./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3237085345 <...> Warning: Permanently added '10.128.0.18' (ED25519) to the list of known hosts. execve("./syz-executor3237085345", ["./syz-executor3237085345"], 0x7ffe0efa2a10 /* 10 vars */) = 0 brk(NULL) = 0x55558bffa000 brk(0x55558bffad40) = 0x55558bffad40 arch_prctl(ARCH_SET_FS, 0x55558bffa3c0) = 0 set_tid_address(0x55558bffa690) = 5828 set_robust_list(0x55558bffa6a0, 24) = 0 rseq(0x55558bfface0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3237085345", 4096) = 28 getrandom("\x7e\x7e\x24\x5e\x5c\x0e\xe8\x86", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558bffad40 brk(0x55558c01bd40) = 0x55558c01bd40 brk(0x55558c01c000) = 0x55558c01c000 mprotect(0x7fb77d6d7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x55558bffa690) = 5829 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] set_robust_list(0x55558bffa6a0, 24) = 0 ./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5829] mkdir("./syzkaller.6DWJ0b", 0700 [pid 5828] <... clone resumed>, child_tidptr=0x55558bffa690) = 5830 [pid 5830] mkdir("./syzkaller.mhbJUz", 0700 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 5831 ./strace-static-x86_64: Process 5831 attached [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] set_robust_list(0x55558bffa6a0, 24 [pid 5829] chmod("./syzkaller.6DWJ0b", 0777./strace-static-x86_64: Process 5832 attached [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] chmod("./syzkaller.mhbJUz", 0777) = 0 [pid 5829] <... chmod resumed>) = 0 [pid 5832] set_robust_list(0x55558bffa6a0, 24 [pid 5830] chdir("./syzkaller.mhbJUz" [pid 5832] <... set_robust_list resumed>) = 0 [pid 5829] chdir("./syzkaller.6DWJ0b" [pid 5830] <... chdir resumed>) = 0 [pid 5829] <... chdir resumed>) = 0 [pid 5831] mkdir("./syzkaller.az27jI", 0700 [pid 5830] mkdir("./0", 0777 [pid 5832] mkdir("./syzkaller.AfcRSK", 0700 [pid 5828] <... clone resumed>, child_tidptr=0x55558bffa690) = 5832 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] mkdir("./0", 0777 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] chmod("./syzkaller.AfcRSK", 0777 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5833 attached [pid 5832] <... chmod resumed>) = 0 [pid 5831] chmod("./syzkaller.az27jI", 0777 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... clone resumed>, child_tidptr=0x55558bffa690) = 5833 [pid 5833] set_robust_list(0x55558bffa6a0, 24 [pid 5832] chdir("./syzkaller.AfcRSK" [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... chmod resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] <... chdir resumed>) = 0 [pid 5831] chdir("./syzkaller.az27jI" [pid 5829] <... openat resumed>) = 3 [pid 5833] mkdir("./syzkaller.HSEAn9", 0700 [pid 5831] <... chdir resumed>) = 0 [pid 5832] mkdir("./0", 0777 [pid 5831] mkdir("./0", 0777 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5833] <... mkdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... mkdir resumed>) = 0 [pid 5833] chmod("./syzkaller.HSEAn9", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] close(3 [pid 5829] close(3 [pid 5833] <... chmod resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] chdir("./syzkaller.HSEAn9" [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached [pid 5833] <... chdir resumed>) = 0 [pid 5833] mkdir("./0", 0777 [pid 5832] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5834 attached [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5835] set_robust_list(0x55558bffa6a0, 24 [pid 5832] close(3 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5835] chdir("./0" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached [pid 5835] <... chdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 5835 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5836] set_robust_list(0x55558bffa6a0, 24 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 5836 [pid 5836] chdir("./0" [pid 5835] <... openat resumed>) = 3 [pid 5834] set_robust_list(0x55558bffa6a0, 24 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 5834 [pid 5834] <... set_robust_list resumed>) = 0 [pid 5836] <... chdir resumed>) = 0 [pid 5835] write(3, "1000", 4 [pid 5833] <... openat resumed>) = 3 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] chdir("./0" [pid 5836] <... prctl resumed>) = 0 [pid 5835] <... write resumed>) = 4 [pid 5834] <... chdir resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5831] <... close resumed>) = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5836] setpgid(0, 0 [pid 5834] <... prctl resumed>) = 0 [pid 5835] close(3 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5836] <... setpgid resumed>) = 0 [pid 5834] setpgid(0, 0 [pid 5835] <... close resumed>) = 0 [pid 5833] close(3 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... setpgid resumed>) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5837 attached [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5835] <... symlink resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5837] set_robust_list(0x55558bffa6a0, 24 [pid 5836] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 5837 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] chdir("./0" [pid 5834] write(3, "1000", 4 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 ./strace-static-x86_64: Process 5838 attached [pid 5837] <... chdir resumed>) = 0 [pid 5834] <... write resumed>) = 4 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] close(3executing program [pid 5838] set_robust_list(0x55558bffa6a0, 24 [pid 5837] <... prctl resumed>) = 0 [pid 5838] <... set_robust_list resumed>) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... close resumed>) = 0 [pid 5835] write(1, "executing program\n", 18 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 5838 [pid 5837] setpgid(0, 0) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs" [pid 5838] chdir("./0" [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... symlink resumed>) = 0 [pid 5834] <... symlink resumed>) = 0 [pid 5835] <... write resumed>) = 18 [pid 5838] <... chdir resumed>) = 0 executing program [pid 5837] <... openat resumed>) = 3 [pid 5834] write(1, "executing program\n", 18 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 executing program [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5837] write(3, "1000", 4 [pid 5836] write(1, "executing program\n", 18 [pid 5834] <... write resumed>) = 18 [pid 5835] <... futex resumed>) = 0 [pid 5838] <... prctl resumed>) = 0 [pid 5837] <... write resumed>) = 4 [pid 5836] <... write resumed>) = 18 [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5838] setpgid(0, 0 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5835] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5837] close(3 [pid 5838] <... setpgid resumed>) = 0 [pid 5836] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5834] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] <... close resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] symlink("/dev/binderfs", "./binderfs" [pid 5836] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5837] <... symlink resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], executing program [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5835] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5838] <... openat resumed>) = 3 [pid 5837] write(1, "executing program\n", 18 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5838] write(3, "1000", 4 [pid 5837] <... write resumed>) = 18 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5834] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5835] <... mprotect resumed>) = 0 [pid 5838] <... write resumed>) = 4 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5838] close(3) = 0 [pid 5836] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5834] <... mprotect resumed>) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5838] symlink("/dev/binderfs", "./binderfs" [pid 5837] <... futex resumed>) = 0 [pid 5836] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5835] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5838] <... symlink resumed>) = 0 [pid 5837] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5836] <... mprotect resumed>) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} executing program [pid 5838] write(1, "executing program\n", 18 [pid 5837] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5840 attached [pid 5838] <... write resumed>) = 18 [pid 5837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5836] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5835] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5835] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5841 attached [pid 5840] <... rseq resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] set_robust_list(0x7fb77d6019a0, 24 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5841] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5838] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5837] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5834] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5841] <... rseq resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5837] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] set_robust_list(0x7fb77d6019a0, 24 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5837] <... mprotect resumed>) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5842 attached [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5837] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5836] <... clone3 resumed> => {parent_tid=[5841]}, 88) = 5841 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5841] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... futex resumed>) = 0 [pid 5838] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5837] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5842] <... rseq resumed>) = 0 [pid 5840] memfd_create("syzkaller", 0 [pid 5838] <... mprotect resumed>) = 0 [pid 5837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] set_robust_list(0x7fb77d6019a0, 24 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5836] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5843 attached [pid 5842] <... set_robust_list resumed>) = 0 [pid 5841] <... futex resumed>) = 0 [pid 5840] <... memfd_create resumed>) = 3 [pid 5838] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5843] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] memfd_create("syzkaller", 0 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5837] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5844 attached [pid 5843] <... rseq resumed>) = 0 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... memfd_create resumed>) = 3 [pid 5840] <... mmap resumed>) = 0x7fb775000000 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5843] set_robust_list(0x7fb77d6019a0, 24 [pid 5842] memfd_create("syzkaller", 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... rseq resumed>) = 0 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... clone3 resumed> => {parent_tid=[5844]}, 88) = 5844 [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... memfd_create resumed>) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... futex resumed>) = 0 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... mmap resumed>) = 0x7fb775000000 [pid 5841] <... mmap resumed>) = 0x7fb775000000 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] set_robust_list(0x7fb77d6019a0, 24 [pid 5843] memfd_create("syzkaller", 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5843] <... memfd_create resumed>) = 3 [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... futex resumed>) = 0 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5844] memfd_create("syzkaller", 0 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... memfd_create resumed>) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] <... write resumed>) = 16777216 [pid 5842] <... write resumed>) = 16777216 [pid 5840] <... write resumed>) = 16777216 [pid 5840] munmap(0x7fb775000000, 138412032 [pid 5843] munmap(0x7fb775000000, 138412032 [pid 5842] munmap(0x7fb775000000, 138412032 [pid 5843] <... munmap resumed>) = 0 [pid 5840] <... munmap resumed>) = 0 [pid 5842] <... munmap resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5842] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5844] <... write resumed>) = 16777216 [pid 5844] munmap(0x7fb775000000, 138412032 [pid 5843] <... openat resumed>) = 4 [pid 5842] <... openat resumed>) = 4 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] ioctl(4, LOOP_SET_FD, 3 [pid 5840] <... openat resumed>) = 4 [pid 5840] ioctl(4, LOOP_SET_FD, 3 [pid 5844] <... munmap resumed>) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5843] <... ioctl resumed>) = 0 [pid 5842] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... write resumed>) = 16777216 [pid 5844] <... openat resumed>) = 4 [pid 5843] close(3 [pid 5840] <... ioctl resumed>) = 0 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [pid 5843] <... close resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] munmap(0x7fb775000000, 138412032 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5840] close(3 [pid 5844] <... ioctl resumed>) = 0 [pid 5843] close(4 [pid 5842] mkdir("./file0", 0777 [pid 5840] <... close resumed>) = 0 [pid 5844] close(3 [pid 5843] <... close resumed>) = 0 [pid 5842] <... mkdir resumed>) = 0 [pid 5840] close(4 [pid 5844] <... close resumed>) = 0 [pid 5843] mkdir("./file0", 0777 [pid 5844] close(4 [pid 5843] <... mkdir resumed>) = 0 [pid 5842] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5840] <... close resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5843] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5841] <... munmap resumed>) = 0 [pid 5840] mkdir("./file0", 0777 [pid 5844] mkdir("./file0", 0777 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... mkdir resumed>) = 0 syzkaller login: [ 59.199949][ T5843] loop2: detected capacity change from 0 to 32768 [ 59.202962][ T5840] loop0: detected capacity change from 0 to 32768 [ 59.209930][ T5842] loop1: detected capacity change from 0 to 32768 [ 59.227057][ T5844] loop4: detected capacity change from 0 to 32768 [pid 5844] <... mkdir resumed>) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5840] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5841] ioctl(4, LOOP_SET_FD, 3 [pid 5844] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5841] <... ioctl resumed>) = 0 [ 59.261296][ T5842] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (5842) [ 59.282132][ T5841] loop3: detected capacity change from 0 to 32768 [ 59.288950][ T5842] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.301914][ T5843] BTRFS: device /dev/loop2 (7:2) using temp-fsid eba9269b-305b-4bf3-b40a-abc74c12b92d [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] mkdir("./file0", 0777) = 0 [ 59.305206][ T5842] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 59.321233][ T5843] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (5843) [ 59.353537][ T5842] BTRFS info (device loop1): using free-space-tree [ 59.365770][ T5840] BTRFS: device /dev/loop0 (7:0) using temp-fsid b2939d16-c039-4d41-b819-37fdd6959c81 [ 59.383779][ T5843] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.402020][ T5840] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (5840) [ 59.427944][ T5843] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 59.447518][ T5843] BTRFS info (device loop2): using free-space-tree [ 59.459222][ T5844] BTRFS: device /dev/loop4 (7:4) using temp-fsid a5245226-b64c-4476-96df-990dcd9865c9 [ 59.469740][ T5840] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.470018][ T5844] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (5844) [ 59.496601][ T5840] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 59.506332][ T5840] BTRFS info (device loop0): using free-space-tree [ 59.516474][ T5841] BTRFS: device /dev/loop3 (7:3) using temp-fsid 505686f1-4367-4c0b-b8d7-621d03f6ac7a [ 59.527722][ T5844] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 59.538931][ T5841] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (5841) [ 59.552625][ T5844] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 59.563612][ T5844] BTRFS info (device loop4): using free-space-tree [ 59.593956][ T5841] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5841] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5842] <... mount resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] chdir("./file0") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_CLR_FD) = 0 [pid 5842] close(4) = 0 [ 59.605077][ T5841] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 59.615154][ T5841] BTRFS info (device loop3): using free-space-tree [pid 5842] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5842] memfd_create("syzkaller", 0 [pid 5834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... memfd_create resumed>) = 4 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5843] <... mount resumed>) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5841] <... mount resumed>) = 0 [pid 5840] <... mount resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5843] chdir("./file0" [pid 5841] <... openat resumed>) = 3 [pid 5843] <... chdir resumed>) = 0 [pid 5841] chdir("./file0" [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] <... chdir resumed>) = 0 [pid 5844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5843] <... openat resumed>) = 4 [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5844] <... openat resumed>) = 3 [pid 5843] ioctl(4, LOOP_CLR_FD [pid 5841] <... openat resumed>) = 4 [pid 5840] <... openat resumed>) = 3 [pid 5844] chdir("./file0" [pid 5843] <... ioctl resumed>) = 0 [pid 5841] ioctl(4, LOOP_CLR_FD [pid 5844] <... chdir resumed>) = 0 [pid 5843] close(4 [pid 5840] chdir("./file0" [pid 5844] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5843] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = 0 [pid 5844] <... openat resumed>) = 4 [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] close(4 [pid 5844] ioctl(4, LOOP_CLR_FD [pid 5843] <... futex resumed>) = 1 [pid 5841] <... close resumed>) = 0 [pid 5840] <... chdir