1 [pid 5394] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.134934][ T5394] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... futex resumed>) = 1 [pid 5394] chdir("./file0") = 0 [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... futex resumed>) = 1 [pid 5394] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5394] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... openat resumed>) = 5 [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5394] <... futex resumed>) = 1 [pid 5393] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5393] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5393] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5413 attached [pid 5413] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5393] <... clone3 resumed> => {parent_tid=[5413]}, 88) = 5413 [pid 5413] <... rseq resumed>) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5413] set_robust_list(0x7f4f3b1419a0, 24 [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5413] <... set_robust_list resumed>) = 0 [pid 5393] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] <... futex resumed>) = 0 [pid 5413] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5393] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... ioctl resumed>) = 0 [pid 5413] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5413] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] <... write resumed>) = 9740288 [pid 5394] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] exit_group(0 [pid 5413] <... futex resumed>) = ? [pid 5393] <... exit_group resumed>) = ? [pid 5413] +++ exited with 0 +++ [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5393, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 71.588322][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5414 attached , child_tidptr=0x555581abb690) = 5414 [pid 5414] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5414] chdir("./9") = 0 [pid 5414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5414] setpgid(0, 0) = 0 [pid 5414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5414] write(3, "1000", 4) = 4 [pid 5414] close(3) = 0 [pid 5414] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5414] write(1, "executing program\n", 18) = 18 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5414] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5415 attached [pid 5415] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5414] <... clone3 resumed> => {parent_tid=[5415]}, 88) = 5415 [pid 5415] <... rseq resumed>) = 0 [pid 5414] rt_sigprocmask(SIG_SETMASK, [], [pid 5415] set_robust_list(0x7f4f3b1629a0, 24 [pid 5414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5415] <... set_robust_list resumed>) = 0 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5415] memfd_create("syzkaller", 0) = 3 [pid 5415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5415] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5415] close(3) = 0 [pid 5415] close(4) = 0 [pid 5415] mkdir("./file0", 0777) = 0 [ 72.041020][ T5415] loop0: detected capacity change from 0 to 32768 [ 72.061543][ T5415] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5415) [ 72.082984][ T5415] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 72.094581][ T5415] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 72.103550][ T5415] BTRFS info (device loop0): using free-space-tree [pid 5415] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5415] ioctl(4, LOOP_CLR_FD) = 0 [pid 5415] close(4) = 0 [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5415] memfd_create("syzkaller", 0 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5415] <... memfd_create resumed>) = 4 [pid 5415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5415] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5415] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5415] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5415] ioctl(5, LOOP_CLR_FD) = 0 [pid 5415] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5415] close(5) = 0 [pid 5415] close(4) = 0 [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5415] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5415] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... futex resumed>) = 0 [pid 5415] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5415] write(-1, "#! ./file0\n", 11 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5415] mkdir("./file1", 000) = 0 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] chdir("./file0" [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... chdir resumed>) = 0 [ 72.267654][ T5415] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] openat(AT_FDCWD, ".", O_RDONLY [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... openat resumed>) = 4 [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... futex resumed>) = 0 [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5415] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... openat resumed>) = 5 [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5415] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5415] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5414] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5414] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5414] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5434 attached => {parent_tid=[5434]}, 88) = 5434 [pid 5434] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5434] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5434] rt_sigprocmask(SIG_SETMASK, [], [pid 5414] rt_sigprocmask(SIG_SETMASK, [], [pid 5434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5434] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5414] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... ioctl resumed>) = 0 [pid 5434] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] <... futex resumed>) = 0 [pid 5434] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] <... write resumed>) = 9740288 [pid 5415] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] exit_group(0 [pid 5434] <... futex resumed>) = ? [pid 5434] +++ exited with 0 +++ [pid 5414] <... exit_group resumed>) = ? [pid 5415] +++ exited with 0 +++ [pid 5414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5414, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 72.743600][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5435 attached , child_tidptr=0x555581abb690) = 5435 [pid 5435] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5435] chdir("./10") = 0 [pid 5435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5435] setpgid(0, 0) = 0 [pid 5435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5435] write(3, "1000", 4) = 4 [pid 5435] close(3) = 0 [pid 5435] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5435] write(1, "executing program\n", 18) = 18 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5435] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5436 attached [pid 5436] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5435] <... clone3 resumed> => {parent_tid=[5436]}, 88) = 5436 [pid 5436] set_robust_list(0x7f4f3b1629a0, 24 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], [pid 5436] <... set_robust_list resumed>) = 0 [pid 5435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5436] rt_sigprocmask(SIG_SETMASK, [], [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5435] <... futex resumed>) = 0 [pid 5436] memfd_create("syzkaller", 0 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5436] <... memfd_create resumed>) = 3 [pid 5436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5436] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5436] close(3) = 0 [pid 5436] close(4) = 0 [pid 5436] mkdir("./file0", 0777) = 0 [ 73.248849][ T5436] loop0: detected capacity change from 0 to 32768 [ 73.271633][ T5436] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5436) [ 73.291303][ T5436] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 73.301933][ T5436] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 73.311564][ T5436] BTRFS info (device loop0): using free-space-tree [pid 5436] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5436] ioctl(4, LOOP_CLR_FD) = 0 [pid 5436] close(4) = 0 [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] memfd_create("syzkaller", 0 [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... memfd_create resumed>) = 4 [pid 5435] <... futex resumed>) = 0 [pid 5436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5436] <... mmap resumed>) = 0x7f4f32c00000 [pid 5436] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5436] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5436] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5436] ioctl(5, LOOP_CLR_FD) = 0 [pid 5436] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5436] close(5) = 0 [pid 5436] close(4) = 0 [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] pread64(-1, [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... futex resumed>) = 0 [pid 5436] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = 1 [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] mkdir("./file1", 000 [pid 5435] <... futex resumed>) = 0 [pid 5436] <... mkdir resumed>) = 0 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = 1 [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5435] <... futex resumed>) = 0 [pid 5436] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5436] chdir("./file0" [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... chdir resumed>) = 0 [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 73.511675][ T5436] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5436] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... openat resumed>) = 5 [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5436] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5435] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5435] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5435] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5455 attached [pid 5455] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5435] <... clone3 resumed> => {parent_tid=[5455]}, 88) = 5455 [pid 5455] set_robust_list(0x7f4f3b1419a0, 24 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], [pid 5455] <... set_robust_list resumed>) = 0 [pid 5435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] rt_sigprocmask(SIG_SETMASK, [], [pid 5435] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5455] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... ioctl resumed>) = 0 [pid 5455] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = 0 [pid 5436] <... write resumed>) = 9740288 [pid 5436] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] exit_group(0 [pid 5455] <... futex resumed>) = ? [pid 5455] +++ exited with 0 +++ [pid 5436] <... futex resumed>) = ? [pid 5435] <... exit_group resumed>) = ? [pid 5436] +++ exited with 0 +++ [pid 5435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5435, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 73.997552][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5456 ./strace-static-x86_64: Process 5456 attached [pid 5456] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5456] chdir("./11") = 0 [pid 5456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5456] setpgid(0, 0) = 0 [pid 5456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5456] write(3, "1000", 4) = 4 [pid 5456] close(3) = 0 [pid 5456] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5456] write(1, "executing program\n", 18) = 18 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5456] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5457 attached [pid 5457] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5456] <... clone3 resumed> => {parent_tid=[5457]}, 88) = 5457 [pid 5457] set_robust_list(0x7f4f3b1629a0, 24 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] <... set_robust_list resumed>) = 0 [pid 5456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5456] <... futex resumed>) = 0 [pid 5457] memfd_create("syzkaller", 0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5457] <... memfd_create resumed>) = 3 [pid 5457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5457] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5457] close(3) = 0 [pid 5457] close(4) = 0 [pid 5457] mkdir("./file0", 0777) = 0 [ 74.426597][ T5457] loop0: detected capacity change from 0 to 32768 [ 74.447632][ T5457] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5457) [ 74.467748][ T5457] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 74.478444][ T5457] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 74.487504][ T5457] BTRFS info (device loop0): using free-space-tree [pid 5457] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5457] ioctl(4, LOOP_CLR_FD) = 0 [pid 5457] close(4) = 0 [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5457] memfd_create("syzkaller", 0) = 4 [pid 5457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5457] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5457] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5457] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5457] ioctl(5, LOOP_CLR_FD) = 0 [pid 5457] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5457] close(5) = 0 [pid 5457] close(4) = 0 [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] pread64(-1, [pid 5456] <... futex resumed>) = 0 [pid 5457] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] write(-1, "#! ./file0\n", 11 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] mkdir("./file1", 000 [pid 5456] <... futex resumed>) = 0 [pid 5457] <... mkdir resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5456] <... futex resumed>) = 0 [pid 5457] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] chdir("./file0" [pid 5456] <... futex resumed>) = 0 [pid 5457] <... chdir resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5457] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... openat resumed>) = 5 [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 74.692642][ T5457] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5456] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5456] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5456] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5476 attached [pid 5476] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5476] set_robust_list(0x7f4f3b1419a0, 24 [pid 5456] <... clone3 resumed> => {parent_tid=[5476]}, 88) = 5476 [pid 5476] <... set_robust_list resumed>) = 0 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], [pid 5456] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5456] <... futex resumed>) = 0 [pid 5476] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5456] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5476] <... ioctl resumed>) = 0 [pid 5476] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] <... write resumed>) = 9740288 [pid 5457] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] exit_group(0 [pid 5476] <... futex resumed>) = ? [pid 5457] <... futex resumed>) = ? [pid 5456] <... exit_group resumed>) = ? [pid 5476] +++ exited with 0 +++ [pid 5457] +++ exited with 0 +++ [pid 5456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5456, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 75.131753][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5477 attached , child_tidptr=0x555581abb690) = 5477 [pid 5477] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5477] chdir("./12") = 0 [pid 5477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5477] setpgid(0, 0) = 0 [pid 5477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5477] write(3, "1000", 4) = 4 [pid 5477] close(3) = 0 [pid 5477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5477] write(1, "executing program\n", 18executing program ) = 18 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5477] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5478 attached [pid 5478] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5477] <... clone3 resumed> => {parent_tid=[5478]}, 88) = 5478 [pid 5478] <... rseq resumed>) = 0 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5478] set_robust_list(0x7f4f3b1629a0, 24 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5478] <... set_robust_list resumed>) = 0 [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5477] <... futex resumed>) = 0 [pid 5478] memfd_create("syzkaller", 0 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5478] <... memfd_create resumed>) = 3 [pid 5478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5478] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5478] close(3) = 0 [pid 5478] close(4) = 0 [pid 5478] mkdir("./file0", 0777) = 0 [ 75.555885][ T5478] loop0: detected capacity change from 0 to 32768 [ 75.578987][ T5478] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5478) [ 75.598266][ T5478] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 75.608841][ T5478] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 75.618236][ T5478] BTRFS info (device loop0): using free-space-tree [pid 5478] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5478] ioctl(4, LOOP_CLR_FD) = 0 [pid 5478] close(4) = 0 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5478] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] memfd_create("syzkaller", 0) = 4 [pid 5478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5478] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5478] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5478] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5478] ioctl(5, LOOP_CLR_FD) = 0 [pid 5478] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5478] close(5) = 0 [pid 5478] close(4) = 0 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] <... futex resumed>) = 1 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] <... futex resumed>) = 0 [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5477] <... futex resumed>) = 0 [pid 5478] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] <... futex resumed>) = 0 [pid 5478] write(-1, "#! ./file0\n", 11 [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5477] <... futex resumed>) = 0 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5478] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] mkdir("./file1", 000) = 0 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5478] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5477] <... futex resumed>) = 0 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] chdir("./file0" [ 75.835069][ T5478] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... chdir resumed>) = 0 [pid 5477] <... futex resumed>) = 0 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5478] openat(AT_FDCWD, ".", O_RDONLY [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... openat resumed>) = 4 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5478] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... openat resumed>) = 5 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5478] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5477] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5477] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5477] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5498 attached [pid 5498] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5477] <... clone3 resumed> => {parent_tid=[5498]}, 88) = 5498 [pid 5498] <... rseq resumed>) = 0 [pid 5498] set_robust_list(0x7f4f3b1419a0, 24 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5498] <... set_robust_list resumed>) = 0 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5477] <... futex resumed>) = 0 [pid 5498] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5477] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... ioctl resumed>) = 0 [pid 5498] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5478] <... write resumed>) = 9740288 [pid 5478] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] exit_group(0 [pid 5498] <... futex resumed>) = ? [pid 5478] <... futex resumed>) = ? [pid 5477] <... exit_group resumed>) = ? [pid 5498] +++ exited with 0 +++ [pid 5478] +++ exited with 0 +++ [pid 5477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5477, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 76.283628][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5499 ./strace-static-x86_64: Process 5499 attached [pid 5499] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5499] chdir("./13") = 0 [pid 5499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5499] setpgid(0, 0) = 0 [pid 5499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5499] write(3, "1000", 4) = 4 [pid 5499] close(3) = 0 [pid 5499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5499] write(1, "executing program\n", 18executing program ) = 18 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5499] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5500 attached [pid 5500] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5499] <... clone3 resumed> => {parent_tid=[5500]}, 88) = 5500 [pid 5500] set_robust_list(0x7f4f3b1629a0, 24 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], [pid 5500] <... set_robust_list resumed>) = 0 [pid 5499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5500] memfd_create("syzkaller", 0) = 3 [pid 5500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5500] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5500] close(3) = 0 [pid 5500] close(4) = 0 [pid 5500] mkdir("./file0", 0777) = 0 [ 76.784789][ T5500] loop0: detected capacity change from 0 to 32768 [ 76.795486][ T5500] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5500) [ 76.813171][ T5500] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 76.823898][ T5500] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 76.832926][ T5500] BTRFS info (device loop0): using free-space-tree [pid 5500] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5500] ioctl(4, LOOP_CLR_FD) = 0 [pid 5500] close(4) = 0 [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] memfd_create("syzkaller", 0 [pid 5499] <... futex resumed>) = 0 [pid 5500] <... memfd_create resumed>) = 4 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5500] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5500] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5500] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5500] ioctl(5, LOOP_CLR_FD) = 0 [pid 5500] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5500] close(5) = 0 [pid 5500] close(4) = 0 [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 0 [pid 5500] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5499] <... futex resumed>) = 0 [pid 5500] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] write(-1, "#! ./file0\n", 11 [pid 5499] <... futex resumed>) = 0 [pid 5500] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.896862][ T47] cfg80211: failed to load regulatory.db [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] mkdir("./file1", 000 [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... mkdir resumed>) = 0 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] <... futex resumed>) = 0 [pid 5500] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] <... futex resumed>) = 0 [pid 5500] chdir("./file0" [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... chdir resumed>) = 0 [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] <... futex resumed>) = 0 [pid 5500] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 0 [ 76.949590][ T5500] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5500] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5499] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5499] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0} => {parent_tid=[5518]}, 88) = 5518 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5518 attached [pid 5518] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5518] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5518] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5499] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5518] <... ioctl resumed>) = 0 [pid 5518] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] exit_group(0) = ? [pid 5518] <... futex resumed>) = ? [pid 5518] +++ exited with 0 +++ [pid 5500] <... write resumed>) = ? [pid 5500] +++ exited with 0 +++ [pid 5499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5499, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 77.625227][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5519 attached , child_tidptr=0x555581abb690) = 5519 [pid 5519] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5519] chdir("./14") = 0 [pid 5519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5519] setpgid(0, 0) = 0 [pid 5519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5519] write(3, "1000", 4) = 4 [pid 5519] close(3) = 0 [pid 5519] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5519] write(1, "executing program\n", 18) = 18 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5519] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5520 attached => {parent_tid=[5520]}, 88) = 5520 [pid 5520] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5520] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5520] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5520] memfd_create("syzkaller", 0 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5520] <... memfd_create resumed>) = 3 [pid 5520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5520] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5520] close(3) = 0 [pid 5520] close(4) = 0 [pid 5520] mkdir("./file0", 0777) = 0 [ 78.052201][ T5520] loop0: detected capacity change from 0 to 32768 [ 78.072195][ T5520] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5520) [ 78.091743][ T5520] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 78.102629][ T5520] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 78.114087][ T5520] BTRFS info (device loop0): using free-space-tree [pid 5520] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5520] ioctl(4, LOOP_CLR_FD) = 0 [pid 5520] close(4) = 0 [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5520] memfd_create("syzkaller", 0) = 4 [pid 5520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5520] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5520] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5520] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5520] ioctl(5, LOOP_CLR_FD) = 0 [pid 5520] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5520] close(5) = 0 [pid 5520] close(4) = 0 [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5519] <... futex resumed>) = 0 [pid 5520] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] <... futex resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5520] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] mkdir("./file1", 000 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... mkdir resumed>) = 0 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] chdir("./file0" [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... chdir resumed>) = 0 [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] <... futex resumed>) = 1 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 78.329808][ T5520] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... openat resumed>) = 5 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5519] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5519] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5519] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5519] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5540 attached [pid 5540] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5519] <... clone3 resumed> => {parent_tid=[5540]}, 88) = 5540 [pid 5540] <... rseq resumed>) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5540] set_robust_list(0x7f4f3b1419a0, 24 [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5540] <... set_robust_list resumed>) = 0 [pid 5519] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5519] <... futex resumed>) = 0 [pid 