resumed>) = 0 [pid 5844] <... ioctl resumed>) = 0 [pid 5843] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5844] close(4 [pid 5841] <... futex resumed>) = 1 [pid 5840] <... openat resumed>) = 4 [pid 5836] <... futex resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5841] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] ioctl(4, LOOP_CLR_FD [pid 5836] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5837] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5840] <... ioctl resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] memfd_create("syzkaller", 0 [pid 5841] memfd_create("syzkaller", 0 [pid 5840] close(4 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... memfd_create resumed>) = 4 [pid 5843] <... futex resumed>) = 0 [pid 5841] <... memfd_create resumed>) = 4 [pid 5837] <... futex resumed>) = 1 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] memfd_create("syzkaller", 0 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... close resumed>) = 0 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... mmap resumed>) = 0x7fb775000000 [pid 5843] <... memfd_create resumed>) = 4 [pid 5841] <... mmap resumed>) = 0x7fb775000000 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... futex resumed>) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] <... mmap resumed>) = 0x7fb775000000 [pid 5840] memfd_create("syzkaller", 0) = 4 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5842] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5844] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5841] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5840] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5842] <... write resumed>) = 16777216 [pid 5842] munmap(0x7fb775000000, 138412032) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 5842] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5842] ioctl(5, LOOP_CLR_FD) = 0 [pid 5842] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5842] close(5) = 0 [pid 5842] close(4 [pid 5841] <... write resumed>) = 16777216 [pid 5844] <... write resumed>) = 16777216 [pid 5843] <... write resumed>) = 16777216 [pid 5844] munmap(0x7fb775000000, 138412032 [pid 5843] munmap(0x7fb775000000, 138412032 [pid 5841] munmap(0x7fb775000000, 138412032 [pid 5840] <... write resumed>) = 16777216 [pid 5840] munmap(0x7fb775000000, 138412032 [pid 5841] <... munmap resumed>) = 0 [pid 5844] <... munmap resumed>) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 5844] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5844] ioctl(5, LOOP_CLR_FD) = 0 [pid 5843] <... munmap resumed>) = 0 [pid 5844] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5840] <... munmap resumed>) = 0 [pid 5844] close(5) = 0 [pid 5844] close(4 [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5843] <... openat resumed>) = 5 [pid 5843] ioctl(5, LOOP_SET_FD, 4 [pid 5841] <... openat resumed>) = 5 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] ioctl(5, LOOP_SET_FD, 4 [pid 5840] <... openat resumed>) = 5 [pid 5843] ioctl(5, LOOP_CLR_FD [pid 5841] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] ioctl(5, LOOP_SET_FD, 4 [pid 5843] <... ioctl resumed>) = 0 [pid 5841] ioctl(5, LOOP_CLR_FD) = 0 [pid 5840] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] ioctl(5, LOOP_CLR_FD) = 0 [pid 5843] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5843] close(5 [pid 5841] ioctl(5, LOOP_SET_FD, 4 [pid 5840] ioctl(5, LOOP_SET_FD, 4 [pid 5843] <... close resumed>) = 0 [pid 5841] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] close(4 [pid 5841] close(5 [pid 5840] close(5 [pid 5841] <... close resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5841] close(4 [pid 5840] close(4 [pid 5842] <... close resumed>) = 0 [pid 5842] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5842] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5842] rename("./file1", "./file0/file0" [pid 5834] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 5834] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 5935 attached => {parent_tid=[5935]}, 88) = 5935 [pid 5935] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... rseq resumed>) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] set_robust_list(0x7fb77d5e09a0, 24 [pid 5834] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] mkdir(".", 0777) = -1 EEXIST (File exists) [ 61.053649][ T5935] ======================================================= [ 61.053649][ T5935] WARNING: The mand mount option has been deprecated and [ 61.053649][ T5935] and is ignored by this kernel. Remove the mand [ 61.053649][ T5935] option from the mount to silence this warning. [ 61.053649][ T5935] ======================================================= [pid 5935] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5842] <... rename resumed>) = 0 [pid 5842] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... close resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... close resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... close resumed>) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5841] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 1 [pid 5841] <... futex resumed>) = 1 [pid 5840] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] rename("./file1", "./file0/file0" [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5840] rename("./file1", "./file0/file0" [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5844] rename("./file1", "./file0/file0" [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... rename resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... rename resumed>) = 0 [pid 5840] mkdir(".", 0777 [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5844] <... futex resumed>) = 1 [pid 5840] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5838] <... futex resumed>) = 0 [ 61.312027][ T5935] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5843] <... futex resumed>) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 0 [pid 5836] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] mkdir(".", 0777 [pid 5843] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... rename resumed>) = 0 [pid 5838] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... mmap resumed>) = 0x7fb77d5c0000 [pid 5836] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 5844] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5841] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5844] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5841] <... futex resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] rename("./file1", "./file0/file0" [pid 5836] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5939 attached ) = 0 [pid 5836] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [ 61.368343][ T5935] BTRFS info (device loop1 state M): setting nodatasum [ 61.404569][ T5935] BTRFS info (device loop1 state M): setting nodatasum [pid 5939] set_robust_list(0x7fb77d5e09a0, 24 [pid 5843] <... rename resumed>) = 0 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5939] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5843] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] <... futex resumed>) = 0 [pid 5939] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5837] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5843] mkdir(".", 0777 [pid 5837] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] <... mkdir resumed>) = -1 EEXIST (File exists) [ 61.406335][ T5840] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 61.428768][ T5844] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 61.446145][ T5935] BTRFS info (device loop1 state M): turning off barriers [ 61.464680][ T5840] BTRFS info (device loop0 state M): setting nodatasum [ 61.483500][ T5939] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 61.495407][ T5843] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 61.501756][ T5844] BTRFS info (device loop4 state M): setting nodatasum [ 61.506650][ T5843] BTRFS info (device loop2 state M): setting nodatasum [ 61.515878][ T5935] BTRFS info (device loop1 state M): turning on flush-on-commit [ 61.520443][ T5843] BTRFS info (device loop2 state M): setting nodatasum [ 61.531898][ T5840] BTRFS info (device loop0 state M): setting nodatasum [ 61.535070][ T5843] BTRFS info (device loop2 state M): turning off barriers [ 61.549107][ T5843] BTRFS info (device loop2 state M): turning on flush-on-commit [ 61.557083][ T5843] BTRFS info (device loop2 state M): force clearing of disk cache [ 61.565207][ T5843] BTRFS info (device loop2 state M): doing ref verification [ 61.571751][ T5939] BTRFS info (device loop3 state M): setting nodatasum [ 61.572760][ T5843] BTRFS info (device loop2 state M): max_inline set to 26856 [ 61.579337][ T5939] BTRFS info (device loop3 state M): setting nodatasum [ 61.593618][ T5844] BTRFS info (device loop4 state M): setting nodatasum [ 61.600535][ T5844] BTRFS info (device loop4 state M): turning off barriers [ 61.608170][ T5935] BTRFS info (device loop1 state M): force clearing of disk cache [pid 5843] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5935] <... mount resumed>) = 0 [pid 5935] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5843] <... mount resumed>) = 0 [pid 5935] <... openat resumed>) = 4 [ 61.616180][ T5840] BTRFS info (device loop0 state M): turning off barriers [ 61.623348][ T5935] BTRFS info (device loop1 state M): doing ref verification [ 61.623371][ T5935] BTRFS info (device loop1 state M): max_inline set to 26856 [ 61.630752][ T5844] BTRFS info (device loop4 state M): turning on flush-on-commit [ 61.647309][ T5844] BTRFS info (device loop4 state M): force clearing of disk cache [ 61.656093][ T5844] BTRFS info (device loop4 state M): doing ref verification [pid 5843] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5935] chdir("." [pid 5844] <... mount resumed>) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5843] chdir("." [pid 5935] <... chdir resumed>) = 0 [pid 5935] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5843] <... chdir resumed>) = 0 [pid 5843] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 1 [pid 5844] <... openat resumed>) = 4 [pid 5843] <... futex resumed>) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 0 [pid 5837] exit_group(0) = ? [ 61.664699][ T5844] BTRFS info (device loop4 state M): max_inline set to 26856 [ 61.672531][ T5939] BTRFS info (device loop3 state M): turning off barriers [ 61.679743][ T5939] BTRFS info (device loop3 state M): turning on flush-on-commit [ 61.688134][ T5939] BTRFS info (device loop3 state M): force clearing of disk cache [ 61.696992][ T5939] BTRFS info (device loop3 state M): doing ref verification [ 61.710749][ T5939] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5939] <... mount resumed>) = 0 [pid 5935] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] chdir("." [pid 5834] exit_group(0 [pid 5843] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ [pid 5844] <... chdir resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=67 /* 0.67 s */} --- [pid 5834] <... exit_group resumed>) = ? [pid 5844] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = ? [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5935] <... futex resumed>) = ? [pid 5844] <... futex resumed>) = 1 [pid 5842] +++ exited with 0 +++ [pid 5838] <... futex resumed>) = 0 [pid 5844] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] exit_group(0) = ? [pid 5935] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ [pid 5844] <... futex resumed>) = ? [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=58 /* 0.58 s */} --- [pid 5844] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5939] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=63 /* 0.63 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5939] <... openat resumed>) = 4 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5939] chdir("." [pid 5833] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./0/binderfs" [pid 5939] <... chdir resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5939] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] newfstatat(3, "", [pid 5830] newfstatat(3, "", [pid 5939] <... futex resumed>) = 1 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5939] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5836] exit_group(0) = ? [pid 5841] <... futex resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5939] <... futex resumed>) = ? [pid 5830] getdents64(3, [pid 5939] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=59 /* 0.59 s */} --- [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] getdents64(3, [pid 5830] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [ 61.719637][ T5840] BTRFS info (device loop0 state M): turning on flush-on-commit [ 61.739235][ T5840] BTRFS info (device loop0 state M): force clearing of disk cache [ 61.750100][ T5840] BTRFS info (device loop0 state M): doing ref verification [ 61.759830][ T5833] BTRFS info (device loop4): last unmount of filesystem a5245226-b64c-4476-96df-990dcd9865c9 [pid 5830] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5831] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./0/binderfs") = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./0/binderfs" [pid 5840] <... mount resumed>) = 0 [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5830] <... unlink resumed>) = 0 [pid 5840] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./0/binderfs" [pid 5840] <... openat resumed>) = 4 [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] chdir(".") = 0 [pid 5840] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5840] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] exit_group(0) = ? [pid 5840] <... futex resumed>) = ? [pid 5840] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=73 /* 0.73 s */} --- [pid 5829] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 61.784349][ T5840] BTRFS info (device loop0 state M): max_inline set to 26856 [ 61.796197][ T5832] BTRFS info (device loop3): last unmount of filesystem 505686f1-4367-4c0b-b8d7-621d03f6ac7a [ 61.810198][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 61.821359][ T5831] BTRFS info (device loop2): last unmount of filesystem eba9269b-305b-4bf3-b40a-abc74c12b92d [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./0/binderfs") = 0 [ 61.899781][ T5829] BTRFS info (device loop0): last unmount of filesystem b2939d16-c039-4d41-b819-37fdd6959c81 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./0/file0") = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./0" [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./0/file0", [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] newfstatat(AT_FDCWD, "./0/file0", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./0/file0", [pid 5830] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, [pid 5833] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 4 [pid 5830] getdents64(4, [pid 5833] newfstatat(4, "", [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./0/file0" [pid 5833] getdents64(4, [pid 5832] newfstatat(4, "", [pid 5830] <... rmdir resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5833] getdents64(4, [pid 5832] getdents64(4, [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] mkdir("./1", 0777 [pid 5833] close(4 [pid 5831] <... mkdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./0/file0") = 0 [pid 5832] getdents64(4, [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] getdents64(3, [pid 5833] getdents64(3, [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] close(3 [pid 5833] close(3 [pid 5832] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] rmdir("./0/file0" [pid 5830] rmdir("./0" [pid 5833] rmdir("./0" [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] getdents64(3, [pid 5830] mkdir("./1", 0777 [pid 5833] mkdir("./1", 0777 [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5940 attached [pid 5833] <... mkdir resumed>) = 0 [pid 5832] close(3 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 5940 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./0") = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] mkdir("./1", 0777 [pid 5940] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] close(3 [pid 5833] close(3 [pid 5830] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5940] <... set_robust_list resumed>) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5941 attached [pid 5832] close(3) = 0 [pid 5942] set_robust_list(0x55558bffa6a0, 24 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5943 attached [pid 5941] set_robust_list(0x55558bffa6a0, 24 [pid 5940] chdir("./1" [pid 5943] set_robust_list(0x55558bffa6a0, 24 [pid 5942] <... set_robust_list resumed>) = 0 [pid 5941] <... set_robust_list resumed>) = 0 [pid 5940] <... chdir resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 5942 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 5941 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5941] chdir("./1" [pid 5940] <... prctl resumed>) = 0 [pid 5940] setpgid(0, 0 [pid 5941] <... chdir resumed>) = 0 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] chdir("./1") = 0 [pid 5943] chdir("./1") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5940] <... setpgid resumed>) = 0 [pid 5942] <... prctl resumed>) = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 5943 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5942] setpgid(0, 0 [pid 5943] <... prctl resumed>) = 0 [pid 5941] <... prctl resumed>) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] setpgid(0, 0 [pid 5942] <... setpgid resumed>) = 0 [pid 5943] <... setpgid resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5941] setpgid(0, 0 [pid 5940] <... openat resumed>) = 3 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5942] <... openat resumed>) = 3 [pid 5941] <... setpgid resumed>) = 0 [pid 5943] <... openat resumed>) = 3 [pid 5940] write(3, "1000", 4 [pid 5943] write(3, "1000", 4) = 4 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5940] <... write resumed>) = 4 [pid 5943] close(3) = 0 [pid 5941] <... openat resumed>) = 3 [pid 5940] close(3 [pid 5941] write(3, "1000", 4 [pid 