5540] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5519] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... ioctl resumed>) = 0 [pid 5519] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5540] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] <... write resumed>) = 9740288 [pid 5520] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] exit_group(0 [pid 5540] <... futex resumed>) = ? [pid 5540] +++ exited with 0 +++ [pid 5519] <... exit_group resumed>) = ? [pid 5520] <... futex resumed>) = ? [pid 5520] +++ exited with 0 +++ [pid 5519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5519, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 78.872793][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5541 attached [pid 5541] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5541] chdir("./15") = 0 [pid 5222] <... clone resumed>, child_tidptr=0x555581abb690) = 5541 [pid 5541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5541] setpgid(0, 0) = 0 [pid 5541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5541] write(3, "1000", 4) = 4 [pid 5541] close(3) = 0 [pid 5541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5541] write(1, "executing program\n", 18executing program ) = 18 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5541] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5542 attached [pid 5542] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5541] <... clone3 resumed> => {parent_tid=[5542]}, 88) = 5542 [pid 5542] <... rseq resumed>) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5542] set_robust_list(0x7f4f3b1629a0, 24 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5542] <... set_robust_list resumed>) = 0 [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] <... futex resumed>) = 0 [pid 5542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5542] memfd_create("syzkaller", 0) = 3 [pid 5542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5542] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5542] close(3) = 0 [pid 5542] close(4) = 0 [pid 5542] mkdir("./file0", 0777) = 0 [ 79.273420][ T5542] loop0: detected capacity change from 0 to 32768 [ 79.293382][ T5542] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5542) [pid 5542] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5542] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 79.313787][ T5542] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 79.324326][ T5542] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 79.333469][ T5542] BTRFS info (device loop0): using free-space-tree [pid 5542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5542] ioctl(4, LOOP_CLR_FD) = 0 [pid 5542] close(4) = 0 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5541] <... futex resumed>) = 0 [pid 5542] memfd_create("syzkaller", 0 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5542] <... memfd_create resumed>) = 4 [pid 5542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5542] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5542] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5542] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5542] ioctl(5, LOOP_CLR_FD) = 0 [pid 5542] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5542] close(5) = 0 [pid 5542] close(4) = 0 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = 1 [pid 5542] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] write(-1, "#! ./file0\n", 11 [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] mkdir("./file1", 000 [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... mkdir resumed>) = 0 [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] chdir("./file0" [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... chdir resumed>) = 0 [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5541] <... futex resumed>) = 0 [pid 5542] openat(AT_FDCWD, ".", O_RDONLY [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... openat resumed>) = 4 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5541] <... futex resumed>) = 0 [pid 5542] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... openat resumed>) = 5 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 79.489960][ T5542] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5542] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5541] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5541] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5541] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5541] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5561 attached [pid 5561] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5541] <... clone3 resumed> => {parent_tid=[5561]}, 88) = 5561 [pid 5561] <... rseq resumed>) = 0 [pid 5561] set_robust_list(0x7f4f3b1419a0, 24 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] <... set_robust_list resumed>) = 0 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] <... futex resumed>) = 0 [pid 5561] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5541] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... ioctl resumed>) = 0 [pid 5561] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5561] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... write resumed>) = 9740288 [pid 5542] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] exit_group(0 [pid 5561] <... futex resumed>) = ? [pid 5542] <... futex resumed>) = ? [pid 5541] <... exit_group resumed>) = ? [pid 5561] +++ exited with 0 +++ [pid 5542] +++ exited with 0 +++ [pid 5541] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5541, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 79.902346][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5562 attached , child_tidptr=0x555581abb690) = 5562 [pid 5562] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5562] chdir("./16") = 0 [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5562] setpgid(0, 0) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5562] write(3, "1000", 4) = 4 [pid 5562] close(3) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5562] write(1, "executing program\n", 18) = 18 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5562] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5563 attached [pid 5563] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5562] <... clone3 resumed> => {parent_tid=[5563]}, 88) = 5563 [pid 5563] <... rseq resumed>) = 0 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], [pid 5563] set_robust_list(0x7f4f3b1629a0, 24 [pid 5562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5563] <... set_robust_list resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5563] memfd_create("syzkaller", 0 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5563] <... memfd_create resumed>) = 3 [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5563] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5563] close(3) = 0 [pid 5563] close(4) = 0 [pid 5563] mkdir("./file0", 0777) = 0 [ 80.376028][ T5563] loop0: detected capacity change from 0 to 32768 [ 80.406346][ T5563] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5563) [pid 5563] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 80.428305][ T5563] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.439005][ T5563] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 80.447982][ T5563] BTRFS info (device loop0): using free-space-tree [pid 5563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_CLR_FD) = 0 [pid 5563] close(4) = 0 [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] memfd_create("syzkaller", 0 [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... memfd_create resumed>) = 4 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5563] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5563] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5563] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5563] ioctl(5, LOOP_CLR_FD) = 0 [pid 5563] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5563] close(5) = 0 [pid 5563] close(4) = 0 [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5562] <... futex resumed>) = 0 [pid 5563] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] write(-1, "#! ./file0\n", 11 [pid 5562] <... futex resumed>) = 0 [pid 5563] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5563] mkdir("./file1", 000 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... mkdir resumed>) = 0 [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5562] <... futex resumed>) = 0 [pid 5563] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] chdir("./file0" [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... chdir resumed>) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... openat resumed>) = 5 [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5562] <... futex resumed>) = 0 [pid 5563] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 80.658914][ T5563] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5562] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5562] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5562] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5582 attached [pid 5582] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5562] <... clone3 resumed> => {parent_tid=[5582]}, 88) = 5582 [pid 5582] <... rseq resumed>) = 0 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5582] set_robust_list(0x7f4f3b1419a0, 24 [pid 5562] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... set_robust_list resumed>) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5582] rt_sigprocmask(SIG_SETMASK, [], [pid 5562] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5582] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5582] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5563] <... write resumed>) = 9740288 [pid 5563] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] exit_group(0 [pid 5582] <... futex resumed>) = ? [pid 5562] <... exit_group resumed>) = ? [pid 5582] +++ exited with 0 +++ [pid 5563] <... futex resumed>) = ? [pid 5563] +++ exited with 0 +++ [pid 5562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5562, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 81.101160][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5583 attached , child_tidptr=0x555581abb690) = 5583 [pid 5583] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5583] chdir("./17") = 0 [pid 5583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5583] setpgid(0, 0) = 0 [pid 5583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5583] write(3, "1000", 4) = 4 [pid 5583] close(3) = 0 [pid 5583] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5583] write(1, "executing program\n", 18) = 18 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5583] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5584 attached [pid 5584] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5583] <... clone3 resumed> => {parent_tid=[5584]}, 88) = 5584 [pid 5584] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5583] rt_sigprocmask(SIG_SETMASK, [], [pid 5584] rt_sigprocmask(SIG_SETMASK, [], [pid 5583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] memfd_create("syzkaller", 0 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5584] <... memfd_create resumed>) = 3 [pid 5584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5584] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5584] close(3) = 0 [pid 5584] close(4) = 0 [pid 5584] mkdir("./file0", 0777) = 0 [ 81.558622][ T5584] loop0: detected capacity change from 0 to 32768 [ 81.578661][ T5584] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5584) [ 81.597596][ T5584] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 5584] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 81.609496][ T5584] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 81.618174][ T5584] BTRFS info (device loop0): using free-space-tree [pid 5584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5584] ioctl(4, LOOP_CLR_FD) = 0 [pid 5584] close(4) = 0 [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5584] memfd_create("syzkaller", 0) = 4 [pid 5584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5584] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5584] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5584] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5584] ioctl(5, LOOP_CLR_FD) = 0 [pid 5584] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5584] close(5) = 0 [pid 5584] close(4) = 0 [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] pread64(-1, [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5584] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5584] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] write(-1, "#! ./file0\n", 11 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5584] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] mkdir("./file1", 000) = 0 [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 81.779250][ T5584] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5584] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... futex resumed>) = 0 [pid 5584] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] chdir("./file0" [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... chdir resumed>) = 0 [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] openat(AT_FDCWD, ".", O_RDONLY [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... openat resumed>) = 4 [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... openat resumed>) = 5 [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5584] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5583] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5583] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5583] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5603 attached [pid 5603] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5583] <... clone3 resumed> => {parent_tid=[5603]}, 88) = 5603 [pid 5603] <... rseq resumed>) = 0 [pid 5583] rt_sigprocmask(SIG_SETMASK, [], [pid 5603] set_robust_list(0x7f4f3b1419a0, 24 [pid 5583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5603] <... set_robust_list resumed>) = 0 [pid 5583] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5583] <... futex resumed>) = 0 [pid 5603] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5583] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... ioctl resumed>) = 0 [pid 5583] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5603] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] <... write resumed>) = 9740288 [pid 5584] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] exit_group(0 [pid 5603] <... futex resumed>) = ? [pid 5583] <... exit_group resumed>) = ? [pid 5603] +++ exited with 0 +++ [pid 5584] +++ exited with 0 +++ [pid 5583] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5583, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 82.170272][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5604 attached , child_tidptr=0x555581abb690) = 5604 [pid 5604] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5604] chdir("./18") = 0 [pid 5604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5604] setpgid(0, 0) = 0 [pid 5604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5604] write(3, "1000", 4) = 4 [pid 5604] close(3) = 0 [pid 5604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5604] write(1, "executing program\n", 18executing program ) = 18 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5604] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5604] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5604] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5605 attached [pid 5605] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5604] <... clone3 resumed> => {parent_tid=[5605]}, 88) = 5605 [pid 5605] set_robust_list(0x7f4f3b1629a0, 24 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], [pid 5605] <... set_robust_list resumed>) = 0 [pid 5605] rt_sigprocmask(SIG_SETMASK, [], [pid 5604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] memfd_create("syzkaller", 0 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5605] <... memfd_create resumed>) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5605] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] close(4) = 0 [pid 5605] mkdir("./file0", 0777) = 0 [ 82.614313][ T5605] loop0: detected capacity change from 0 to 32768 [ 82.624786][ T5605] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5605) [ 82.641659][ T5605] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.653699][ T5605] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5605] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_CLR_FD) = 0 [pid 5605] close(4) = 0 [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] <... futex resumed>) = 0 [ 82.663121][ T5605] BTRFS info (device loop0): using free-space-tree [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5605] memfd_create("syzkaller", 0 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5605] <... memfd_create resumed>) = 4 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5605] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5605] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5605] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5605] ioctl(5, LOOP_CLR_FD) = 0 [pid 5605] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5605] close(5) = 0 [pid 5605] close(4) = 0 [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5605] <... futex resumed>) = 1 [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] <... futex resumed>) = 0 [pid 5605] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] <... futex resumed>) = 0 [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] write(-1, "#! ./file0\n", 11 [pid 5604] <... futex resumed>) = 0 [pid 5605] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] <... futex resumed>) = 0 [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = 1 [pid 5605] mkdir("./file1", 000 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... mkdir resumed>) = 0 [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5605] <... futex resumed>) = 1 [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] <... futex resumed>) = 0 [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] chdir("./file0") = 0 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] openat(AT_FDCWD, ".", O_RDONLY [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... openat resumed>) = 4 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] <... futex resumed>) = 0 [pid 5605] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... openat resumed>) = 5 [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5604] <... futex resumed>) = 0 [ 82.773165][ T5605] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5604] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5604] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5604] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5604] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5623 attached => {parent_tid=[5623]}, 88) = 5623 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5623] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5604] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5604] <... futex resumed>) = 0 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5604] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5623] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] <... write resumed>) = 9740288 [pid 5605] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] exit_group(0) = ? [pid 5623] <... futex resumed>) = ? [pid 5605] <... futex resumed>) = ? [pid 5623] +++ exited with 0 +++ [pid 5605] +++ exited with 0 +++ [pid 5604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5604, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 83.211760][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5624 attached , child_tidptr=0x555581abb690) = 5624 [pid 5624] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5624] chdir("./19") = 0 [pid 5624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5624] setpgid(0, 0) = 0 [pid 5624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5624] write(3, "1000", 4) = 4 [pid 5624] close(3) = 0 [pid 5624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5624] write(1, "executing program\n", 18executing program ) = 18 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5624] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5625 attached [pid 5625] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5624] <... clone3 resumed> => {parent_tid=[5625]}, 88) = 5625 [pid 5625] <... rseq resumed>) = 0 [pid 5624] rt_sigprocmask(SIG_SETMASK, [], [pid 5625] set_robust_list(0x7f4f3b1629a0, 24 [pid 5624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5625] <... set_robust_list resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5624] <... futex resumed>) = 0 [pid 5625] memfd_create("syzkaller", 0 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5625] <... memfd_create resumed>) = 3 [pid 5625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5625] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5625] close(3) = 0 [pid 5625] close(4) = 0 [pid 5625] mkdir("./file0", 0777) = 0 [ 83.673905][ T5625] loop0: detected capacity change from 0 to 32768 [ 83.696130][ T5625] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5625) [ 83.714226][ T5625] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 83.726297][ T5625] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 83.735356][ T5625] BTRFS info (device loop0): using free-space-tree [pid 5625] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5625] ioctl(4, LOOP_CLR_FD) = 0 [pid 5625] close(4) = 0 [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] memfd_create("syzkaller", 0 [pid 5624] <... futex resumed>) = 0 [pid 5625] <... memfd_create resumed>) = 4 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5625] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5625] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5625] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5625] ioctl(5, LOOP_CLR_FD) = 0 [pid 5625] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5625] close(5) = 0 [pid 5625] close(4) = 0 [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] pread64(-1, [pid 5624] <... futex resumed>) = 0 [pid 5625] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = 0 [pid 5624] <... futex resumed>) = 1 [pid 5625] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5624] <... futex resumed>) = 0 [pid 5625] write(-1, "#! ./file0\n", 11 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = 0 [pid 5625] mkdir("./file1", 000) = 0 [pid 5624] <... futex resumed>) = 1 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [ 83.895727][ T5625] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5624] <... futex resumed>) = 0 [pid 5625] chdir("./file0" [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... chdir resumed>) = 0 [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5625] <... futex resumed>) = 1 [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] openat(AT_FDCWD, ".", O_RDONLY [pid 5624] <... futex resumed>) = 0 [pid 5625] <... openat resumed>) = 4 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... openat resumed>) = 5 [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5624] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5624] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5644 attached [pid 5644] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5624] <... clone3 resumed> => {parent_tid=[5644]}, 88) = 5644 [pid 5644] <... rseq resumed>) = 0 [pid 5624] rt_sigprocmask(SIG_SETMASK, [], [pid 5644] set_robust_list(0x7f4f3b1419a0, 24 [pid 5624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5644] <... set_robust_list resumed>) = 0 [pid 5644] rt_sigprocmask(SIG_SETMASK, [], [pid 5624] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5644] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5624] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5644] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] <... write resumed>) = 9740288 [pid 5625] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] exit_group(0 [pid 5644] <... futex resumed>) = ? [pid 5625] <... futex resumed>) = ? [pid 5624] <... exit_group resumed>) = ? [pid 5644] +++ exited with 0 +++ [pid 5625] +++ exited with 0 +++ [pid 5624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5624, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 84.396940][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5645 attached , child_tidptr=0x555581abb690) = 5645 [pid 5645] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5645] chdir("./20") = 0 [pid 5645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5645] setpgid(0, 0) = 0 [pid 5645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5645] write(3, "1000", 4) = 4 [pid 5645] close(3) = 0 [pid 5645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5645] write(1, "executing program\n", 18executing program ) = 18 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5645] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5646 attached [pid 5646] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5645] <... clone3 resumed> => {parent_tid=[5646]}, 88) = 5646 [pid 5646] set_robust_list(0x7f4f3b1629a0, 24 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5646] <... set_robust_list resumed>) = 0 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] <... futex resumed>) = 0 [pid 5646] memfd_create("syzkaller", 0 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5646] <... memfd_create resumed>) = 3 [pid 5646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5646] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5646] close(3) = 0 [pid 5646] close(4) = 0 [pid 5646] mkdir("./file0", 0777) = 0 [ 84.870067][ T5646] loop0: detected capacity change from 0 to 32768 [ 84.902839][ T5646] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5646) [pid 5646] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5646] ioctl(4, LOOP_CLR_FD) = 0 [ 84.937496][ T5646] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 84.948151][ T5646] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 84.957169][ T5646] BTRFS info (device loop0): using free-space-tree [pid 5646] close(4) = 0 [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] memfd_create("syzkaller", 0 [pid 5645] <... futex resumed>) = 0 [pid 5646] <... memfd_create resumed>) = 4 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5646] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5646] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5646] ioctl(5, LOOP_CLR_FD) = 0 [pid 5646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5646] close(5) = 0 [pid 5646] close(4) = 0 [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] pread64(-1, [pid 5645] <... futex resumed>) = 0 [pid 5646] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = 0 [pid 5645] <... futex resumed>) = 1 [pid 5646] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5646] <... futex resumed>) = 1 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5646] mkdir("./file1", 000 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... mkdir resumed>) = 0 [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5646] <... futex resumed>) = 1 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5645] <... futex resumed>) = 0 [pid 5646] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5646] <... futex resumed>) = 0 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] chdir("./file0") = 0 [pid 5645] <... futex resumed>) = 0 [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... futex resumed>) = 0 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5646] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] <... futex resumed>) = 0 [pid 5646] openat(AT_FDCWD, ".", O_RDONLY [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... openat resumed>) = 4 [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5646] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] <... openat resumed>) = 5 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5646] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = 0 [pid 5645] <... futex resumed>) = 1 [pid 5646] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 85.135719][ T5646] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5645] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5645] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5645] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5665 attached [pid 5665] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5645] <... clone3 resumed> => {parent_tid=[5665]}, 88) = 5665 [pid 5665] <... rseq resumed>) = 0 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5665] set_robust_list(0x7f4f3b1419a0, 24 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5665] <... set_robust_list resumed>) = 0 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5665] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5665] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5645] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5665] <... ioctl resumed>) = 0 [pid 5665] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... write resumed>) = 9740288 [pid 5646] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] exit_group(0 [pid 5665] <... futex resumed>) = ? [pid 5646] <... futex resumed>) = ? [pid 5645] <... exit_group resumed>) = ? [pid 5646] +++ exited with 0 +++ [pid 5665] +++ exited with 0 +++ [pid 5645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5645, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 85.566381][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5666 attached , child_tidptr=0x555581abb690) = 5666 [pid 5666] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5666] chdir("./21") = 0 [pid 5666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5666] setpgid(0, 0) = 0 [pid 5666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5666] write(3, "1000", 4) = 4 [pid 5666] close(3) = 0 [pid 5666] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5666] write(1, "executing program\n", 18) = 18 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5666] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5667 attached [pid 5667] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5666] <... clone3 resumed> => {parent_tid=[5667]}, 88) = 5667 [pid 5667] <... rseq resumed>) = 0 [pid 5667] set_robust_list(0x7f4f3b1629a0, 24 [pid 5666] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] <... set_robust_list resumed>) = 0 [pid 5666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5666] <... futex resumed>) = 0 [pid 5667] memfd_create("syzkaller", 0 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5667] <... memfd_create resumed>) = 3 [pid 5667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5667] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5667] close(3) = 0 [pid 5667] close(4) = 0 [pid 5667] mkdir("./file0", 0777) = 0 [ 85.958187][ T5667] loop0: detected capacity change from 0 to 32768 [ 85.980204][ T5667] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5667) [pid 5667] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 85.999524][ T5667] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 86.010098][ T5667] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 86.018807][ T5667] BTRFS info (device loop0): using free-space-tree [pid 5667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5667] ioctl(4, LOOP_CLR_FD) = 0 [pid 5667] close(4) = 0 [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5667] memfd_create("syzkaller", 0 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5667] <... memfd_create resumed>) = 4 [pid 5667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5667] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5667] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5667] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5667] ioctl(5, LOOP_CLR_FD) = 0 [pid 5667] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5667] close(5) = 0 [pid 5667] close(4) = 0 [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5666] <... futex resumed>) = 0 [pid 5667] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] <... futex resumed>) = 0 [pid 5667] write(-1, "#! ./file0\n", 11 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL) = -1 EINVAL (Invalid argument) [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = 1 [pid 5667] mkdir("./file1", 000) = 0 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] chdir("./file0" [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... chdir resumed>) = 0 [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] openat(AT_FDCWD, ".", O_RDONLY [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... openat resumed>) = 4 [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = 0 [pid 5667] <... futex resumed>) = 1 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... openat resumed>) = 5 [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 86.240388][ T5667] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5666] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5666] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5666] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5686 attached => {parent_tid=[5686]}, 88) = 5686 [pid 5686] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5686] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], [pid 5666] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5666] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5686] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5686] <... ioctl resumed>) = 0 [pid 5686] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5686] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] <... futex resumed>) = 0 [pid 5667] <... write resumed>) = 9740288 [pid 5667] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] exit_group(0 [pid 5686] <... futex resumed>) = ? [pid 5667] <... futex resumed>) = ? [pid 5666] <... exit_group resumed>) = ? [pid 5686] +++ exited with 0 +++ [pid 5667] +++ exited with 0 +++ [pid 5666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5666, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 86.734107][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5687 ./strace-static-x86_64: Process 5687 attached [pid 5687] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5687] chdir("./22") = 0 [pid 5687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5687] setpgid(0, 0) = 0 [pid 5687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5687] write(3, "1000", 4) = 4 [pid 5687] close(3) = 0 [pid 5687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5687] write(1, "executing program\n", 18executing program ) = 18 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5687] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5688 attached [pid 5688] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5687] <... clone3 resumed> => {parent_tid=[5688]}, 88) = 5688 [pid 5688] <... rseq resumed>) = 0 [pid 5688] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5688] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5688] memfd_create("syzkaller", 0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5688] <... memfd_create resumed>) = 3 [pid 5688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5688] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5688] close(3) = 0 [pid 5688] close(4) = 0 [pid 5688] mkdir("./file0", 0777) = 0 [ 87.116689][ T5688] loop0: detected capacity change from 0 to 32768 [ 87.159712][ T5688] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5688) [ 87.185803][ T5688] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 87.196394][ T5688] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 87.205860][ T5688] BTRFS info (device loop0): using free-space-tree [pid 5688] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5688] ioctl(4, LOOP_CLR_FD) = 0 [pid 5688] close(4) = 0 [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] memfd_create("syzkaller", 0 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... memfd_create resumed>) = 4 [pid 5687] <... futex resumed>) = 0 [pid 5688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5688] <... mmap resumed>) = 0x7f4f32c00000 [pid 5688] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5688] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5688] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5688] ioctl(5, LOOP_CLR_FD) = 0 [pid 5688] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5688] close(5) = 0 [pid 5688] close(4) = 0 [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] pread64(-1, [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 0 [pid 5688] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5688] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] <... futex resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] write(-1, "#! ./file0\n", 11 [pid 5687] <... futex resumed>) = 0 [pid 5688] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5688] <... futex resumed>) = 1 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] mkdir("./file1", 000 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... mkdir resumed>) = 0 [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] <... futex resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] chdir("./file0" [pid 5687] <... futex resumed>) = 0 [pid 5688] <... chdir resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] openat(AT_FDCWD, ".", O_RDONLY [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5688] <... openat resumed>) = 4 [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... openat resumed>) = 5 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] <... futex resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5687] <... futex resumed>) = 0 [ 87.380327][ T5688] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5687] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5687] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5687] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5707 attached [pid 5707] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5687] <... clone3 resumed> => {parent_tid=[5707]}, 88) = 5707 [pid 5707] <... rseq resumed>) = 0 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], [pid 5707] set_robust_list(0x7f4f3b1419a0, 24 [pid 5687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5707] <... set_robust_list resumed>) = 0 [pid 5687] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] rt_sigprocmask(SIG_SETMASK, [], [pid 5687] <... futex resumed>) = 0 [pid 5707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5707] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5707] <... futex resumed>) = 0 [pid 5707] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] <... write resumed>) = 9740288 [pid 5688] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] exit_group(0 [pid 5688] <... futex resumed>) = ? [pid 5687] <... exit_group resumed>) = ? [pid 5707] <... futex resumed>) = ? [pid 5688] +++ exited with 0 +++ [pid 5707] +++ exited with 0 +++ [pid 5687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5687, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 87.832618][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5708 attached , child_tidptr=0x555581abb690) = 5708 [pid 5708] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5708] chdir("./23") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] write(1, "executing program\n", 18executing program ) = 18 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5708] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5709 attached [pid 5709] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5708] <... clone3 resumed> => {parent_tid=[5709]}, 88) = 5709 [pid 5709] <... rseq resumed>) = 0 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5709] set_robust_list(0x7f4f3b1629a0, 24 [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5709] <... set_robust_list resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] rt_sigprocmask(SIG_SETMASK, [], [pid 5708] <... futex resumed>) = 0 [pid 5709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5709] memfd_create("syzkaller", 0 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5709] <... memfd_create resumed>) = 3 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5709] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [pid 5709] close(4) = 0 [pid 5709] mkdir("./file0", 0777) = 0 [ 88.281424][ T5709] loop0: detected capacity change from 0 to 32768 [ 88.302211][ T5709] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5709) [pid 5709] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 88.326777][ T5709] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 88.337221][ T5709] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 88.346366][ T5709] BTRFS info (device loop0): using free-space-tree [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_CLR_FD) = 0 [pid 5709] close(4) = 0 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] memfd_create("syzkaller", 0 [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] <... memfd_create resumed>) = 4 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5709] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5709] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5709] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5709] ioctl(5, LOOP_CLR_FD) = 0 [pid 5709] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5709] close(5) = 0 [pid 5709] close(4) = 0 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5709] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5708] <... futex resumed>) = 1 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5709] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5709] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5709] mkdir("./file1", 000 [pid 5708] <... futex resumed>) = 0 [pid 5709] <... mkdir resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] chdir("./file0" [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... chdir resumed>) = 0 [ 88.496832][ T5709] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = 1 [pid 5709] openat(AT_FDCWD, ".", O_RDONLY [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... openat resumed>) = 4 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = 1 [pid 5709] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... openat resumed>) = 5 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5708] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5708] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5708] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5728 attached => {parent_tid=[5728]}, 88) = 5728 [pid 5728] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5728] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5708] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... ioctl resumed>) = 0 [pid 5728] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5728] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5709] <... write resumed>) = 9740288 [pid 5709] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] exit_group(0 [pid 5728] <... futex resumed>) = ? [pid 5709] <... futex resumed>) = ? [pid 5728] +++ exited with 0 +++ [pid 5709] +++ exited with 0 +++ [pid 5708] <... exit_group resumed>) = ? [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 88.973015][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5729 ./strace-static-x86_64: Process 5729 attached [pid 5729] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5729] chdir("./24") = 0 [pid 5729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5729] setpgid(0, 0) = 0 [pid 5729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5729] write(3, "1000", 4) = 4 [pid 5729] close(3) = 0 [pid 5729] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5729] write(1, "executing program\n", 18) = 18 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5729] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0} => {parent_tid=[5730]}, 88) = 5730 ./strace-static-x86_64: Process 5730 attached [pid 5730] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5730] set_robust_list(0x7f4f3b1629a0, 24 [pid 5729] rt_sigprocmask(SIG_SETMASK, [], [pid 5730] <... set_robust_list resumed>) = 0 [pid 5729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5730] rt_sigprocmask(SIG_SETMASK, [], [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5730] memfd_create("syzkaller", 0) = 3 [pid 5730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5730] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5730] close(3) = 0 [pid 5730] close(4) = 0 [pid 5730] mkdir("./file0", 0777) = 0 [ 89.382864][ T5730] loop0: detected capacity change from 0 to 32768 [ 89.403950][ T5730] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5730) [ 89.423606][ T5730] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 89.434080][ T5730] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 89.442841][ T5730] BTRFS info (device loop0): using free-space-tree [pid 5730] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5730] ioctl(4, LOOP_CLR_FD) = 0 [pid 5730] close(4) = 0 [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] memfd_create("syzkaller", 0 [pid 5729] <... futex resumed>) = 0 [pid 5730] <... memfd_create resumed>) = 4 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5730] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5730] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5730] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5730] ioctl(5, LOOP_CLR_FD) = 0 [pid 5730] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5730] close(5) = 0 [pid 5730] close(4) = 0 [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5730] pread64(-1, [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5730] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5730] write(-1, "#! ./file0\n", 11 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5730] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5730] mkdir("./file1", 000 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... mkdir resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5730] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] chdir("./file0") = 0 [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = 0 [pid 5730] openat(AT_FDCWD, ".", O_RDONLY [pid 5729] <... futex resumed>) = 1 [pid 5730] <... openat resumed>) = 4 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... openat resumed>) = 5 [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5729] <... futex resumed>) = 0 [pid 5730] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 89.660500][ T5730] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5729] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5729] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5729] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5749 attached => {parent_tid=[5749]}, 88) = 5749 [pid 5729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5729] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5749] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5749] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5729] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5749] <... ioctl resumed>) = 0 [pid 5749] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5730] <... write resumed>) = 9740288 [pid 5730] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] exit_group(0 [pid 5749] <... futex resumed>) = ? [pid 5730] <... futex resumed>) = ? [pid 5729] <... exit_group resumed>) = ? [pid 5730] +++ exited with 0 +++ [pid 5749] +++ exited with 0 +++ [pid 5729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5729, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 90.062072][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5750 attached , child_tidptr=0x555581abb690) = 5750 [pid 5750] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5750] chdir("./25") = 0 [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5750] write(3, "1000", 4) = 4 [pid 5750] close(3) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5750] write(1, "executing program\n", 18executing program ) = 18 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5750] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5751 attached => {parent_tid=[5751]}, 88) = 5751 [pid 5751] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5751] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5751] memfd_create("syzkaller", 0 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5751] <... memfd_create resumed>) = 3 [pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5751] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5751] close(3) = 0 [pid 5751] close(4) = 0 [pid 5751] mkdir("./file0", 0777) = 0 [ 90.505666][ T5751] loop0: detected capacity change from 0 to 32768 [ 90.536501][ T5751] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5751) [pid 5751] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_CLR_FD) = 0 [pid 5751] close(4) = 0 [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5751] memfd_create("syzkaller", 0) = 4 [ 90.555296][ T5751] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 90.567074][ T5751] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 90.576354][ T5751] BTRFS info (device loop0): using free-space-tree [pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5751] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5751] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5751] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5751] ioctl(5, LOOP_CLR_FD) = 0 [pid 5751] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5751] close(5) = 0 [pid 5751] close(4) = 0 [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5751] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5751] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] write(-1, "#! ./file0\n", 11 [pid 5750] <... futex resumed>) = 0 [pid 5751] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... futex resumed>) = 0 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5751] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] mkdir("./file1", 000 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... mkdir resumed>) = 0 [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5750] <... futex resumed>) = 0 [pid 5751] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] chdir("./file0" [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... chdir resumed>) = 0 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5751] openat(AT_FDCWD, ".", O_RDONLY [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... openat resumed>) = 4 [pid 5750] <... futex resumed>) = 0 [ 90.710834][ T5751] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... openat resumed>) = 5 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5750] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5750] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5770 attached => {parent_tid=[5770]}, 88) = 5770 [pid 5770] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], [pid 5770] <... rseq resumed>) = 0 [pid 5750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5750] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] set_robust_list(0x7f4f3b1419a0, 24 [pid 5750] <... futex resumed>) = 0 [pid 5770] <... set_robust_list resumed>) = 0 [pid 5750] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5770] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5770] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5770] <... futex resumed>) = 0 [pid 5770] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] <... write resumed>) = 9740288 [pid 5751] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] exit_group(0 [pid 5770] <... futex resumed>) = ? [pid 5750] <... exit_group resumed>) = ? [pid 5751] <... futex resumed>) = ? [pid 5770] +++ exited with 0 +++ [pid 5751] +++ exited with 0 +++ [pid 5750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5750, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 91.168609][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5771 attached , child_tidptr=0x555581abb690) = 5771 [pid 5771] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5771] chdir("./26") = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5771] write(3, "1000", 4) = 4 [pid 5771] close(3) = 0 [pid 5771] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5771] write(1, "executing program\n", 18) = 18 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5771] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5771] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5772 attached [pid 5772] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5771] <... clone3 resumed> => {parent_tid=[5772]}, 88) = 5772 [pid 5772] <... rseq resumed>) = 0 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], [pid 5772] set_robust_list(0x7f4f3b1629a0, 24 [pid 5771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5772] <... set_robust_list resumed>) = 0 [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5772] memfd_create("syzkaller", 0) = 3 [pid 5772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5772] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5772] close(3) = 0 [pid 5772] close(4) = 0 [pid 5772] mkdir("./file0", 0777) = 0 [ 91.601961][ T5772] loop0: detected capacity change from 0 to 32768 [ 91.632249][ T5772] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5772) [pid 5772] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 91.653300][ T5772] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 91.663750][ T5772] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 91.672570][ T5772] BTRFS info (device loop0): using free-space-tree [pid 5772] ioctl(4, LOOP_CLR_FD) = 0 [pid 5772] close(4) = 0 [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5772] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] <... futex resumed>) = 0 [pid 5772] memfd_create("syzkaller", 0 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5772] <... memfd_create resumed>) = 4 [pid 5772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5772] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5772] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5772] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5772] ioctl(5, LOOP_CLR_FD) = 0 [pid 5772] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5772] close(5) = 0 [pid 5772] close(4) = 0 [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] pread64(-1, [pid 5771] <... futex resumed>) = 0 [pid 5772] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5772] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... futex resumed>) = 0 [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5772] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] <... futex resumed>) = 0 [pid 5772] write(-1, "#! ./file0\n", 11 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5772] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] mkdir("./file1", 000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... mkdir resumed>) = 0 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5772] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] <... futex resumed>) = 0 [pid 5772] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] chdir("./file0") = 0 [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] openat(AT_FDCWD, ".", O_RDONLY [pid 5771] <... futex resumed>) = 0 [pid 5772] <... openat resumed>) = 4 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... openat resumed>) = 5 [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5772] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5771] <... futex resumed>) = 1 [ 91.865712][ T5772] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5771] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5771] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5771] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5791 attached [pid 5791] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5771] <... clone3 resumed> => {parent_tid=[5791]}, 88) = 5791 [pid 5791] <... rseq resumed>) = 0 [pid 5791] set_robust_list(0x7f4f3b1419a0, 24 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], [pid 5791] <... set_robust_list resumed>) = 0 [pid 