5942] write(3, "1000", 4 [pid 5941] <... write resumed>) = 4 [pid 5940] <... close resumed>) = 0 [pid 5941] close(3 [pid 5940] symlink("/dev/binderfs", "./binderfs" [pid 5941] <... close resumed>) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... write resumed>) = 4 [pid 5942] close(3 [pid 5941] symlink("/dev/binderfs", "./binderfs" [pid 5940] <... symlink resumed>) = 0 executing program executing program [pid 5943] <... symlink resumed>) = 0 [pid 5942] <... close resumed>) = 0 [pid 5941] <... symlink resumed>) = 0 [pid 5940] write(1, "executing program\n", 18 [pid 5941] write(1, "executing program\n", 18 [pid 5940] <... write resumed>) = 18 [pid 5941] <... write resumed>) = 18 [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] symlink("/dev/binderfs", "./binderfs" [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = 0 [pid 5942] <... symlink resumed>) = 0 [pid 5940] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, executing program [pid 5943] write(1, "executing program\n", 18executing program [pid 5940] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5943] <... write resumed>) = 18 [pid 5942] write(1, "executing program\n", 18 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... write resumed>) = 18 [pid 5940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5943] <... futex resumed>) = 0 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5942] <... futex resumed>) = 0 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5942] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5940] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5940] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] <... mprotect resumed>) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5942] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5943] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5942] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5943] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5942] <... mprotect resumed>) = 0 [pid 5943] <... mprotect resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5942] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5943] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 5944 attached [pid 5943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5940] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5945 attached [pid 5941] <... futex resumed>) = 0 [pid 5944] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5944]}, 88) = 5944 [pid 5944] <... rseq resumed>) = 0 [pid 5943] <... clone3 resumed> => {parent_tid=[5945]}, 88) = 5945 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5944] set_robust_list(0x7fb77d6019a0, 24 [pid 5941] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5940] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] memfd_create("syzkaller", 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... futex resumed>) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5944] <... memfd_create resumed>) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5941] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5945] <... rseq resumed>) = 0 [pid 5941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5945] set_robust_list(0x7fb77d6019a0, 24 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] <... mmap resumed>) = 0x7fb77d5e1000 ./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5945] memfd_create("syzkaller", 0 [pid 5941] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5940] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5946] <... rseq resumed>) = 0 [pid 5941] <... mprotect resumed>) = 0 [pid 5945] <... memfd_create resumed>) = 3 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] set_robust_list(0x7fb77d6019a0, 24 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... mmap resumed>) = 0x7fb775000000 [pid 5941] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5947 attached [pid 5946] memfd_create("syzkaller", 0 [pid 5947] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5941] <... clone3 resumed> => {parent_tid=[5947]}, 88) = 5947 [pid 5947] <... rseq resumed>) = 0 [pid 5946] <... memfd_create resumed>) = 3 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5947] set_robust_list(0x7fb77d6019a0, 24 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... futex resumed>) = 0 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5947] memfd_create("syzkaller", 0 [pid 5829] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5947] <... memfd_create resumed>) = 3 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] getdents64(4, [pid 5947] <... mmap resumed>) = 0x7fb775000000 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./0/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./0") = 0 [pid 5829] mkdir("./1", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 5948 ./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5948] chdir("./1") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] write(1, "executing program\n", 18) = 18 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 5948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 5948] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 5949 attached => {parent_tid=[5949]}, 88) = 5949 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 5949] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5946] <... write resumed>) = 16777216 [pid 5946] munmap(0x7fb775000000, 138412032 [pid 5944] <... write resumed>) = 16777216 [pid 5946] <... munmap resumed>) = 0 [pid 5945] <... write resumed>) = 16777216 [pid 5944] munmap(0x7fb775000000, 138412032 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5944] <... munmap resumed>) = 0 [pid 5949] <... write resumed>) = 16777216 [pid 5946] <... openat resumed>) = 4 [pid 5945] munmap(0x7fb775000000, 138412032 [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5944] <... openat resumed>) = 4 [pid 5949] munmap(0x7fb775000000, 138412032 [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5946] <... ioctl resumed>) = 0 [pid 5947] <... write resumed>) = 16777216 [pid 5945] <... munmap resumed>) = 0 [pid 5944] <... ioctl resumed>) = 0 [pid 5949] <... munmap resumed>) = 0 [pid 5947] munmap(0x7fb775000000, 138412032 [pid 5946] close(3 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5944] close(3 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5946] <... close resumed>) = 0 [pid 5945] <... openat resumed>) = 4 [pid 5944] <... close resumed>) = 0 [pid 5949] <... openat resumed>) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5944] close(4 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5946] close(4) = 0 [pid 5944] <... close resumed>) = 0 [pid 5944] mkdir("./file0", 0777) = 0 [ 63.036035][ T5946] loop2: detected capacity change from 0 to 32768 [ 63.043701][ T5944] loop4: detected capacity change from 0 to 32768 [ 63.058609][ T5945] loop3: detected capacity change from 0 to 32768 [ 63.065725][ T5949] loop0: detected capacity change from 0 to 32768 [pid 5944] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5945] <... ioctl resumed>) = 0 [pid 5949] <... ioctl resumed>) = 0 [pid 5947] <... munmap resumed>) = 0 [pid 5946] mkdir("./file0", 0777 [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5945] close(3 [pid 5947] <... openat resumed>) = 4 [pid 5945] <... close resumed>) = 0 [pid 5947] ioctl(4, LOOP_SET_FD, 3 [pid 5945] close(4 [pid 5949] close(3 [pid 5946] <... mkdir resumed>) = 0 [pid 5945] <... close resumed>) = 0 [pid 5949] <... close resumed>) = 0 [pid 5945] mkdir("./file0", 0777 [pid 5949] close(4 [pid 5945] <... mkdir resumed>) = 0 [pid 5946] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5949] <... close resumed>) = 0 [pid 5945] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5949] mkdir("./file0", 0777) = 0 [pid 5949] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5947] <... ioctl resumed>) = 0 [pid 5947] close(3) = 0 [pid 5947] close(4) = 0 [pid 5947] mkdir("./file0", 0777) = 0 [ 63.075831][ T5944] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (5944) [ 63.093296][ T5947] loop1: detected capacity change from 0 to 32768 [ 63.112991][ T5945] BTRFS: device /dev/loop3 (7:3) using temp-fsid c2114a83-e7d6-483c-acce-85b519638f12 [ 63.127048][ T5944] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.127402][ T5945] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (5945) [ 63.150811][ T5944] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 63.164966][ T5946] BTRFS: device /dev/loop2 (7:2) using temp-fsid df24d4d1-166a-4b76-b073-c7fe267752b9 [ 63.175988][ T5945] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.187819][ T5944] BTRFS info (device loop4): using free-space-tree [ 63.195093][ T5946] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (5946) [ 63.211249][ T5945] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 63.221284][ T5945] BTRFS info (device loop3): using free-space-tree [ 63.229456][ T5946] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.233944][ T5949] BTRFS: device /dev/loop0 (7:0) using temp-fsid a510a99e-7a66-4216-8020-332ea989bdc2 [ 63.240894][ T5946] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 63.251355][ T5949] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (5949) [ 63.260129][ T5946] BTRFS info (device loop2): using free-space-tree [ 63.279497][ T5947] BTRFS: device /dev/loop1 (7:1) using temp-fsid 5adf2d01-46cc-40d0-876a-a348388c17a2 [ 63.295222][ T5947] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (5947) [ 63.308731][ T5949] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.320669][ T5949] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 63.333537][ T5947] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 63.351669][ T5949] BTRFS info (device loop0): using free-space-tree [ 63.360885][ T5947] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 63.387044][ T5947] BTRFS info (device loop1): using free-space-tree [pid 5947] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5944] <... mount resumed>) = 0 [pid 5944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5944] chdir("./file0") = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5944] ioctl(4, LOOP_CLR_FD) = 0 [pid 5944] close(4) = 0 [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5944] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5944] memfd_create("syzkaller", 0 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5944] <... memfd_create resumed>) = 4 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5945] <... mount resumed>) = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file0") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_CLR_FD) = 0 [pid 5945] close(4) = 0 [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5945] memfd_create("syzkaller", 0) = 4 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... mount resumed>) = 0 [pid 5946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./file0") = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_CLR_FD) = 0 [pid 5946] close(4) = 0 [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 1 [pid 5946] memfd_create("syzkaller", 0 [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... memfd_create resumed>) = 4 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5949] <... mount resumed>) = 0 [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file0") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_CLR_FD) = 0 [pid 5949] close(4) = 0 [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] memfd_create("syzkaller", 0 [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... memfd_create resumed>) = 4 [pid 5948] <... futex resumed>) = 0 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... mmap resumed>) = 0x7fb775000000 [pid 5945] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5947] <... mount resumed>) = 0 [pid 5947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5947] chdir("./file0") = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_CLR_FD) = 0 [pid 5947] close(4) = 0 [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5947] memfd_create("syzkaller", 0 [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5947] <... memfd_create resumed>) = 4 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5946] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5944] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5949] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5947] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5946] <... write resumed>) = 16777216 [pid 5946] munmap(0x7fb775000000, 138412032) = 0 [pid 5944] <... write resumed>) = 16777216 [pid 5945] <... write resumed>) = 16777216 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5944] munmap(0x7fb775000000, 138412032 [pid 5946] <... openat resumed>) = 5 [pid 5945] munmap(0x7fb775000000, 138412032 [pid 5946] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5946] ioctl(5, LOOP_CLR_FD) = 0 [pid 5945] <... munmap resumed>) = 0 [pid 5946] ioctl(5, LOOP_SET_FD, 4 [pid 5944] <... munmap resumed>) = 0 [pid 5946] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5946] close(5 [pid 5944] <... openat resumed>) = 5 [pid 5945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5944] ioctl(5, LOOP_SET_FD, 4 [pid 5946] <... close resumed>) = 0 [pid 5946] close(4 [pid 5945] <... openat resumed>) = 5 [pid 5944] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5945] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5945] ioctl(5, LOOP_CLR_FD) = 0 [pid 5944] ioctl(5, LOOP_CLR_FD) = 0 [pid 5945] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5945] close(5) = 0 [pid 5944] ioctl(5, LOOP_SET_FD, 4 [pid 5945] close(4 [pid 5944] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5944] close(5) = 0 [pid 5944] close(4 [pid 5947] <... write resumed>) = 16777216 [pid 5949] <... write resumed>) = 16777216 [pid 5946] <... close resumed>) = 0 [pid 5947] munmap(0x7fb775000000, 138412032 [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... munmap resumed>) = 0 [pid 5949] munmap(0x7fb775000000, 138412032 [pid 5945] <... close resumed>) = 0 [pid 5944] <... close resumed>) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 1 [pid 5946] rename("./file1", "./file0/file0" [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5947] ioctl(5, LOOP_SET_FD, 4 [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] rename("./file1", "./file0/file0" [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5946] <... rename resumed>) = 0 [pid 5945] rename("./file1", "./file0/file0" [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5947] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] ioctl(5, LOOP_CLR_FD [pid 5946] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... ioctl resumed>) = 0 [pid 5946] mkdir(".", 0777 [pid 5940] <... futex resumed>) = 0 [pid 5946] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5946] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5940] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5947] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5947] close(5) = 0 [pid 5947] close(4 [pid 5949] <... munmap resumed>) = 0 [pid 5945] <... rename resumed>) = 0 [pid 5944] <... rename resumed>) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5943] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5945] mkdir(".", 0777 [pid 5943] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] <... futex resumed>) = 0 [pid 5942] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] mkdir(".", 0777 [pid 5942] <... futex resumed>) = 0 [pid 5944] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5942] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... openat resumed>) = 5 [pid 5945] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5944] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5945] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5949] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5949] ioctl(5, LOOP_CLR_FD) = 0 [ 64.750117][ T5946] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5949] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 64.803451][ T5946] BTRFS info (device loop2 state M): setting nodatasum [ 64.815493][ T5945] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 64.839603][ T5946] BTRFS info (device loop2 state M): setting nodatasum [pid 5949] close(5) = 0 [ 64.851242][ T5944] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 64.871612][ T5945] BTRFS info (device loop3 state M): setting nodatasum [ 64.878576][ T5945] BTRFS info (device loop3 state M): setting nodatasum [ 64.890355][ T5946] BTRFS info (device loop2 state M): turning off barriers [ 64.920156][ T5944] BTRFS info (device loop4 state M): setting nodatasum [ 64.939511][ T5946] BTRFS info (device loop2 state M): turning on flush-on-commit [ 64.939535][ T5945] BTRFS info (device loop3 state M): turning off barriers [ 64.962107][ T5944] BTRFS info (device loop4 state M): setting nodatasum [ 64.983744][ T5946] BTRFS info (device loop2 state M): force clearing of disk cache [ 65.002111][ T5944] BTRFS info (device loop4 state M): turning off barriers [ 65.023072][ T5945] BTRFS info (device loop3 state M): turning on flush-on-commit [ 65.030766][ T5945] BTRFS info (device loop3 state M): force clearing of disk cache [ 65.041865][ T5946] BTRFS info (device loop2 state M): doing ref verification [ 65.049196][ T5946] BTRFS info (device loop2 state M): max_inline set to 26856 [ 65.057100][ T5944] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 5949] close(4 [pid 5946] <... mount resumed>) = 0 [pid 5946] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5947] <... close resumed>) = 0 [pid 5946] <... openat resumed>) = 4 [ 65.091596][ T5944] BTRFS info (device loop4 state M): force clearing of disk cache [ 65.096760][ T5945] BTRFS info (device loop3 state M): doing ref verification [ 65.112943][ T5944] BTRFS info (device loop4 state M): doing ref verification [pid 5946] chdir("." [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... chdir resumed>) = 0 [pid 5944] <... mount resumed>) = 0 [pid 5941] <... futex resumed>) = 0 [pid 5947] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5941] <... futex resumed>) = 0 [pid 5947] rename("./file1", "./file0/file0" [pid 