5771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], [pid 5771] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5771] <... futex resumed>) = 0 [pid 5791] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5771] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... ioctl resumed>) = 0 [pid 5791] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5791] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] <... futex resumed>) = 0 [pid 5772] <... write resumed>) = 9740288 [pid 5772] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] exit_group(0 [pid 5791] <... futex resumed>) = ? [pid 5771] <... exit_group resumed>) = ? [pid 5791] +++ exited with 0 +++ [pid 5772] +++ exited with 0 +++ [pid 5771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5771, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 92.271757][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5792 attached , child_tidptr=0x555581abb690) = 5792 [pid 5792] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5792] chdir("./27") = 0 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5792] write(1, "executing program\n", 18) = 18 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5792] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5793 attached [pid 5793] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5792] <... clone3 resumed> => {parent_tid=[5793]}, 88) = 5793 [pid 5793] set_robust_list(0x7f4f3b1629a0, 24 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], [pid 5793] <... set_robust_list resumed>) = 0 [pid 5792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5793] memfd_create("syzkaller", 0 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5793] <... memfd_create resumed>) = 3 [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5793] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5793] close(3) = 0 [pid 5793] close(4) = 0 [pid 5793] mkdir("./file0", 0777) = 0 [ 92.719599][ T5793] loop0: detected capacity change from 0 to 32768 [ 92.740504][ T5793] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5793) [ 92.761354][ T5793] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 92.772297][ T5793] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 92.781599][ T5793] BTRFS info (device loop0): using free-space-tree [pid 5793] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5793] ioctl(4, LOOP_CLR_FD) = 0 [pid 5793] close(4) = 0 [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] memfd_create("syzkaller", 0 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5793] <... memfd_create resumed>) = 4 [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5793] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5793] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5793] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5793] ioctl(5, LOOP_CLR_FD) = 0 [pid 5793] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5793] close(5) = 0 [pid 5793] close(4) = 0 [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 1 [pid 5793] pread64(-1, [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] write(-1, "#! ./file0\n", 11 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] mkdir("./file1", 000 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... mkdir resumed>) = 0 [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] chdir("./file0" [pid 5792] <... futex resumed>) = 0 [pid 5793] <... chdir resumed>) = 0 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] openat(AT_FDCWD, ".", O_RDONLY [pid 5792] <... futex resumed>) = 0 [pid 5793] <... openat resumed>) = 4 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5793] <... openat resumed>) = 5 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] <... futex resumed>) = 0 [pid 5793] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 1 [pid 5793] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 92.985822][ T5793] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5792] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5792] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5792] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5812 attached [pid 5812] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5792] <... clone3 resumed> => {parent_tid=[5812]}, 88) = 5812 [pid 5812] <... rseq resumed>) = 0 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], [pid 5812] set_robust_list(0x7f4f3b1419a0, 24 [pid 5792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5812] <... set_robust_list resumed>) = 0 [pid 5792] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5812] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5792] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] <... ioctl resumed>) = 0 [pid 5792] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5812] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] <... write resumed>) = 9740288 [pid 5793] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] exit_group(0 [pid 5812] <... futex resumed>) = ? [pid 5812] +++ exited with 0 +++ [pid 5793] <... futex resumed>) = ? [pid 5792] <... exit_group resumed>) = ? [pid 5793] +++ exited with 0 +++ [pid 5792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5792, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 93.435210][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5813 attached , child_tidptr=0x555581abb690) = 5813 [pid 5813] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5813] chdir("./28") = 0 [pid 5813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5813] setpgid(0, 0) = 0 [pid 5813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5813] write(3, "1000", 4) = 4 [pid 5813] close(3) = 0 [pid 5813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5813] write(1, "executing program\n", 18executing program ) = 18 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5813] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5814 attached [pid 5814] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5813] <... clone3 resumed> => {parent_tid=[5814]}, 88) = 5814 [pid 5814] <... rseq resumed>) = 0 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], [pid 5814] set_robust_list(0x7f4f3b1629a0, 24 [pid 5813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5814] <... set_robust_list resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5813] <... futex resumed>) = 0 [pid 5814] memfd_create("syzkaller", 0 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5814] <... memfd_create resumed>) = 3 [pid 5814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5814] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5814] close(3) = 0 [pid 5814] close(4) = 0 [pid 5814] mkdir("./file0", 0777) = 0 [ 93.920677][ T5814] loop0: detected capacity change from 0 to 32768 [ 93.957195][ T5814] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5814) [pid 5814] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5814] ioctl(4, LOOP_CLR_FD) = 0 [pid 5814] close(4) = 0 [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5813] <... futex resumed>) = 1 [pid 5814] memfd_create("syzkaller", 0) = 4 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5814] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5814] munmap(0x7f4f32c00000, 138412032) = 0 [ 93.977340][ T5814] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 93.992631][ T5814] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 94.002065][ T5814] BTRFS info (device loop0): using free-space-tree [pid 5814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5814] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5814] ioctl(5, LOOP_CLR_FD) = 0 [pid 5814] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5814] close(5) = 0 [pid 5814] close(4) = 0 [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5813] <... futex resumed>) = 1 [pid 5814] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5813] <... futex resumed>) = 1 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5813] <... futex resumed>) = 1 [pid 5814] write(-1, "#! ./file0\n", 11 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] mkdir("./file1", 000 [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... mkdir resumed>) = 0 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... futex resumed>) = 1 [ 94.156269][ T5814] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5814] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] <... futex resumed>) = 1 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] chdir("./file0") = 0 [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... openat resumed>) = 5 [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5813] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5813] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0} => {parent_tid=[5833]}, 88) = 5833 ./strace-static-x86_64: Process 5833 attached [pid 5813] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] set_robust_list(0x7f4f3b1419a0, 24 [pid 5813] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5813] <... futex resumed>) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5813] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5813] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... ioctl resumed>) = 0 [pid 5833] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... write resumed>) = 9740288 [pid 5814] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] exit_group(0 [pid 5833] <... futex resumed>) = ? [pid 5814] <... futex resumed>) = ? [pid 5813] <... exit_group resumed>) = ? [pid 5814] +++ exited with 0 +++ [pid 5833] +++ exited with 0 +++ [pid 5813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5813, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 94.621439][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached , child_tidptr=0x555581abb690) = 5834 [pid 5834] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5834] chdir("./29") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5834] write(1, "executing program\n", 18) = 18 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5834] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5835 attached [pid 5835] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5834] <... clone3 resumed> => {parent_tid=[5835]}, 88) = 5835 [pid 5835] <... rseq resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] set_robust_list(0x7f4f3b1629a0, 24 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... futex resumed>) = 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] memfd_create("syzkaller", 0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] <... memfd_create resumed>) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5835] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] close(4) = 0 [pid 5835] mkdir("./file0", 0777) = 0 [ 95.068186][ T5835] loop0: detected capacity change from 0 to 32768 [ 95.101309][ T5835] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5835) [pid 5835] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_CLR_FD) = 0 [pid 5835] close(4) = 0 [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] memfd_create("syzkaller", 0 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] <... memfd_create resumed>) = 4 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5835] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5835] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5835] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5835] ioctl(5, LOOP_CLR_FD) = 0 [pid 5835] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5835] close(5) = 0 [pid 5835] close(4) = 0 [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] pread64(-1, [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] write(-1, "#! ./file0\n", 11 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... write resumed>) = -1 EBADF (Bad file descriptor) [ 95.126991][ T5835] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 95.137858][ T5835] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 95.147077][ T5835] BTRFS info (device loop0): using free-space-tree [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] mkdir("./file1", 000 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... mkdir resumed>) = 0 [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] chdir("./file0" [pid 5834] <... futex resumed>) = 0 [pid 5835] <... chdir resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] openat(AT_FDCWD, ".", O_RDONLY [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 4 [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 5 [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 95.211055][ T5835] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5834] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5834] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5834] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] <... rseq resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] set_robust_list(0x7f4f3b1419a0, 24 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5834] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... futex resumed>) = 0 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5853] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5835] <... write resumed>) = 9740288 [pid 5835] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] exit_group(0 [pid 5853] <... futex resumed>) = ? [pid 5834] <... exit_group resumed>) = ? [pid 5835] <... futex resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 95.667301][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x555581abb690) = 5854 [pid 5854] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5854] chdir("./30") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] write(1, "executing program\n", 18) = 18 executing program [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5854] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5855 attached [pid 5855] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5854] <... clone3 resumed> => {parent_tid=[5855]}, 88) = 5855 [pid 5855] <... rseq resumed>) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] set_robust_list(0x7f4f3b1629a0, 24 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5855] memfd_create("syzkaller", 0 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] <... memfd_create resumed>) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5855] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./file0", 0777) = 0 [ 96.082793][ T5855] loop0: detected capacity change from 0 to 32768 [ 96.113183][ T5855] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5855) [pid 5855] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 96.130876][ T5855] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 96.142751][ T5855] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 96.151961][ T5855] BTRFS info (device loop0): using free-space-tree [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_CLR_FD) = 0 [pid 5855] close(4) = 0 [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] memfd_create("syzkaller", 0 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] <... memfd_create resumed>) = 4 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5855] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5855] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5855] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5855] ioctl(5, LOOP_CLR_FD) = 0 [pid 5855] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5855] close(5) = 0 [pid 5855] close(4) = 0 [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5855] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5854] <... futex resumed>) = 0 [pid 5855] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... futex resumed>) = 0 [pid 5855] write(-1, "#! ./file0\n", 11 [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 1 [pid 5855] mkdir("./file1", 000 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... mkdir resumed>) = 0 [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] chdir("./file0" [pid 5854] <... futex resumed>) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5855] openat(AT_FDCWD, ".", O_RDONLY [pid 5854] <... futex resumed>) = 1 [pid 5855] <... openat resumed>) = 4 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... openat resumed>) = 5 [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5855] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 96.359748][ T5855] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5854] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5854] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5874 attached => {parent_tid=[5874]}, 88) = 5874 [pid 5874] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5874] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5854] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5874] <... ioctl resumed>) = 0 [pid 5874] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... write resumed>) = 9740288 [pid 5855] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] exit_group(0 [pid 5874] <... futex resumed>) = ? [pid 5855] <... futex resumed>) = ? [pid 5854] <... exit_group resumed>) = ? [pid 5874] +++ exited with 0 +++ [pid 5855] +++ exited with 0 +++ [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 96.789574][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached , child_tidptr=0x555581abb690) = 5876 [pid 5876] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5876] chdir("./31") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5876] write(1, "executing program\n", 18) = 18 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5876] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5877] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5876] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5877] memfd_create("syzkaller", 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] <... memfd_create resumed>) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5877] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./file0", 0777) = 0 [ 97.316271][ T5877] loop0: detected capacity change from 0 to 32768 [ 97.345380][ T5877] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5877) [pid 5877] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 97.369621][ T5877] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 97.380423][ T5877] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 97.389255][ T5877] BTRFS info (device loop0): using free-space-tree [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_CLR_FD) = 0 [pid 5877] close(4) = 0 [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5877] memfd_create("syzkaller", 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] <... memfd_create resumed>) = 4 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5877] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5877] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5877] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5877] ioctl(5, LOOP_CLR_FD) = 0 [pid 5877] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5877] close(5) = 0 [pid 5877] close(4) = 0 [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [pid 5877] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [pid 5877] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [pid 5877] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL) = -1 EINVAL (Invalid argument) [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] mkdir("./file1", 000) = 0 [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [ 97.547328][ T5877] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5877] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [pid 5877] chdir("./file0") = 0 [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [pid 5877] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5877] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... openat resumed>) = 5 [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [pid 5877] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5876] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5876] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5876] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5899 attached => {parent_tid=[5899]}, 88) = 5899 [pid 5899] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5899] <... rseq resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] set_robust_list(0x7f4f3b1419a0, 24 [pid 5876] <... futex resumed>) = 0 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5876] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5899] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5899] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] <... write resumed>) = 9740288 [pid 5877] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] exit_group(0 [pid 5899] <... futex resumed>) = ? [pid 5877] <... futex resumed>) = ? [pid 5876] <... exit_group resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 98.039594][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached , child_tidptr=0x555581abb690) = 5901 [pid 5901] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5901] chdir("./32") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] write(1, "executing program\n", 18executing program ) = 18 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5901] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5902 attached [pid 5902] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5901] <... clone3 resumed> => {parent_tid=[5902]}, 88) = 5902 [pid 5902] <... rseq resumed>) = 0 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] set_robust_list(0x7f4f3b1629a0, 24 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] <... futex resumed>) = 0 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5902] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5902] mkdir("./file0", 0777) = 0 [ 98.453694][ T5902] loop0: detected capacity change from 0 to 32768 [ 98.476178][ T5902] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5902) [ 98.495970][ T5902] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.507103][ T5902] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 98.516159][ T5902] BTRFS info (device loop0): using free-space-tree [pid 5902] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_CLR_FD) = 0 [pid 5902] close(4) = 0 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] memfd_create("syzkaller", 0 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5902] <... memfd_create resumed>) = 4 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5902] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5902] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5902] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5902] ioctl(5, LOOP_CLR_FD) = 0 [pid 5902] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5902] close(5) = 0 [pid 5902] close(4) = 0 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] pread64(-1, [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... futex resumed>) = 0 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5902] write(-1, "#! ./file0\n", 11 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5901] <... futex resumed>) = 1 [pid 5902] mkdir("./file1", 000 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... mkdir resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... futex resumed>) = 0 [pid 5902] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 98.762545][ T5902] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5902] chdir("./file0" [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... chdir resumed>) = 0 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] openat(AT_FDCWD, ".", O_RDONLY [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... openat resumed>) = 4 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... openat resumed>) = 5 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5901] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5901] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5901] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5923] <... rseq resumed>) = 0 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] set_robust_list(0x7f4f3b1419a0, 24 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5901] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] <... futex resumed>) = 0 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 5923] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5923] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] <... write resumed>) = 9740288 [pid 5902] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] exit_group(0) = ? [pid 5923] <... futex resumed>) = ? [pid 5902] <... futex resumed>) = ? [pid 5923] +++ exited with 0 +++ [pid 5902] +++ exited with 0 +++ [pid 5901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 99.247848][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached , child_tidptr=0x555581abb690) = 5924 [pid 5924] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5924] chdir("./33") = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5924] write(1, "executing program\n", 18executing program ) = 18 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5924] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5925 attached [pid 5925] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5924] <... clone3 resumed> => {parent_tid=[5925]}, 88) = 5925 [pid 5925] <... rseq resumed>) = 0 [pid 5925] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5924] <... futex resumed>) = 1 [pid 5925] memfd_create("syzkaller", 0 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5925] <... memfd_create resumed>) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5925] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5925] close(3) = 0 [pid 5925] close(4) = 0 [pid 5925] mkdir("./file0", 0777) = 0 [ 99.581945][ T5925] loop0: detected capacity change from 0 to 32768 [ 99.613661][ T5925] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5925) [pid 5925] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 99.632959][ T5925] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.644882][ T5925] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 99.654375][ T5925] BTRFS info (device loop0): using free-space-tree [pid 5925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_CLR_FD) = 0 [pid 5925] close(4) = 0 [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 0 [pid 5925] memfd_create("syzkaller", 0) = 4 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5925] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5925] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5925] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5925] ioctl(5, LOOP_CLR_FD) = 0 [pid 5925] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5925] close(5) = 0 [pid 5925] close(4) = 0 [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] <... futex resumed>) = 0 [pid 5925] pread64(-1, [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] <... futex resumed>) = 0 [pid 5925] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] <... futex resumed>) = 0 [pid 5925] mkdir("./file1", 000 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... mkdir resumed>) = 0 [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] <... futex resumed>) = 0 [pid 5925] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] chdir("./file0" [pid 5924] <... futex resumed>) = 0 [pid 5925] <... chdir resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... openat resumed>) = 5 [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 99.857634][ T5925] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5925] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5924] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5924] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5924] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5944 attached [pid 5944] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5924] <... clone3 resumed> => {parent_tid=[5944]}, 88) = 5944 [pid 5944] <... rseq resumed>) = 0 [pid 5944] set_robust_list(0x7f4f3b1419a0, 24 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] <... set_robust_list resumed>) = 0 [pid 5924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5924] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] <... ioctl resumed>) = 0 [pid 5944] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 