5946] <... futex resumed>) = 1 [pid 5944] <... openat resumed>) = 4 [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... futex resumed>) = 0 [pid 5946] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] chdir("." [pid 5940] exit_group(0 [pid 5944] <... chdir resumed>) = 0 [pid 5944] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5949] <... close resumed>) = 0 [pid 5947] <... rename resumed>) = 0 [pid 5946] <... futex resumed>) = ? [pid 5944] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] exit_group(0 [pid 5940] <... exit_group resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5944] <... futex resumed>) = ? [pid 5942] <... exit_group resumed>) = ? [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ [pid 5947] <... futex resumed>) = 1 [pid 5945] <... mount resumed>) = 0 [pid 5942] +++ exited with 0 +++ [pid 5941] <... futex resumed>) = 0 [pid 5947] mkdir(".", 0777 [pid 5945] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5941] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=77 /* 0.77 s */} --- [pid 5947] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5945] <... openat resumed>) = 4 [pid 5941] <... futex resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=59 /* 0.59 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5947] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5945] chdir("." [pid 5941] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] <... chdir resumed>) = 0 [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... restart_syscall resumed>) = 0 [pid 5945] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5945] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] exit_group(0 [pid 5945] <... futex resumed>) = ? [pid 5943] <... exit_group resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5943] +++ exited with 0 +++ [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=64 /* 0.64 s */} --- [ 65.141746][ T5944] BTRFS info (device loop4 state M): max_inline set to 26856 [ 65.149311][ T5945] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5831] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] newfstatat(3, "", [pid 5832] <... openat resumed>) = 3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] newfstatat(3, "", [pid 5833] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(3, [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5833] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5948] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5831] <... openat resumed>) = 3 [pid 5949] rename("./file1", "./file0/file0" [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./1/binderfs" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(3, "", [pid 5833] <... unlink resumed>) = 0 [pid 5832] unlink("./1/binderfs" [pid 5833] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 65.202993][ T5947] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 65.225715][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 65.237556][ T5832] BTRFS info (device loop3): last unmount of filesystem c2114a83-e7d6-483c-acce-85b519638f12 [pid 5831] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./1/binderfs" [pid 5949] <... rename resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5949] <... futex resumed>) = 0 [pid 5949] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5948] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] mkdir(".", 0777) = -1 EEXIST (File exists) [ 65.241849][ T5947] BTRFS info (device loop1 state M): setting nodatasum [ 65.267939][ T5831] BTRFS info (device loop2): last unmount of filesystem df24d4d1-166a-4b76-b073-c7fe267752b9 [ 65.282040][ T5947] BTRFS info (device loop1 state M): setting nodatasum [ 65.289604][ T5947] BTRFS info (device loop1 state M): turning off barriers [ 65.299462][ T5947] BTRFS info (device loop1 state M): turning on flush-on-commit [ 65.338147][ T5947] BTRFS info (device loop1 state M): force clearing of disk cache [ 65.345791][ T5949] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 65.357079][ T5947] BTRFS info (device loop1 state M): doing ref verification [ 65.358261][ T5949] BTRFS info (device loop0 state M): setting nodatasum [pid 5949] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5947] <... mount resumed>) = 0 [pid 5947] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5947] chdir(".") = 0 [pid 5947] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5947] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] exit_group(0 [pid 5947] <... futex resumed>) = ? [pid 5941] <... exit_group resumed>) = ? [pid 5947] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=63 /* 0.63 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./1/binderfs") = 0 [ 65.402022][ T5947] BTRFS info (device loop1 state M): max_inline set to 26856 [ 65.441254][ T5949] BTRFS info (device loop0 state M): setting nodatasum [ 65.472309][ T5830] BTRFS info (device loop1): last unmount of filesystem 5adf2d01-46cc-40d0-876a-a348388c17a2 [ 65.490018][ T5949] BTRFS info (device loop0 state M): turning off barriers [ 65.520631][ T5949] BTRFS info (device loop0 state M): turning on flush-on-commit [ 65.541667][ T5949] BTRFS info (device loop0 state M): force clearing of disk cache [ 65.555424][ T5949] BTRFS info (device loop0 state M): doing ref verification [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] <... mount resumed>) = 0 [pid 5949] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5949] chdir(".") = 0 [pid 5949] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] exit_group(0 [pid 5949] <... futex resumed>) = ? [pid 5948] <... exit_group resumed>) = ? [pid 5949] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=60 /* 0.60 s */} --- [pid 5832] newfstatat(AT_FDCWD, "./1/file0", [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 65.576821][ T5949] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 5832] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(4, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./1/file0", [pid 5829] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./1/file0", [pid 5829] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5831] newfstatat(4, "", [pid 5829] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] getdents64(4, [pid 5829] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5829] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] unlink("./1/binderfs" [pid 5831] rmdir("./1/file0" [pid 5833] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... unlink resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(4 [pid 5831] getdents64(3, [pid 5833] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] newfstatat(4, "", [pid 5832] rmdir("./1/file0" [pid 5831] close(3 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./1/file0") = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] rmdir("./1" [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] close(3 [pid 5833] getdents64(3, [pid 5831] mkdir("./2", 0777 [pid 5832] <... close resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./1" [pid 5833] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] mkdir("./2", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5833] rmdir("./1" [pid 5832] <... mkdir resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] mkdir("./2", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] close(3./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6036] chdir("./2" [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6036 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... close resumed>) = 0 [pid 5832] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6036] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 6037 attached [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6037] set_robust_list(0x55558bffa6a0, 24 [pid 6036] <... openat resumed>) = 3 [pid 6036] write(3, "1000", 4./strace-static-x86_64: Process 6038 attached [pid 6037] <... set_robust_list resumed>) = 0 [pid 6036] <... write resumed>) = 4 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6037 [pid 6037] chdir("./2" [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6038 [pid 6038] set_robust_list(0x55558bffa6a0, 24 [pid 6036] close(3 [pid 6038] <... set_robust_list resumed>) = 0 [pid 6037] <... chdir resumed>) = 0 [pid 6036] <... close resumed>) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs" [pid 6038] chdir("./2" [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6038] <... chdir resumed>) = 0 [pid 6037] <... prctl resumed>) = 0 [pid 6036] <... symlink resumed>) = 0 [ 65.686667][ T5829] BTRFS info (device loop0): last unmount of filesystem a510a99e-7a66-4216-8020-332ea989bdc2 executing program [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6037] setpgid(0, 0 [pid 6038] <... prctl resumed>) = 0 [pid 6037] <... setpgid resumed>) = 0 [pid 6038] setpgid(0, 0 [pid 6036] write(1, "executing program\n", 18) = 18 [pid 6038] <... setpgid resumed>) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6037] <... openat resumed>) = 3 [pid 6036] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6036] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6038] <... openat