1 [pid 5944] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... write resumed>) = 9740288 [pid 5925] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] exit_group(0 [pid 5925] <... futex resumed>) = ? [pid 5924] <... exit_group resumed>) = ? [pid 5944] <... futex resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ [pid 5924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 100.239804][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached , child_tidptr=0x555581abb690) = 5945 [pid 5945] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5945] chdir("./34") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5945] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5945] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5946] <... rseq resumed>) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] set_robust_list(0x7f4f3b1629a0, 24 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5945] <... futex resumed>) = 0 [pid 5946] memfd_create("syzkaller", 0 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... memfd_create resumed>) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5946] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5946] close(3) = 0 [pid 5946] close(4) = 0 [pid 5946] mkdir("./file0", 0777) = 0 [ 100.679913][ T5946] loop0: detected capacity change from 0 to 32768 [ 100.700271][ T5946] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5946) [ 100.718696][ T5946] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 5946] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 100.733156][ T5946] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 100.742263][ T5946] BTRFS info (device loop0): using free-space-tree [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_CLR_FD) = 0 [pid 5946] close(4) = 0 [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] memfd_create("syzkaller", 0 [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] <... memfd_create resumed>) = 4 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5946] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5946] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5946] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5946] ioctl(5, LOOP_CLR_FD) = 0 [pid 5946] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5946] close(5) = 0 [pid 5946] close(4) = 0 [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5946] pread64(-1, [pid 5945] <... futex resumed>) = 1 [pid 5946] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] <... futex resumed>) = 0 [pid 5946] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] write(-1, "#! ./file0\n", 11 [pid 5945] <... futex resumed>) = 0 [pid 5946] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5946] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5945] <... futex resumed>) = 1 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] mkdir("./file1", 000 [pid 5945] <... futex resumed>) = 0 [pid 5946] <... mkdir resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] chdir("./file0" [pid 5945] <... futex resumed>) = 0 [pid 5946] <... chdir resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... openat resumed>) = 5 [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5945] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.952872][ T5946] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5945] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5945] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5945] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5965 attached [pid 5965] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5945] <... clone3 resumed> => {parent_tid=[5965]}, 88) = 5965 [pid 5965] <... rseq resumed>) = 0 [pid 5965] set_robust_list(0x7f4f3b1419a0, 24 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] <... set_robust_list resumed>) = 0 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] <... futex resumed>) = 0 [pid 5965] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5945] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... ioctl resumed>) = 0 [pid 5965] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] <... write resumed>) = 9740288 [pid 5946] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] exit_group(0 [pid 5965] <... futex resumed>) = ? [pid 5965] +++ exited with 0 +++ [pid 5945] <... exit_group resumed>) = ? [pid 5946] <... futex resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 101.441028][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 5966 ./strace-static-x86_64: Process 5966 attached [pid 5966] set_robust_list(0x555581abb6a0, 24) = 0 [pid 5966] chdir("./35") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5966] write(1, "executing program\n", 18executing program ) = 18 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5966] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5967 attached [pid 5967] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 5966] <... clone3 resumed> => {parent_tid=[5967]}, 88) = 5967 [pid 5967] <... rseq resumed>) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] set_robust_list(0x7f4f3b1629a0, 24 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] <... futex resumed>) = 0 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5967] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5967] close(3) = 0 [pid 5967] close(4) = 0 [pid 5967] mkdir("./file0", 0777) = 0 [ 101.922034][ T5967] loop0: detected capacity change from 0 to 32768 [ 101.942851][ T5967] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5967) [pid 5967] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 101.963337][ T5967] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 101.973938][ T5967] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 101.983275][ T5967] BTRFS info (device loop0): using free-space-tree [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_CLR_FD) = 0 [pid 5967] close(4) = 0 [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] memfd_create("syzkaller", 0 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] <... memfd_create resumed>) = 4 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5967] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5967] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5967] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5967] ioctl(5, LOOP_CLR_FD) = 0 [pid 5967] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5967] close(5) = 0 [pid 5967] close(4) = 0 [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5967] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5967] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5967] write(-1, "#! ./file0\n", 11 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] <... futex resumed>) = 0 [pid 5967] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 0 [pid 5967] mkdir("./file1", 000) = 0 [ 102.109881][ T5967] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] chdir("./file0" [pid 5966] <... futex resumed>) = 0 [pid 5967] <... chdir resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 0 [pid 5967] openat(AT_FDCWD, ".", O_RDONLY [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... openat resumed>) = 4 [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... openat resumed>) = 5 [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5966] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5966] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5966] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 5986 attached [pid 5986] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 5986] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 5966] <... clone3 resumed> => {parent_tid=[5986]}, 88) = 5986 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5986] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5966] <... futex resumed>) = 1 [pid 5966] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... ioctl resumed>) = 0 [pid 5986] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5986] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... write resumed>) = 9740288 [pid 5967] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] exit_group(0 [pid 5986] <... futex resumed>) = ? [pid 5986] +++ exited with 0 +++ [pid 5967] <... futex resumed>) = ? [pid 5966] <... exit_group resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 102.617348][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5987 attached [pid 5987] set_robust_list(0x555581abb6a0, 24 [pid 5222] <... clone resumed>, child_tidptr=0x555581abb690) = 5987 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5987] chdir("./36") = 0 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5987] setpgid(0, 0) = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5987] write(3, "1000", 4) = 4 [pid 5987] close(3) = 0 [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5987] write(1, "executing program\n", 18) = 18 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 5987] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 5987] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 5988 attached [pid 5988] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 5987] <... clone3 resumed> => {parent_tid=[5988]}, 88) = 5988 [pid 5988] set_robust_list(0x7f4f3b1629a0, 24 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] <... set_robust_list resumed>) = 0 [pid 5987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] <... futex resumed>) = 0 [pid 5988] memfd_create("syzkaller", 0 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5988] <... memfd_create resumed>) = 3 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5988] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5988] close(3) = 0 [pid 5988] close(4) = 0 [pid 5988] mkdir("./file0", 0777) = 0 [ 103.038792][ T5988] loop0: detected capacity change from 0 to 32768 [ 103.050448][ T5988] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (5988) [ 103.069340][ T5988] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 103.079777][ T5988] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5988] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 103.088523][ T5988] BTRFS info (device loop0): using free-space-tree [pid 5988] ioctl(4, LOOP_CLR_FD) = 0 [pid 5988] close(4) = 0 [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5988] <... futex resumed>) = 1 [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] memfd_create("syzkaller", 0 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5988] <... memfd_create resumed>) = 4 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 5988] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 5988] munmap(0x7f4f32c00000, 138412032) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5988] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5988] ioctl(5, LOOP_CLR_FD) = 0 [pid 5988] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5988] close(5) = 0 [pid 5988] close(4) = 0 [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5987] <... futex resumed>) = 0 [pid 5988] pread64(-1, [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5987] <... futex resumed>) = 0 [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 0 [pid 5987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5988] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5988] write(-1, "#! ./file0\n", 11 [pid 5987] <... futex resumed>) = 0 [pid 5988] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5988] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5987] <... futex resumed>) = 0 [pid 5988] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] mkdir("./file1", 000 [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... mkdir resumed>) = 0 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] chdir("./file0" [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... chdir resumed>) = 0 [pid 5987] <... futex resumed>) = 0 [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 0 [pid 5987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 103.227733][ T5988] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 5988] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] openat(AT_FDCWD, ".", O_RDONLY [pid 5987] <... futex resumed>) = 0 [pid 5988] <... openat resumed>) = 4 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... openat resumed>) = 5 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5987] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5987] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5987] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 5987] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6007 attached => {parent_tid=[6007]}, 88) = 6007 [pid 6007] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] <... rseq resumed>) = 0 [pid 6007] set_robust_list(0x7f4f3b1419a0, 24 [pid 5987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... set_robust_list resumed>) = 0 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 5987] <... futex resumed>) = 0 [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 5987] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... ioctl resumed>) = 0 [pid 5987] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6007] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... write resumed>) = 9740288 [pid 5988] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] exit_group(0 [pid 6007] <... futex resumed>) = ? [pid 5987] <... exit_group resumed>) = ? [pid 6007] +++ exited with 0 +++ [pid 5988] <... futex resumed>) = ? [pid 5988] +++ exited with 0 +++ [pid 5987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 103.680933][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6008 attached , child_tidptr=0x555581abb690) = 6008 [pid 6008] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6008] chdir("./37") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6008] write(1, "executing program\n", 18) = 18 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6008] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6009 attached [pid 6009] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6008] <... clone3 resumed> => {parent_tid=[6009]}, 88) = 6009 [pid 6009] <... rseq resumed>) = 0 [pid 6009] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6009] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6009] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] close(4) = 0 [pid 6009] mkdir("./file0", 0777) = 0 [ 104.096772][ T6009] loop0: detected capacity change from 0 to 32768 [ 104.127241][ T6009] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6009) [pid 6009] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 104.145904][ T6009] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 104.158090][ T6009] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 104.167444][ T6009] BTRFS info (device loop0): using free-space-tree [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_CLR_FD) = 0 [pid 6009] close(4) = 0 [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6009] memfd_create("syzkaller", 0 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6009] <... memfd_create resumed>) = 4 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6009] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6009] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6009] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6009] ioctl(5, LOOP_CLR_FD) = 0 [pid 6009] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6009] close(5) = 0 [pid 6009] close(4) = 0 [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] pread64(-1, [pid 6008] <... futex resumed>) = 0 [pid 6009] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6009] write(-1, "#! ./file0\n", 11 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6008] <... futex resumed>) = 0 [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6009] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6008] <... futex resumed>) = 1 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6009] <... futex resumed>) = 1 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] mkdir("./file1", 000 [pid 6008] <... futex resumed>) = 0 [pid 6009] <... mkdir resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] <... futex resumed>) = 1 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] chdir("./file0" [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... chdir resumed>) = 0 [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... futex resumed>) = 0 [pid 6009] openat(AT_FDCWD, ".", O_RDONLY [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... openat resumed>) = 4 [ 104.369857][ T6009] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... futex resumed>) = 0 [pid 6009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... openat resumed>) = 5 [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6009] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... futex resumed>) = 0 [pid 6009] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6008] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6008] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6008] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6029 attached [pid 6029] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6008] <... clone3 resumed> => {parent_tid=[6029]}, 88) = 6029 [pid 6029] <... rseq resumed>) = 0 [pid 6029] set_robust_list(0x7f4f3b1419a0, 24 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6029] <... set_robust_list resumed>) = 0 [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6008] <... futex resumed>) = 0 [pid 6029] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6008] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] <... ioctl resumed>) = 0 [pid 6029] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... futex resumed>) = 0 [pid 6009] <... write resumed>) = 9740288 [pid 6009] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] exit_group(0 [pid 6029] <... futex resumed>) = ? [pid 6009] <... futex resumed>) = ? [pid 6008] <... exit_group resumed>) = ? [pid 6029] +++ exited with 0 +++ [pid 6009] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 104.808618][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached , child_tidptr=0x555581abb690) = 6030 [pid 6030] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6030] chdir("./38") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6030] write(1, "executing program\n", 18executing program ) = 18 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6030] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6031 attached [pid 6031] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 6031] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], [pid 6030] <... clone3 resumed> => {parent_tid=[6031]}, 88) = 6031 [pid 6031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], [pid 6031] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6031] memfd_create("syzkaller", 0 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6031] <... memfd_create resumed>) = 3 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6031] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6031] close(3) = 0 [pid 6031] close(4) = 0 [pid 6031] mkdir("./file0", 0777) = 0 [ 105.302526][ T6031] loop0: detected capacity change from 0 to 32768 [ 105.332193][ T6031] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6031) [pid 6031] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 105.353525][ T6031] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 105.364352][ T6031] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 105.373790][ T6031] BTRFS info (device loop0): using free-space-tree [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6031] ioctl(4, LOOP_CLR_FD) = 0 [pid 6031] close(4) = 0 [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] memfd_create("syzkaller", 0 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6031] <... memfd_create resumed>) = 4 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6031] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6031] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6031] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6031] ioctl(5, LOOP_CLR_FD) = 0 [pid 6031] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6031] close(5) = 0 [pid 6031] close(4) = 0 [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6031] pread64(-1, [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6030] <... futex resumed>) = 0 [pid 6031] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] write(-1, "#! ./file0\n", 11 [pid 6030] <... futex resumed>) = 0 [pid 6031] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] mkdir("./file1", 000 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... mkdir resumed>) = 0 [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6031] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] chdir("./file0" [pid 6030] <... futex resumed>) = 0 [pid 6031] <... chdir resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] <... futex resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] openat(AT_FDCWD, ".", O_RDONLY [pid 6030] <... futex resumed>) = 0 [pid 6031] <... openat resumed>) = 4 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... openat resumed>) = 5 [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6031] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6030] <... futex resumed>) = 1 [ 105.556064][ T6031] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6030] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6030] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6030] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6050 attached => {parent_tid=[6050]}, 88) = 6050 [pid 6050] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], [pid 6050] <... rseq resumed>) = 0 [pid 6050] set_robust_list(0x7f4f3b1419a0, 24 [pid 6030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] <... set_robust_list resumed>) = 0 [pid 6030] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], [pid 6030] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 6050] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6050] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] <... write resumed>) = 9740288 [pid 6031] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] exit_group(0 [pid 6050] <... futex resumed>) = ? [pid 6030] <... exit_group resumed>) = ? [pid 6050] +++ exited with 0 +++ [pid 6031] +++ exited with 0 +++ [pid 6030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 105.996125][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6051 attached , child_tidptr=0x555581abb690) = 6051 [pid 6051] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6051] chdir("./39") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] write(1, "executing program\n", 18executing program ) = 18 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6051] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6052 attached => {parent_tid=[6052]}, 88) = 6052 [pid 6052] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6052] <... rseq resumed>) = 0 [pid 6052] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6052] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6052] close(3) = 0 [pid 6052] close(4) = 0 [pid 6052] mkdir("./file0", 0777) = 0 [ 106.430877][ T6052] loop0: detected capacity change from 0 to 32768 [ 106.465669][ T6052] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6052) [ 106.490304][ T6052] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 106.501147][ T6052] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 106.510446][ T6052] BTRFS info (device loop0): using free-space-tree [pid 6052] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_CLR_FD) = 0 [pid 6052] close(4) = 0 [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] memfd_create("syzkaller", 0 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6052] <... memfd_create resumed>) = 4 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6052] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6052] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6052] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6052] ioctl(5, LOOP_CLR_FD) = 0 [pid 6052] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6052] close(5) = 0 [pid 6052] close(4) = 0 [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] write(-1, "#! ./file0\n", 11 [pid 6051] <... futex resumed>) = 0 [pid 6052] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6052] mkdir("./file1", 000 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... mkdir resumed>) = 0 [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] chdir("./file0") = 0 [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6052] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6052] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... openat resumed>) = 5 [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 6052] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 106.733963][ T6052] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6051] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6051] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6051] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0} => {parent_tid=[6071]}, 88) = 6071 ./strace-static-x86_64: Process 6071 attached [pid 6051] rt_sigprocmask(SIG_SETMASK, [], [pid 6071] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6071] set_robust_list(0x7f4f3b1419a0, 24 [pid 6051] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... set_robust_list resumed>) = 0 [pid 6051] <... futex resumed>) = 0 [pid 6071] rt_sigprocmask(SIG_SETMASK, [], [pid 6051] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6071] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6051] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6071] <... ioctl resumed>) = 0 [pid 6071] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... write resumed>) = 9740288 [pid 6052] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] exit_group(0 [pid 6071] <... futex resumed>) = ? [pid 6052] <... futex resumed>) = ? [pid 6051] <... exit_group resumed>) = ? [pid 6052] +++ exited with 0 +++ [pid 6071] +++ exited with 0 +++ [pid 6051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 107.173861][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached , child_tidptr=0x555581abb690) = 6072 [pid 6072] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6072] chdir("./40") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6072] write(1, "executing program\n", 18executing program ) = 18 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6072] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6073 attached [pid 6073] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6072] <... clone3 resumed> => {parent_tid=[6073]}, 88) = 6073 [pid 6073] <... rseq resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6073] set_robust_list(0x7f4f3b1629a0, 24 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6073] <... set_robust_list resumed>) = 0 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] memfd_create("syzkaller", 0) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6073] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6073] close(3) = 0 [pid 6073] close(4) = 0 [pid 6073] mkdir("./file0", 0777) = 0 [ 107.601502][ T6073] loop0: detected capacity change from 0 to 32768 [ 107.612369][ T6073] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6073) [ 107.629179][ T6073] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 107.639537][ T6073] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 107.648430][ T6073] BTRFS info (device loop0): using free-space-tree [pid 6073] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_CLR_FD) = 0 [pid 6073] close(4) = 0 [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = 1 [pid 6073] memfd_create("syzkaller", 0 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] <... memfd_create resumed>) = 4 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6073] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6073] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6073] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6073] ioctl(5, LOOP_CLR_FD) = 0 [pid 6073] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6073] close(5) = 0 [pid 6073] close(4) = 0 [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6073] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 0 [pid 6073] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] write(-1, "#! ./file0\n", 11 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6073] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6072] <... futex resumed>) = 0 [pid 6073] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6072] <... futex resumed>) = 0 [pid 6073] mkdir("./file1", 000 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... mkdir resumed>) = 0 [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] chdir("./file0" [pid 6072] <... futex resumed>) = 0 [pid 6073] <... chdir resumed>) = 0 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] openat(AT_FDCWD, ".", O_RDONLY [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... openat resumed>) = 4 [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... openat resumed>) = 5 [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6072] <... futex resumed>) = 0 [ 107.826825][ T6073] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6072] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6072] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6072] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6092 attached [pid 6092] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6072] <... clone3 resumed> => {parent_tid=[6092]}, 88) = 6092 [pid 6092] set_robust_list(0x7f4f3b1419a0, 24 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] <... set_robust_list resumed>) = 0 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6072] <... futex resumed>) = 0 [pid 6092] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6072] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... ioctl resumed>) = 0 [pid 6092] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... futex resumed>) = 0 [pid 6073] <... write resumed>) = 9740288 [pid 6073] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] exit_group(0 [pid 6092] <... futex resumed>) = ? [pid 6072] <... exit_group resumed>) = ? [pid 6073] <... futex resumed>) = ? [pid 6092] +++ exited with 0 +++ [pid 6073] +++ exited with 0 +++ [pid 6072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 108.283875][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6093 attached , child_tidptr=0x555581abb690) = 6093 [pid 6093] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6093] chdir("./41") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6093] write(1, "executing program\n", 18executing program ) = 18 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6093] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6094 attached [pid 6094] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6093] <... clone3 resumed> => {parent_tid=[6094]}, 88) = 6094 [pid 6094] <... rseq resumed>) = 0 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6094] set_robust_list(0x7f4f3b1629a0, 24 [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6094] <... set_robust_list resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] <... futex resumed>) = 0 [pid 6094] memfd_create("syzkaller", 0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] <... memfd_create resumed>) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6094] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] close(4) = 0 [pid 6094] mkdir("./file0", 0777) = 0 [ 108.695604][ T6094] loop0: detected capacity change from 0 to 32768 [ 108.726219][ T6094] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6094) [pid 6094] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 108.745269][ T6094] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 108.757492][ T6094] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 108.766713][ T6094] BTRFS info (device loop0): using free-space-tree [pid 6094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_CLR_FD) = 0 [pid 6094] close(4) = 0 [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] memfd_create("syzkaller", 0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] <... memfd_create resumed>) = 4 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6094] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6094] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6094] ioctl(5, LOOP_CLR_FD) = 0 [pid 6094] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6094] close(5) = 0 [pid 6094] close(4) = 0 [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6094] pread64(-1, [pid 6093] <... futex resumed>) = 1 [pid 6094] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6094] <... futex resumed>) = 0 [pid 6094] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6094] write(-1, "#! ./file0\n", 11 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] mkdir("./file1", 000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... mkdir resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6093] <... futex resumed>) = 0 [pid 6094] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] chdir("./file0" [pid 6093] <... futex resumed>) = 0 [pid 6094] <... chdir resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6094] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6093] <... futex resumed>) = 1 [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6094] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... openat resumed>) = 5 [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] <... futex resumed>) = 0 [pid 6094] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 108.939787][ T6094] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6093] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6093] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6093] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6113 attached [pid 6113] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6093] <... clone3 resumed> => {parent_tid=[6113]}, 88) = 6113 [pid 6113] <... rseq resumed>) = 0 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6113] set_robust_list(0x7f4f3b1419a0, 24 [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6113] <... set_robust_list resumed>) = 0 [pid 6093] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] <... futex resumed>) = 0 [pid 6113] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6093] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6113] <... ioctl resumed>) = 0 [pid 6113] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] <... write resumed>) = 9740288 [pid 6094] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] exit_group(0 [pid 6113] <... futex resumed>) = ? [pid 6094] <... futex resumed>) = ? [pid 6093] <... exit_group resumed>) = ? [pid 6094] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 109.390192][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6114 attached , child_tidptr=0x555581abb690) = 6114 [pid 6114] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6114] chdir("./42") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6114] write(1, "executing program\n", 18) = 18 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6114] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6115 attached [pid 6115] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6114] <... clone3 resumed> => {parent_tid=[6115]}, 88) = 6115 [pid 6115] <... rseq resumed>) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6115] set_robust_list(0x7f4f3b1629a0, 24 [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] <... futex resumed>) = 0 [pid 6115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] memfd_create("syzkaller", 0) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6115] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6115] close(3) = 0 [pid 6115] close(4) = 0 [pid 6115] mkdir("./file0", 0777) = 0 [ 109.821305][ T6115] loop0: detected capacity change from 0 to 32768 [ 109.839369][ T6115] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6115) [ 109.858209][ T6115] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 6115] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 109.869393][ T6115] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 109.878068][ T6115] BTRFS info (device loop0): using free-space-tree [pid 6115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_CLR_FD) = 0 [pid 6115] close(4) = 0 [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6115] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 0 [pid 6115] memfd_create("syzkaller", 0) = 4 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6115] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6115] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6115] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6115] ioctl(5, LOOP_CLR_FD) = 0 [pid 6115] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6115] close(5) = 0 [pid 6115] close(4) = 0 [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = 0 [pid 6115] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6115] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] write(-1, "#! ./file0\n", 11 [pid 6114] <... futex resumed>) = 0 [pid 6115] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6115] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] mkdir("./file1", 000 [pid 6114] <... futex resumed>) = 0 [pid 6115] <... mkdir resumed>) = 0 [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6115] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = 0 [pid 6115] chdir("./file0" [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... chdir resumed>) = 0 [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] openat(AT_FDCWD, ".", O_RDONLY [pid 6114] <... futex resumed>) = 0 [pid 6115] <... openat resumed>) = 4 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6115] <... openat resumed>) = 5 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [ 110.062949][ T6115] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6115] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6114] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6114] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6114] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6114] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6134 attached [pid 6134] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6114] <... clone3 resumed> => {parent_tid=[6134]}, 88) = 6134 [pid 6134] <... rseq resumed>) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6134] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] <... ioctl resumed>) = 0 [pid 6134] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... futex resumed>) = 0 [pid 6115] <... write resumed>) = 9740288 [pid 6115] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6115] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] exit_group(0 [pid 6134] <... futex resumed>) = ? [pid 6134] +++ exited with 0 +++ [pid 6114] <... exit_group resumed>) = ? [pid 6115] <... futex resumed>) = ? [pid 6115] +++ exited with 0 +++ [pid 6114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 110.511225][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 6135 ./strace-static-x86_64: Process 6135 attached [pid 6135] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6135] chdir("./43") = 0 [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6135] setpgid(0, 0) = 0 [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6135] write(3, "1000", 4) = 4 [pid 6135] close(3) = 0 [pid 6135] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6135] write(1, "executing program\n", 18) = 18 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6135] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6136 attached [pid 6136] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6135] <... clone3 resumed> => {parent_tid=[6136]}, 88) = 6136 [pid 6136] <... rseq resumed>) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], [pid 6136] set_robust_list(0x7f4f3b1629a0, 24 [pid 6135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6136] <... set_robust_list resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] rt_sigprocmask(SIG_SETMASK, [], [pid 6135] <... futex resumed>) = 0 [pid 6136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6136] memfd_create("syzkaller", 0) = 3 [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6136] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6136] close(3) = 0 [pid 6136] close(4) = 0 [pid 6136] mkdir("./file0", 0777) = 0 [ 110.963972][ T6136] loop0: detected capacity change from 0 to 32768 [ 110.986164][ T6136] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6136) [pid 6136] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6136] ioctl(4, LOOP_CLR_FD) = 0 [ 111.006348][ T6136] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 111.017511][ T6136] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 111.026478][ T6136] BTRFS info (device loop0): using free-space-tree [pid 6136] close(4) = 0 [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = 0 [pid 6136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] memfd_create("syzkaller", 0 [pid 6135] <... futex resumed>) = 0 [pid 6136] <... memfd_create resumed>) = 4 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6136] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6136] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6136] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6136] ioctl(5, LOOP_CLR_FD) = 0 [pid 6136] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6136] close(5) = 0 [pid 6136] close(4) = 0 [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6136] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] mkdir("./file1", 000 [pid 6135] <... futex resumed>) = 0 [pid 6136] <... mkdir resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6136] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = 1 [pid 6136] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.195047][ T6136] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6136] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = 1 [pid 6136] chdir("./file0" [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... chdir resumed>) = 0 [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] openat(AT_FDCWD, ".", O_RDONLY [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... openat resumed>) = 4 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6136] <... futex resumed>) = 1 [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... openat resumed>) = 5 [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = 0 [pid 6136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6135] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6135] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6155 attached => {parent_tid=[6155]}, 88) = 6155 [pid 6155] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], [pid 6155] <... rseq resumed>) = 0 [pid 6155] set_robust_list(0x7f4f3b1419a0, 24 [pid 6135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6155] <... set_robust_list resumed>) = 0 [pid 6135] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6155] rt_sigprocmask(SIG_SETMASK, [], [pid 6135] <... futex resumed>) = 0 [pid 6155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6155] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 6135] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6155] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6136] <... write resumed>) = 9740288 [pid 6136] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6136] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] exit_group(0 [pid 6155] <... futex resumed>) = ? [pid 6136] <... futex resumed>) = ? [pid 6135] <... exit_group resumed>) = ? [pid 6155] +++ exited with 0 +++ [pid 6136] +++ exited with 0 +++ [pid 6135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6135, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 111.640724][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6156 attached , child_tidptr=0x555581abb690) = 6156 [pid 6156] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6156] chdir("./44") = 0 [pid 6156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6156] setpgid(0, 0) = 0 [pid 6156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6156] write(3, "1000", 4) = 4 [pid 6156] close(3) = 0 [pid 6156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6156] write(1, "executing program\n", 18executing program ) = 18 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6156] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6157 attached => {parent_tid=[6157]}, 88) = 6157 [pid 6157] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 6157] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6157] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = 1 [pid 6157] memfd_create("syzkaller", 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6157] <... memfd_create resumed>) = 3 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6157] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6157] close(3) = 0 [pid 6157] close(4) = 0 [pid 6157] mkdir("./file0", 0777) = 0 [ 112.075781][ T6157] loop0: detected capacity change from 0 to 32768 [ 112.107216][ T6157] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6157) [pid 6157] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 112.125615][ T6157] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 112.137561][ T6157] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 112.147115][ T6157] BTRFS info (device loop0): using free-space-tree [pid 6157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6157] ioctl(4, LOOP_CLR_FD) = 0 [pid 6157] close(4) = 0 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6157] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] memfd_create("syzkaller", 0 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6157] <... memfd_create resumed>) = 4 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6157] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6157] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6157] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6157] ioctl(5, LOOP_CLR_FD) = 0 [pid 6157] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6157] close(5) = 0 [pid 6157] close(4) = 0 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6157] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = 1 [pid 6157] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6156] <... futex resumed>) = 0 [pid 6157] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6157] write(-1, "#! ./file0\n", 11 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6156] <... futex resumed>) = 0 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] mkdir("./file1", 000) = 0 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... futex resumed>) = 1 [pid 6157] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.297239][ T6157] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... futex resumed>) = 1 [pid 6157] chdir("./file0") = 0 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... futex resumed>) = 1 [pid 6157] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... futex resumed>) = 1 [pid 6157] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6157] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6156] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6156] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6156] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6156] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6176 attached [pid 6176] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6156] <... clone3 resumed> => {parent_tid=[6176]}, 88) = 6176 [pid 6176] <... rseq resumed>) = 0 [pid 6176] set_robust_list(0x7f4f3b1419a0, 24 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6176] <... set_robust_list resumed>) = 0 [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] <... futex resumed>) = 0 [pid 6176] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6156] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] <... ioctl resumed>) = 0 [pid 6156] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6176] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] <... write resumed>) = 9740288 [pid 6157] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] exit_group(0 [pid 6176] <... futex resumed>) = ? [pid 6156] <... exit_group resumed>) = ? [pid 6176] +++ exited with 0 +++ [pid 6157] <... futex resumed>) = ? [pid 6157] +++ exited with 0 +++ [pid 6156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6156, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 112.755451][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6177 attached , child_tidptr=0x555581abb690) = 6177 [pid 6177] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6177] chdir("./45") = 0 [pid 6177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6177] setpgid(0, 0) = 0 [pid 6177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6177] write(3, "1000", 4) = 4 [pid 6177] close(3) = 0 [pid 6177] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6177] write(1, "executing program\n", 18) = 18 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6177] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6178 attached [pid 6178] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6177] <... clone3 resumed> => {parent_tid=[6178]}, 88) = 6178 [pid 6178] <... rseq resumed>) = 0 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6178] set_robust_list(0x7f4f3b1629a0, 24 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6178] <... set_robust_list resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] <... futex resumed>) = 0 [pid 6178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6178] memfd_create("syzkaller", 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6178] <... memfd_create resumed>) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6178] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6178] close(3) = 0 [pid 6178] close(4) = 0 [pid 6178] mkdir("./file0", 0777) = 0 [ 113.211890][ T6178] loop0: detected capacity change from 0 to 32768 [ 113.223135][ T6178] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6178) [ 113.240499][ T6178] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 113.251642][ T6178] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6178] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 113.260933][ T6178] BTRFS info (device loop0): using free-space-tree [pid 6178] ioctl(4, LOOP_CLR_FD) = 0 [pid 6178] close(4) = 0 [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6178] memfd_create("syzkaller", 0 [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... memfd_create resumed>) = 4 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6178] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6178] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6178] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6178] ioctl(5, LOOP_CLR_FD) = 0 [pid 6178] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6178] close(5) = 0 [pid 6178] close(4) = 0 [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6178] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] pread64(-1, [pid 6177] <... futex resumed>) = 0 [pid 6178] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6178] write(-1, "#! ./file0\n", 11 [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6178] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6178] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6177] <... futex resumed>) = 0 [pid 6178] mkdir("./file1", 000 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... mkdir resumed>) = 0 [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] <... futex resumed>) = 1 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] chdir("./file0") = 0 [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... futex resumed>) = 0 [pid 6178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... futex resumed>) = 0 [pid 6178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6177] <... futex resumed>) = 0 [ 113.446731][ T6178] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 1 [pid 6178] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6177] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6177] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6177] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6197 attached [pid 6197] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6197] set_robust_list(0x7f4f3b1419a0, 24 [pid 6177] <... clone3 resumed> => {parent_tid=[6197]}, 88) = 6197 [pid 6197] <... set_robust_list resumed>) = 0 [pid 6197] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6197] <... ioctl resumed>) = 0 [pid 6197] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6197] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] <... write resumed>) = 9740288 [pid 6178] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] exit_group(0 [pid 6197] <... futex resumed>) = ? [pid 6177] <... exit_group resumed>) = ? [pid 6197] +++ exited with 0 +++ [pid 6178] <... futex resumed>) = ? [pid 6178] +++ exited with 0 +++ [pid 6177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6177, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 113.904462][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 6198 ./strace-static-x86_64: Process 6198 attached [pid 6198] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6198] chdir("./46") = 0 [pid 6198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6198] setpgid(0, 0) = 0 [pid 6198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6198] write(3, "1000", 4) = 4 [pid 6198] close(3) = 0 [pid 6198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6198] write(1, "executing program\n", 18executing program ) = 18 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6198] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6199 attached => {parent_tid=[6199]}, 88) = 6199 [pid 6199] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 6199] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6199] rt_sigprocmask(SIG_SETMASK, [], [pid 6198] rt_sigprocmask(SIG_SETMASK, [], [pid 6199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6199] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] memfd_create("syzkaller", 0) = 3 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6199] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6199] close(3) = 0 [pid 6199] close(4) = 0 [pid 6199] mkdir("./file0", 0777) = 0 [ 114.376867][ T6199] loop0: detected capacity change from 0 to 32768 [ 114.407865][ T6199] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6199) [pid 6199] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6199] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 114.427468][ T6199] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 114.440179][ T6199] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 114.449761][ T6199] BTRFS info (device loop0): using free-space-tree [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6199] ioctl(4, LOOP_CLR_FD) = 0 [pid 6199] close(4) = 0 [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6199] memfd_create("syzkaller", 0 [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... memfd_create resumed>) = 4 [pid 6198] <... futex resumed>) = 0 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6199] <... mmap resumed>) = 0x7f4f32c00000 [pid 6199] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6199] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6199] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6199] ioctl(5, LOOP_CLR_FD) = 0 [pid 6199] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6199] close(5) = 0 [pid 6199] close(4) = 0 [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6199] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] pread64(-1, [pid 6198] <... futex resumed>) = 0 [pid 6199] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... futex resumed>) = 0 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6198] <... futex resumed>) = 0 [pid 6199] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6199] write(-1, "#! ./file0\n", 11 [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6198] <... futex resumed>) = 0 [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6199] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = 0 [pid 6198] <... futex resumed>) = 1 [pid 6199] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6199] <... futex resumed>) = 1 [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] mkdir("./file1", 000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... mkdir resumed>) = 0 [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6199] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = 0 [pid 6198] <... futex resumed>) = 1 [pid 6199] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] <... futex resumed>) = 0 [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] chdir("./file0" [pid 6198] <... futex resumed>) = 0 [pid 6199] <... chdir resumed>) = 0 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6199] <... futex resumed>) = 0 [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6199] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6198] <... futex resumed>) = 0 [pid 6199] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... openat resumed>) = 5 [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6199] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6198] <... futex resumed>) = 0 [pid 6199] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 114.623529][ T6199] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6198] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6198] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6198] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6218 attached [pid 6218] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6198] <... clone3 resumed> => {parent_tid=[6218]}, 88) = 6218 [pid 6218] <... rseq resumed>) = 0 [pid 6198] rt_sigprocmask(SIG_SETMASK, [], [pid 6218] set_robust_list(0x7f4f3b1419a0, 24 [pid 6198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6218] <... set_robust_list resumed>) = 0 [pid 6198] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] rt_sigprocmask(SIG_SETMASK, [], [pid 6198] <... futex resumed>) = 0 [pid 6218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6198] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6218] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 6218] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6218] <... futex resumed>) = 0 [pid 6218] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6199] <... write resumed>) = 9740288 [pid 6199] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] exit_group(0 [pid 6218] <... futex resumed>) = ? [pid 6198] <... exit_group resumed>) = ? [pid 6218] +++ exited with 0 +++ [pid 6199] <... futex resumed>) = ? [pid 6199] +++ exited with 0 +++ [pid 6198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6198, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 115.020278][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6219 attached , child_tidptr=0x555581abb690) = 6219 [pid 6219] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6219] chdir("./47") = 0 [pid 6219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6219] setpgid(0, 0) = 0 [pid 6219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6219] write(3, "1000", 4) = 4 [pid 6219] close(3) = 0 [pid 6219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6219] write(1, "executing program\n", 18executing program ) = 18 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6219] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6220 attached => {parent_tid=[6220]}, 88) = 6220 [pid 6220] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 6220] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6220] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6220] memfd_create("syzkaller", 0) = 3 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6220] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6220] close(3) = 0 [pid 6220] close(4) = 0 [pid 6220] mkdir("./file0", 0777) = 0 [ 115.474768][ T6220] loop0: detected capacity change from 0 to 32768 [ 115.505069][ T6220] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6220) [pid 6220] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 115.529577][ T6220] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 115.541764][ T6220] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 115.550862][ T6220] BTRFS info (device loop0): using free-space-tree [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6220] ioctl(4, LOOP_CLR_FD) = 0 [pid 6220] close(4) = 0 [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = 0 [pid 6219] <... futex resumed>) = 1 [pid 6220] memfd_create("syzkaller", 0 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6220] <... memfd_create resumed>) = 4 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6220] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6220] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6220] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6220] ioctl(5, LOOP_CLR_FD) = 0 [pid 6220] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6220] close(5) = 0 [pid 6220] close(4) = 0 [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6219] <... futex resumed>) = 0 [pid 6220] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] write(-1, "#! ./file0\n", 11 [pid 6219] <... futex resumed>) = 0 [pid 6220] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6219] <... futex resumed>) = 0 [pid 6220] mkdir("./file1", 000 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... mkdir resumed>) = 0 [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... futex resumed>) = 1 [pid 6220] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... futex resumed>) = 1 [ 115.760469][ T6220] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6220] chdir("./file0") = 0 [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] openat(AT_FDCWD, ".", O_RDONLY [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... openat resumed>) = 4 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... futex resumed>) = 0 [pid 6220] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6220] <... futex resumed>) = 1 [pid 6219] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6219] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6219] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6219] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6240 attached [pid 6240] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6219] <... clone3 resumed> => {parent_tid=[6240]}, 88) = 6240 [pid 6240] <... rseq resumed>) = 0 [pid 6219] rt_sigprocmask(SIG_SETMASK, [], [pid 6240] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 6219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6240] rt_sigprocmask(SIG_SETMASK, [], [pid 6219] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 6240] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] <... futex resumed>) = 0 [pid 6220] <... write resumed>) = 9740288 [pid 6220] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6220] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] exit_group(0 [pid 6240] <... futex resumed>) = ? [pid 6220] <... futex resumed>) = ? [pid 6219] <... exit_group resumed>) = ? [pid 6240] +++ exited with 0 +++ [pid 6220] +++ exited with 0 +++ [pid 6219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6219, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 116.259226][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6241 attached , child_tidptr=0x555581abb690) = 6241 [pid 6241] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6241] chdir("./48") = 0 [pid 6241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6241] setpgid(0, 0) = 0 [pid 6241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6241] write(3, "1000", 4) = 4 [pid 6241] close(3) = 0 [pid 6241] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6241] write(1, "executing program\n", 18) = 18 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6241] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6242 attached => {parent_tid=[6242]}, 88) = 6242 [pid 6242] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 6242] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], [pid 6242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6242] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = 0 [pid 6241] <... futex resumed>) = 1 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6242] memfd_create("syzkaller", 0) = 3 [pid 6242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6242] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6242] close(3) = 0 [pid 6242] close(4) = 0 [pid 6242] mkdir("./file0", 0777) = 0 [ 116.697264][ T6242] loop0: detected capacity change from 0 to 32768 [ 116.734470][ T6242] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6242) [pid 6242] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 116.755071][ T6242] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 116.767489][ T6242] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 116.777195][ T6242] BTRFS info (device loop0): using free-space-tree [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6242] ioctl(4, LOOP_CLR_FD) = 0 [pid 6242] close(4) = 0 [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6242] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] memfd_create("syzkaller", 0 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6242] <... memfd_create resumed>) = 4 [pid 6242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6242] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6242] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6242] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6242] ioctl(5, LOOP_CLR_FD) = 0 [pid 6242] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6242] close(5) = 0 [pid 6242] close(4) = 0 [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = 0 [pid 6242] <... futex resumed>) = 1 [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] pread64(-1, [pid 6241] <... futex resumed>) = 0 [pid 6242] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] <... futex resumed>) = 0 [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6241] <... futex resumed>) = 0 [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... futex resumed>) = 0 [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] <... futex resumed>) = 0 [pid 6242] write(-1, "#! ./file0\n", 11 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6242] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6242] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] mkdir("./file1", 000) = 0 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] <... futex resumed>) = 0 [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6241] <... futex resumed>) = 0 [pid 6242] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6242] chdir("./file0" [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] <... chdir resumed>) = 0 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] openat(AT_FDCWD, ".", O_RDONLY [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... openat resumed>) = 4 [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] <... futex resumed>) = 0 [pid 6242] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 116.963177][ T6242] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... openat resumed>) = 5 [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = 0 [pid 6242] <... futex resumed>) = 1 [pid 6241] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6241] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6241] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6241] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6262 attached [pid 6262] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6241] <... clone3 resumed> => {parent_tid=[6262]}, 88) = 6262 [pid 6262] <... rseq resumed>) = 0 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], [pid 6262] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 6241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6262] rt_sigprocmask(SIG_SETMASK, [], [pid 6241] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6262] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6241] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... ioctl resumed>) = 0 [pid 6262] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6262] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] <... write resumed>) = 9740288 [pid 6242] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] exit_group(0 [pid 6262] <... futex resumed>) = ? [pid 6241] <... exit_group resumed>) = ? [pid 6262] +++ exited with 0 +++ [pid 6242] <... futex resumed>) = ? [pid 6242] +++ exited with 0 +++ [pid 6241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6241, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 117.440127][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6263 attached , child_tidptr=0x555581abb690) = 6263 [pid 6263] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6263] chdir("./49") = 0 [pid 6263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6263] setpgid(0, 0) = 0 [pid 6263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6263] write(3, "1000", 4) = 4 [pid 6263] close(3) = 0 [pid 6263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6263] write(1, "executing program\n", 18executing program ) = 18 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6263] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6264 attached [pid 6264] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6263] <... clone3 resumed> => {parent_tid=[6264]}, 88) = 6264 [pid 6264] <... rseq resumed>) = 0 [pid 6264] set_robust_list(0x7f4f3b1629a0, 24 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], [pid 6264] <... set_robust_list resumed>) = 0 [pid 6263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6264] rt_sigprocmask(SIG_SETMASK, [], [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6263] <... futex resumed>) = 0 [pid 6264] memfd_create("syzkaller", 0 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6264] <... memfd_create resumed>) = 3 [pid 6264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6264] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6264] close(3) = 0 [pid 6264] close(4) = 0 [pid 6264] mkdir("./file0", 0777) = 0 [ 117.877314][ T6264] loop0: detected capacity change from 0 to 32768 [ 117.904658][ T6264] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6264) [pid 6264] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 117.926895][ T6264] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 117.937419][ T6264] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 117.946812][ T6264] BTRFS info (device loop0): using free-space-tree [pid 6264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6264] ioctl(4, LOOP_CLR_FD) = 0 [pid 6264] close(4) = 0 [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6264] memfd_create("syzkaller", 0) = 4 [pid 6264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6264] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6264] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6264] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6264] ioctl(5, LOOP_CLR_FD) = 0 [pid 6264] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6264] close(5) = 0 [pid 6264] close(4) = 0 [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6264] <... futex resumed>) = 1 [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] pread64(-1, [pid 6263] <... futex resumed>) = 0 [pid 6264] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6264] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = 1 [pid 6264] write(-1, "#! ./file0\n", 11 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6264] <... futex resumed>) = 1 [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] <... futex resumed>) = 0 [pid 6264] mkdir("./file1", 000 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... mkdir resumed>) = 0 [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] <... futex resumed>) = 0 [pid 6264] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6264] <... futex resumed>) = 0 [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] chdir("./file0" [pid 6263] <... futex resumed>) = 0 [pid 6264] <... chdir resumed>) = 0 [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] openat(AT_FDCWD, ".", O_RDONLY [pid 6263] <... futex resumed>) = 0 [pid 6264] <... openat resumed>) = 4 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] <... futex resumed>) = 0 [pid 6264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... openat resumed>) = 5 [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [ 118.072652][ T6264] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6264] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = 1 [pid 6264] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6263] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6263] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6263] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6283 attached [pid 6283] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053 [pid 6263] <... clone3 resumed> => {parent_tid=[6283]}, 88) = 6283 [pid 6283] <... rseq resumed>) = 0 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], [pid 6283] set_robust_list(0x7f4f3b1419a0, 24 [pid 6263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6283] <... set_robust_list resumed>) = 0 [pid 6263] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] rt_sigprocmask(SIG_SETMASK, [], [pid 6263] <... futex resumed>) = 0 [pid 6283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6263] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6283] <... ioctl resumed>) = 0 [pid 6283] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] <... write resumed>) = 9740288 [pid 6264] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] exit_group(0 [pid 6283] <... futex resumed>) = ? [pid 6263] <... exit_group resumed>) = ? [pid 6264] <... futex resumed>) = ? [pid 6283] +++ exited with 0 +++ [pid 6264] +++ exited with 0 +++ [pid 6263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6263, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 118.540263][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6284 attached , child_tidptr=0x555581abb690) = 6284 [pid 6284] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6284] chdir("./50") = 0 [pid 6284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6284] setpgid(0, 0) = 0 [pid 6284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6284] write(3, "1000", 4) = 4 [pid 6284] close(3) = 0 [pid 6284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6284] write(1, "executing program\n", 18executing program ) = 18 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6284] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6285 attached [pid 6285] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6284] <... clone3 resumed> => {parent_tid=[6285]}, 88) = 6285 [pid 6285] <... rseq resumed>) = 0 [pid 6284] rt_sigprocmask(SIG_SETMASK, [], [pid 6285] set_robust_list(0x7f4f3b1629a0, 24 [pid 6284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6285] <... set_robust_list resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6284] <... futex resumed>) = 0 [pid 6285] memfd_create("syzkaller", 0 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6285] <... memfd_create resumed>) = 3 [pid 6285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6285] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6285] close(3) = 0 [pid 6285] close(4) = 0 [pid 6285] mkdir("./file0", 0777) = 0 [ 118.983258][ T6285] loop0: detected capacity change from 0 to 32768 [ 119.013691][ T6285] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6285) [pid 6285] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [ 119.033706][ T6285] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 119.047063][ T6285] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 119.056120][ T6285] BTRFS info (device loop0): using free-space-tree [pid 6285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6285] ioctl(4, LOOP_CLR_FD) = 0 [pid 6285] close(4) = 0 [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6285] <... futex resumed>) = 1 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] memfd_create("syzkaller", 0 [pid 6284] <... futex resumed>) = 0 [pid 6285] <... memfd_create resumed>) = 4 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6285] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6285] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6285] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6285] ioctl(5, LOOP_CLR_FD) = 0 [pid 6285] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6285] close(5) = 0 [pid 6285] close(4) = 0 [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6285] <... futex resumed>) = 1 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] pread64(-1, [pid 6284] <... futex resumed>) = 0 [pid 6285] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6285] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6284] <... futex resumed>) = 0 [pid 6285] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6285] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] write(-1, "#! ./file0\n", 11 [pid 6284] <... futex resumed>) = 0 [pid 6285] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6285] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6285] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = 1 [pid 6285] mkdir("./file1", 000 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... mkdir resumed>) = 0 [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 EFAULT (Bad address) [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... futex resumed>) = 1 [pid 6285] chdir("./file0") = 0 [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6285] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 119.192088][ T6285] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... futex resumed>) = 1 [pid 6285] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6285] <... futex resumed>) = 1 [pid 6284] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6284] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6284] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6284] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6304 attached => {parent_tid=[6304]}, 88) = 6304 [pid 6304] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6304] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 6304] rt_sigprocmask(SIG_SETMASK, [], [pid 6284] rt_sigprocmask(SIG_SETMASK, [], [pid 6304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6304] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6284] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] <... ioctl resumed>) = 0 [pid 6284] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6304] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] <... write resumed>) = 9740288 [pid 6285] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] exit_group(0 [pid 6304] <... futex resumed>) = ? [pid 6285] <... futex resumed>) = ? [pid 6284] <... exit_group resumed>) = ? [pid 6285] +++ exited with 0 +++ [pid 6304] +++ exited with 0 +++ [pid 6284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6284, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 119.661694][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 6305 ./strace-static-x86_64: Process 6305 attached [pid 6305] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6305] chdir("./51") = 0 [pid 6305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6305] setpgid(0, 0) = 0 [pid 6305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6305] write(3, "1000", 4) = 4 [pid 6305] close(3) = 0 [pid 6305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6305] write(1, "executing program\n", 18executing program ) = 18 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6305] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6306 attached [pid 6306] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6305] <... clone3 resumed> => {parent_tid=[6306]}, 88) = 6306 [pid 6306] <... rseq resumed>) = 0 [pid 6305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] set_robust_list(0x7f4f3b1629a0, 24) = 0 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6306] memfd_create("syzkaller", 0) = 3 [pid 6306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6306] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6306] close(3) = 0 [pid 6306] close(4) = 0 [pid 6306] mkdir("./file0", 0777) = 0 [ 120.094938][ T6306] loop0: detected capacity change from 0 to 32768 [ 120.123747][ T6306] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6306) [pid 6306] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 120.147840][ T6306] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 120.158091][ T6306] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 120.167291][ T6306] BTRFS info (device loop0): using free-space-tree [pid 6306] ioctl(4, LOOP_CLR_FD) = 0 [pid 6306] close(4) = 0 [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6306] memfd_create("syzkaller", 0) = 4 [pid 6306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6306] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6306] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6306] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6306] ioctl(5, LOOP_CLR_FD) = 0 [pid 6306] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6306] close(5) = 0 [pid 6306] close(4) = 0 [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6306] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] <... futex resumed>) = 1 [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6306] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... futex resumed>) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6306] write(-1, "#! ./file0\n", 11 [pid 6305] <... futex resumed>) = 1 [pid 6306] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6305] <... futex resumed>) = 1 [pid 6306] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] mkdir("./file1", 000 [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... mkdir resumed>) = 0 [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6305] <... futex resumed>) = 0 [pid 6306] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... futex resumed>) = 0 [pid 6305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] <... futex resumed>) = 0 [pid 6306] chdir("./file0") = 0 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] openat(AT_FDCWD, ".", O_RDONLY [pid 6305] <... futex resumed>) = 0 [pid 6306] <... openat resumed>) = 4 [ 120.406455][ T6306] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] <... futex resumed>) = 0 [pid 6306] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... openat resumed>) = 5 [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] <... futex resumed>) = 0 [pid 6306] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6305] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6305] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6305] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6326 attached => {parent_tid=[6326]}, 88) = 6326 [pid 6305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6305] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6326] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6305] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] set_robust_list(0x7f4f3b1419a0, 24) = 0 [pid 6326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6326] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0}) = 0 [pid 6326] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] <... futex resumed>) = 0 [pid 6306] <... write resumed>) = 9740288 [pid 6306] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] exit_group(0 [pid 6306] <... futex resumed>) = 0 [pid 6326] <... futex resumed>) = ? [pid 6326] +++ exited with 0 +++ [pid 6305] <... exit_group resumed>) = ? [pid 6306] +++ exited with 0 +++ [pid 6305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6305, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 120.869954][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6327 attached , child_tidptr=0x555581abb690) = 6327 [pid 6327] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6327] chdir("./52") = 0 [pid 6327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6327] setpgid(0, 0) = 0 [pid 6327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6327] write(3, "1000", 4) = 4 [pid 6327] close(3) = 0 [pid 6327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6327] write(1, "executing program\n", 18executing program ) = 18 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6327] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6328 attached [pid 6328] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6327] <... clone3 resumed> => {parent_tid=[6328]}, 88) = 6328 [pid 6328] <... rseq resumed>) = 0 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], [pid 6328] set_robust_list(0x7f4f3b1629a0, 24 [pid 6327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6328] <... set_robust_list resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6327] <... futex resumed>) = 0 [pid 6328] memfd_create("syzkaller", 0 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6328] <... memfd_create resumed>) = 3 [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6328] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6328] close(3) = 0 [pid 6328] close(4) = 0 [pid 6328] mkdir("./file0", 0777) = 0 [ 121.300108][ T6328] loop0: detected capacity change from 0 to 32768 [ 121.311255][ T6328] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6328) [ 121.328870][ T6328] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 121.341539][ T6328] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6328] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6328] ioctl(4, LOOP_CLR_FD) = 0 [ 121.353128][ T6328] BTRFS info (device loop0): using free-space-tree [pid 6328] close(4) = 0 [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6328] memfd_create("syzkaller", 0) = 4 [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6328] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6328] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6328] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6328] ioctl(5, LOOP_CLR_FD) = 0 [pid 6328] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6328] close(5) = 0 [pid 6328] close(4) = 0 [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6328] pread64(-1, [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] <... futex resumed>) = 0 [pid 6328] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] mkdir("./file1", 000 [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... mkdir resumed>) = 0 [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6327] <... futex resumed>) = 0 [pid 6328] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6328] chdir("./file0" [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... chdir resumed>) = 0 [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] openat(AT_FDCWD, ".", O_RDONLY [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... openat resumed>) = 4 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 0 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... openat resumed>) = 5 [ 121.509012][ T6328] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] <... futex resumed>) = 0 [pid 6328] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6327] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6327] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6327] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6347 attached [pid 6347] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6347] set_robust_list(0x7f4f3b1419a0, 24 [pid 6327] <... clone3 resumed> => {parent_tid=[6347]}, 88) = 6347 [pid 6347] <... set_robust_list resumed>) = 0 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], [pid 6327] rt_sigprocmask(SIG_SETMASK, [], [pid 6347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6347] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6327] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... ioctl resumed>) = 0 [pid 6347] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6347] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] <... write resumed>) = 9740288 [pid 6328] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] exit_group(0 [pid 6347] <... futex resumed>) = ? [pid 6328] <... futex resumed>) = ? [pid 6327] <... exit_group resumed>) = ? [pid 6347] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ [pid 6327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6327, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 122.010233][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6348 attached , child_tidptr=0x555581abb690) = 6348 [pid 6348] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6348] chdir("./53") = 0 [pid 6348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6348] setpgid(0, 0) = 0 [pid 6348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6348] write(3, "1000", 4) = 4 [pid 6348] close(3) = 0 [pid 6348] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6348] write(1, "executing program\n", 18) = 18 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6348] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6349 attached => {parent_tid=[6349]}, 88) = 6349 [pid 6349] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053) = 0 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6349] set_robust_list(0x7f4f3b1629a0, 24 [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6349] <... set_robust_list resumed>) = 0 [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] rt_sigprocmask(SIG_SETMASK, [], [pid 6348] <... futex resumed>) = 0 [pid 6349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] memfd_create("syzkaller", 0) = 3 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6349] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6349] close(3) = 0 [pid 6349] close(4) = 0 [pid 6349] mkdir("./file0", 0777) = 0 [ 122.475175][ T6349] loop0: detected capacity change from 0 to 32768 [ 122.522358][ T6349] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6349) [ 122.540979][ T6349] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 122.551907][ T6349] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 122.561092][ T6349] BTRFS info (device loop0): using free-space-tree [pid 6349] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_CLR_FD) = 0 [pid 6349] close(4) = 0 [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6348] <... futex resumed>) = 0 [pid 6349] memfd_create("syzkaller", 0 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] <... memfd_create resumed>) = 4 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6349] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6349] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6349] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6349] ioctl(5, LOOP_CLR_FD) = 0 [pid 6349] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6349] close(5) = 0 [pid 6349] close(4) = 0 [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6349] <... futex resumed>) = 1 [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] pread64(-1, [pid 6348] <... futex resumed>) = 0 [pid 6349] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6349] <... futex resumed>) = 0 [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32) = -1 EBADF (Bad file descriptor) [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... futex resumed>) = 0 [pid 6348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6349] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6348] <... futex resumed>) = 0 [pid 6349] write(-1, "#! ./file0\n", 11 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6348] <... futex resumed>) = 0 [pid 6349] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] mkdir("./file1", 000) = 0 [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6348] <... futex resumed>) = 0 [pid 6349] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] chdir("./file0" [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... chdir resumed>) = 0 [ 122.748614][ T6349] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] openat(AT_FDCWD, ".", O_RDONLY [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... openat resumed>) = 4 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6349] <... futex resumed>) = 0 [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] <... futex resumed>) = 1 [pid 6348] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6348] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6348] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6348] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6369 attached => {parent_tid=[6369]}, 88) = 6369 [pid 6369] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6369] set_robust_list(0x7f4f3b1419a0, 24 [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] <... set_robust_list resumed>) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], [pid 6348] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... ioctl resumed>) = 0 [pid 6369] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6369] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6349] <... write resumed>) = 9740288 [pid 6349] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] exit_group(0 [pid 6369] <... futex resumed>) = ? [pid 6369] +++ exited with 0 +++ [pid 6348] <... exit_group resumed>) = ? [pid 6349] <... futex resumed>) = ? [pid 6349] +++ exited with 0 +++ [pid 6348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6348, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 123.270717][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 6370 ./strace-static-x86_64: Process 6370 attached [pid 6370] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6370] chdir("./54") = 0 [pid 6370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6370] setpgid(0, 0) = 0 [pid 6370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6370] write(3, "1000", 4) = 4 [pid 6370] close(3) = 0 [pid 6370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6370] write(1, "executing program\n", 18executing program ) = 18 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6370] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6370] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6371 attached [pid 6371] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6370] <... clone3 resumed> => {parent_tid=[6371]}, 88) = 6371 [pid 6371] <... rseq resumed>) = 0 [pid 6370] rt_sigprocmask(SIG_SETMASK, [], [pid 6371] set_robust_list(0x7f4f3b1629a0, 24 [pid 6370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6371] <... set_robust_list resumed>) = 0 [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6370] <... futex resumed>) = 0 [pid 6371] memfd_create("syzkaller", 0 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6371] <... memfd_create resumed>) = 3 [pid 6371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6371] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6371] close(3) = 0 [pid 6371] close(4) = 0 [pid 6371] mkdir("./file0", 0777) = 0 [ 123.760017][ T6371] loop0: detected capacity change from 0 to 32768 [ 123.782237][ T6371] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6371) [ 123.805424][ T6371] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 123.816011][ T6371] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 123.825174][ T6371] BTRFS info (device loop0): using free-space-tree [pid 6371] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6371] ioctl(4, LOOP_CLR_FD) = 0 [pid 6371] close(4) = 0 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6371] memfd_create("syzkaller", 0 [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] <... memfd_create resumed>) = 4 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6371] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6371] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6371] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6371] ioctl(5, LOOP_CLR_FD) = 0 [pid 6371] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6371] close(5) = 0 [pid 6371] close(4) = 0 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] pread64(-1, [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... pread64 resumed>NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6371] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6370] <... futex resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... futex resumed>) = 0 [pid 6370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] write(-1, "#! ./file0\n", 11 [pid 6370] <... futex resumed>) = 0 [pid 6371] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... futex resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = 0 [pid 6370] <... futex resumed>) = 1 [pid 6371] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6370] <... futex resumed>) = 0 [pid 6371] mkdir("./file1", 000 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... mkdir resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6370] <... futex resumed>) = 0 [pid 6371] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] <... futex resumed>) = 0 [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] chdir("./file0") = 0 [pid 6370] <... futex resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... futex resumed>) = 0 [pid 6370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6370] <... futex resumed>) = 0 [pid 6371] openat(AT_FDCWD, ".", O_RDONLY [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... openat resumed>) = 4 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6370] <... futex resumed>) = 0 [pid 6371] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... openat resumed>) = 5 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6371] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6370] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.995301][ T6371] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6370] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6370] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6370] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6390 attached [pid 6390] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6370] <... clone3 resumed> => {parent_tid=[6390]}, 88) = 6390 [pid 6390] set_robust_list(0x7f4f3b1419a0, 24 [pid 6370] rt_sigprocmask(SIG_SETMASK, [], [pid 6390] <... set_robust_list resumed>) = 0 [pid 6390] rt_sigprocmask(SIG_SETMASK, [], [pid 6370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6370] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6370] <... futex resumed>) = 0 [pid 6370] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6390] <... ioctl resumed>) = 0 [pid 6390] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6390] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] <... futex resumed>) = 0 [pid 6371] <... write resumed>) = 9740288 [pid 6371] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] exit_group(0 [pid 6390] <... futex resumed>) = ? [pid 6370] <... exit_group resumed>) = ? [pid 6390] +++ exited with 0 +++ [pid 6371] <... futex resumed>) = ? [pid 6371] +++ exited with 0 +++ [pid 6370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6370, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 124.438951][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|000, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581ac4770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581ac4770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x555581abc730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581abb690) = 6391 ./strace-static-x86_64: Process 6391 attached [pid 6391] set_robust_list(0x555581abb6a0, 24) = 0 [pid 6391] chdir("./55") = 0 [pid 6391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6391] setpgid(0, 0) = 0 [pid 6391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6391] write(3, "1000", 4) = 4 [pid 6391] close(3) = 0 [pid 6391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6391] write(1, "executing program\n", 18executing program ) = 18 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] rt_sigaction(SIGRT_1, {sa_handler=0x7f4f3b1d3270, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4f3b1c4420}, NULL, 8) = 0 [pid 6391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b142000 [pid 6391] mprotect(0x7f4f3b143000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b162990, parent_tid=0x7f4f3b162990, exit_signal=0, stack=0x7f4f3b142000, stack_size=0x20300, tls=0x7f4f3b1626c0}./strace-static-x86_64: Process 6392 attached [pid 6392] rseq(0x7f4f3b162fe0, 0x20, 0, 0x53053053 [pid 6391] <... clone3 resumed> => {parent_tid=[6392]}, 88) = 6392 [pid 6392] <... rseq resumed>) = 0 [pid 6391] rt_sigprocmask(SIG_SETMASK, [], [pid 6392] set_robust_list(0x7f4f3b1629a0, 24 [pid 6391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6392] <... set_robust_list resumed>) = 0 [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] rt_sigprocmask(SIG_SETMASK, [], [pid 6391] <... futex resumed>) = 0 [pid 6392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6392] memfd_create("syzkaller", 0 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6392] <... memfd_create resumed>) = 3 [pid 6392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6392] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6392] close(3) = 0 [pid 6392] close(4) = 0 [pid 6392] mkdir("./file0", 0777) = 0 [ 124.851554][ T6392] loop0: detected capacity change from 0 to 32768 [ 124.890707][ T6392] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor265 (6392) [ 124.908966][ T6392] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 124.919546][ T6392] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 124.928219][ T6392] BTRFS info (device loop0): using free-space-tree [pid 6392] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 6392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6392] ioctl(4, LOOP_CLR_FD) = 0 [pid 6392] close(4) = 0 [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 1 [pid 6391] <... futex resumed>) = 0 [pid 6392] memfd_create("syzkaller", 0 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6392] <... memfd_create resumed>) = 4 [pid 6392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4f32c00000 [pid 6392] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69632) = 69632 [pid 6392] munmap(0x7f4f32c00000, 138412032) = 0 [pid 6392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6392] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6392] ioctl(5, LOOP_CLR_FD) = 0 [pid 6392] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6392] close(5) = 0 [pid 6392] close(4) = 0 [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] <... futex resumed>) = 0 [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6392] pread64(-1, NULL, 0, 2) = -1 EBADF (Bad file descriptor) [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] write(-1, "\x00\x00\x00\x00\x18\x00\x00\xfa\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00", 32 [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6392] write(-1, "#! ./file0\n", 11) = -1 EBADF (Bad file descriptor) [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] <... futex resumed>) = 0 [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] mount("/dev/nullb0", "./file0", "reiserfs", 0, NULL) = -1 EINVAL (Invalid argument) [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] <... futex resumed>) = 0 [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6391] <... futex resumed>) = 0 [pid 6392] mkdir("./file1", 000) = 0 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] <... futex resumed>) = 0 [pid 6392] openat(3, NULL, O_RDONLY|O_LARGEFILE|O_NOFOLLOW [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6391] <... futex resumed>) = 0 [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6392] chdir("./file0") = 0 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] <... futex resumed>) = 0 [pid 6392] openat(AT_FDCWD, ".", O_RDONLY [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... openat resumed>) = 4 [pid 6391] <... futex resumed>) = 0 [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... futex resumed>) = 0 [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6392] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... openat resumed>) = 5 [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] <... futex resumed>) = 0 [ 125.029782][ T6392] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f4f3b23a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6392] write(5, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6391] futex(0x7f4f3b23a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6391] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4f3b121000 [pid 6391] mprotect(0x7f4f3b122000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4f3b141990, parent_tid=0x7f4f3b141990, exit_signal=0, stack=0x7f4f3b121000, stack_size=0x20300, tls=0x7f4f3b1416c0}./strace-static-x86_64: Process 6411 attached [pid 6411] rseq(0x7f4f3b141fe0, 0x20, 0, 0x53053053) = 0 [pid 6411] set_robust_list(0x7f4f3b1419a0, 24 [pid 6391] <... clone3 resumed> => {parent_tid=[6411]}, 88) = 6411 [pid 6411] <... set_robust_list resumed>) = 0 [pid 6391] rt_sigprocmask(SIG_SETMASK, [], [pid 6411] rt_sigprocmask(SIG_SETMASK, [], [pid 6391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6391] futex(0x7f4f3b23a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] ioctl(4, FITRIM, {start=0x4100, len=4760810514716670597, minlen=0} [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f4f3b23a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6411] <... ioctl resumed>) = 0 [pid 6411] futex(0x7f4f3b23a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f4f3b23a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] <... write resumed>) = 13541376 [pid 6392] futex(0x7f4f3b23a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] futex(0x7f4f3b23a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] exit_group(0 [pid 6392] <... futex resumed>) = ? [pid 6391] <... exit_group resumed>) = ? [pid 6392] +++ exited with 0 +++ [pid 6411] <... futex resumed>) = ? [pid 6411] +++ exited with 0 +++ [pid 6391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6391, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555581abc730 /* 5 entries */, 32768) = 144 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 125.646399][ T5222] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 125.875519][ T5222] assertion failed: list_empty(&fs_info->delalloc_roots), in fs/btrfs/disk-io.c:4340 [ 125.885349][ T5222] ------------[ cut here ]------------ [ 125.891045][ T5222] kernel BUG at fs/btrfs/disk-io.c:4340! [ 125.896711][ T5222] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 125.903636][ T5222] CPU: 1 UID: 0 PID: 5222 Comm: syz-executor265 Not tainted 6.11.0-rc5-syzkaller-00050-g3ec3f5fc4a91 #0 [ 125.914732][ T5222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 125.924774][ T5222] RIP: 0010:close_ctree+0x915/0xd20 [ 125.929990][ T5222] Code: ff ff 90 0f 0b e8 ab ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 e0 e8 2b 8c 48 c7 c2 20 b9 2b 8c b9 f4 10 00 00 e8 4c 9d ff ff 90 <0f> 0b e8 84 ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 80 04 2c 8c 48 [ 125.949586][ T5222] RSP: 0018:ffffc90003367a40 EFLAGS: 00010246 [ 125.955637][ T5222] RAX: 0000000000000052 RBX: ffff88802a508f28 RCX: dea3563902e82f00 [ 125.963588][ T5222] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 125.971538][ T5222] RBP: ffffc90003367be0 R08: ffffffff817400cc R09: 1ffff9200066cee8 [ 125.979485][ T5222] R10: dffffc0000000000 R11: fffff5200066cee9 R12: ffff88802a508000 [ 125.987432][ T5222] R13: ffff88802a508fa0 R14: 1ffff110054a1272 R15: 0000000000000000 [ 125.995380][ T5222] FS: 0000555581abb3c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 126.004294][ T5222] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.010865][ T5222] CR2: 00007ffd4394bbac CR3: 0000000075d3c000 CR4: 00000000003506f0 [ 126.018823][ T5222] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 126.026780][ T5222] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 126.034753][ T5222] Call Trace: [ 126.038020][ T5222] [ 126.040938][ T5222] ? __die_body+0x88/0xe0 [ 126.045272][ T5222] ? die+0xcf/0x110 [ 126.049072][ T5222] ? do_trap+0x15a/0x3a0 [ 126.053308][ T5222] ? close_ctree+0x915/0xd20 [ 126.057909][ T5222] ? do_error_trap+0x1dc/0x2c0 [ 126.062678][ T5222] ? close_ctree+0x915/0xd20 [ 126.067283][ T5222] ? _raw_spin_unlock_irq+0x2e/0x50 [ 126.072502][ T5222] ? __pfx_do_error_trap+0x10/0x10 [ 126.077605][ T5222] ? handle_invalid_op+0x34/0x40 [ 126.082530][ T5222] ? close_ctree+0x915/0xd20 [ 126.087112][ T5222] ? exc_invalid_op+0x38/0x50 [ 126.091862][ T5222] ? asm_exc_invalid_op+0x1a/0x20 [ 126.096876][ T5222] ? __wake_up_klogd+0xcc/0x110 [ 126.101715][ T5222] ? close_ctree+0x915/0xd20 [ 126.106293][ T5222] ? hook_sb_delete+0x846/0xb90 [ 126.111139][ T5222] ? __pfx_close_ctree+0x10/0x10 [ 126.116059][ T5222] ? hook_sb_delete+0x1a3/0xb90 [ 126.120894][ T5222] ? __pfx_fsnotify_sb_delete+0x10/0x10 [ 126.126431][ T5222] ? __pfx_evict_inodes+0x10/0x10 [ 126.131445][ T5222] ? btrfs_attach_transaction_barrier+0x34/0xa0 [ 126.137695][ T5222] ? btrfs_sync_fs+0x1d4/0x700 [ 126.142499][ T5222] ? __pfx_btrfs_put_super+0x10/0x10 [ 126.147783][ T5222] generic_shutdown_super+0x136/0x2d0 [ 126.153161][ T5222] kill_anon_super+0x3b/0x70 [ 126.157740][ T5222] btrfs_kill_super+0x41/0x50 [ 126.162433][ T5222] deactivate_locked_super+0xc4/0x130 [ 126.167798][ T5222] cleanup_mnt+0x41f/0x4b0 [ 126.172204][ T5222] ? lockdep_hardirqs_on+0x99/0x150 [ 126.177392][ T5222] task_work_run+0x24f/0x310 [ 126.181970][ T5222] ? __pfx_task_work_run+0x10/0x10 [ 126.187066][ T5222] ? path_umount+0x284/0xf70 [ 126.191641][ T5222] ptrace_notify+0x2d2/0x380 [ 126.196220][ T5222] ? __pfx_path_umount+0x10/0x10 [ 126.201145][ T5222] ? __pfx_ptrace_notify+0x10/0x10 [ 126.206263][ T5222] ? __x64_sys_umount+0x123/0x170 [ 126.211273][ T5222] ? __pfx___x64_sys_umount+0x10/0x10 [ 126.216627][ T5222] syscall_exit_work+0xc6/0x190 [ 126.221462][ T5222] syscall_exit_to_user_mode+0x279/0x370 [ 126.227083][ T5222] do_syscall_64+0x100/0x230 [ 126.231657][ T5222] ? clear_bhb_loop+0x35/0x90 [ 126.236322][ T5222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.242214][ T5222] RIP: 0033:0x7f4f3b1ae0b7 [ 126.246619][ T5222] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 126.266342][ T5222] RSP: 002b:00007ffd4394bb98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 126.274755][ T5222] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f4f3b1ae0b7 [ 126.282722][ T5222] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd4394bc50 [ 126.290680][ T5222] RBP: 00007ffd4394bc50 R08: 0000000000000000 R09: 0000000000000000 [ 126.298656][ T5222] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd4394cd00 [ 126.306617][ T5222] R13: 0000555581abc700 R14: 431bde82d7b634db R15: 00007ffd4394cca4 [ 126.314581][ T5222] [ 126.317583][ T5222] Modules linked in: [ 126.321890][ T5222] ---[ end trace 0000000000000000 ]--- [ 126.327355][ T5222] RIP: 0010:close_ctree+0x915/0xd20 [ 126.332865][ T5222] Code: ff ff 90 0f 0b e8 ab ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 e0 e8 2b 8c 48 c7 c2 20 b9 2b 8c b9 f4 10 00 00 e8 4c 9d ff ff 90 <0f> 0b e8 84 ce e7 f5 48 c7 c7 a0 b8 2b 8c 48 c7 c6 80 04 2c 8c 48 [ 126.352514][ T5222] RSP: 0018:ffffc90003367a40 EFLAGS: 00010246 [ 126.358587][ T5222] RAX: 0000000000000052 RBX: ffff88802a508f28 RCX: dea3563902e82f00 [ 126.366608][ T5222] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 126.374607][ T5222] RBP: ffffc90003367be0 R08: ffffffff817400cc R09: 1ffff9200066cee8 [ 126.382615][ T5222] R10: dffffc0000000000 R11: fffff5200066cee9 R12: ffff88802a508000 [ 126.390619][ T5222] R13: ffff88802a508fa0 R14: 1ffff110054a1272 R15: 0000000000000000 [ 126.398589][ T5222] FS: 0000555581abb3c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 126.407529][ T5222] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.416228][ T5222] CR2: 00007ffd4394bbac CR3: 0000000075d3c000 CR4: 00000000003506f0 [ 126.424266][ T5222] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 126.432274][ T5222] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 126.440280][ T5222] Kernel panic - not syncing: Fatal exception [ 126.446553][ T5222] Kernel Offset: disabled [ 126.450864][ T5222] Rebooting in 86400 seconds..