resumed>) = 3 [pid 6037] write(3, "1000", 4 [pid 6036] <... mprotect resumed>) = 0 [pid 6038] write(3, "1000", 4 [pid 6037] <... write resumed>) = 4 [pid 6038] <... write resumed>) = 4 [pid 6037] close(3 [pid 6038] close(3 [pid 6037] <... close resumed>) = 0 [pid 6038] <... close resumed>) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 6037] symlink("/dev/binderfs", "./binderfs" [pid 6038] <... symlink resumed>) = 0 [pid 6037] <... symlink resumed>) = 0 [pid 6036] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 6038] write(1, "executing program\n", 18 [pid 6036] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6038] <... write resumed>) = 18 [pid 6036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6039 attached [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 0 [pid 6037] write(1, "executing program\n", 18 [pid 6036] <... clone3 resumed> => {parent_tid=[6039]}, 88) = 6039 [pid 6038] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6037] <... write resumed>) = 18 [pid 6039] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6038] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... rseq resumed>) = 0 [pid 6039] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6038] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6037] <... futex resumed>) = 0 [pid 6036] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6039] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6037] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6038] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6039] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6038] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6038] <... mprotect resumed>) = 0 [pid 6037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6036] <... futex resumed>) = 1 [pid 6039] memfd_create("syzkaller", 0 [pid 6038] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6037] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] <... memfd_create resumed>) = 3 [pid 6038] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6037] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6037] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6040 attached [pid 6038] <... clone3 resumed> => {parent_tid=[6040]}, 88) = 6040 [pid 6037] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6041 attached [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6037] <... clone3 resumed> => {parent_tid=[6041]}, 88) = 6041 [pid 6041] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6040] set_robust_list(0x7fb77d6019a0, 24 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] <... rseq resumed>) = 0 [pid 6040] <... set_robust_list resumed>) = 0 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] set_robust_list(0x7fb77d6019a0, 24 [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] <... set_robust_list resumed>) = 0 [pid 6040] memfd_create("syzkaller", 0 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... memfd_create resumed>) = 3 [pid 6041] memfd_create("syzkaller", 0 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6037] <... futex resumed>) = 0 [pid 6041] <... memfd_create resumed>) = 3 [pid 6040] <... mmap resumed>) = 0x7fb775000000 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] <... mmap resumed>) = 0x7fb775000000 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./1/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./1") = 0 [pid 5830] mkdir("./2", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached , child_tidptr=0x55558bffa690) = 6042 [pid 6042] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6042] chdir("./2") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6042] write(1, "executing program\n", 18) = 18 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6042] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6043 attached => {parent_tid=[6043]}, 88) = 6043 [pid 6043] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] <... rseq resumed>) = 0 [pid 6043] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... umount2 resumed>) = 0 [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6043] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6042] <... futex resumed>) = 0 [pid 6043] memfd_create("syzkaller", 0 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6043] <... memfd_create resumed>) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./1/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./1") = 0 [pid 5829] mkdir("./2", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6044 attached , child_tidptr=0x55558bffa690) = 6044 [pid 6044] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6044] chdir("./2") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6044] setpgid(0, 0) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6044] write(3, "1000", 4) = 4 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6044] close(3) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6044] write(1, "executing program\n", 18) = 18 [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6044] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6045 attached => {parent_tid=[6045]}, 88) = 6045 [pid 6045] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6045] <... rseq resumed>) = 0 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] set_robust_list(0x7fb77d6019a0, 24 [pid 6044] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... set_robust_list resumed>) = 0 [pid 6044] <... futex resumed>) = 0 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] memfd_create("syzkaller", 0) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6041] <... write resumed>) = 16777216 [pid 6041] munmap(0x7fb775000000, 138412032) = 0 [pid 6039] <... write resumed>) = 16777216 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6039] munmap(0x7fb775000000, 138412032 [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6039] <... munmap resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3 [pid 6041] <... ioctl resumed>) = 0 [pid 6041] close(3) = 0 [pid 6041] close(4) = 0 [pid 6041] mkdir("./file0", 0777 [pid 6040] <... write resumed>) = 16777216 [pid 6041] <... mkdir resumed>) = 0 [pid 6039] <... ioctl resumed>) = 0 [pid 6041] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6040] munmap(0x7fb775000000, 138412032 [ 66.522214][ T6041] loop2: detected capacity change from 0 to 32768 [ 66.540510][ T6039] loop4: detected capacity change from 0 to 32768 [pid 6039] close(3 [pid 6040] <... munmap resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 6039] close(4) = 0 [pid 6039] mkdir("./file0", 0777) = 0 [pid 6039] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6040] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] close(4) = 0 [pid 6040] mkdir("./file0", 0777) = 0 [ 66.569239][ T6041] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6041) [ 66.587897][ T6040] loop3: detected capacity change from 0 to 32768 [ 66.626344][ T6039] BTRFS: device /dev/loop4 (7:4) using temp-fsid 343c5cb7-5af9-45e2-9dec-9b308a39a81d [ 66.645135][ T6041] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 66.651653][ T6039] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6039) [pid 6040] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6043] <... write resumed>) = 16777216 [pid 6043] munmap(0x7fb775000000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [ 66.659258][ T6041] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 66.678993][ T6041] BTRFS info (device loop2): using free-space-tree [ 66.698958][ T6043] loop1: detected capacity change from 0 to 32768 [ 66.712669][ T6040] BTRFS: device /dev/loop3 (7:3) using temp-fsid 2f57d785-b7b1-42e4-91cb-da64b6afed20 [pid 6043] close(4) = 0 [pid 6043] mkdir("./file0", 0777) = 0 [ 66.724860][ T6039] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 66.726677][ T6040] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6040) [ 66.745628][ T6039] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 66.758663][ T6039] BTRFS info (device loop4): using free-space-tree [ 66.780080][ T6043] BTRFS: device /dev/loop1 (7:1) using temp-fsid 9e3a5318-407d-4353-91d6-b33bb0d6d213 [ 66.801677][ T6043] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6043) [ 66.832205][ T6040] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6043] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6045] <... write resumed>) = 16777216 [ 66.874684][ T6040] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 66.884888][ T6040] BTRFS info (device loop3): using free-space-tree [pid 6045] munmap(0x7fb775000000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6041] <... mount resumed>) = 0 [pid 6045] <... openat resumed>) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3 [pid 6041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./file0") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_CLR_FD) = 0 [ 66.935749][ T6043] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 66.963203][ T6043] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6041] close(4) = 0 [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6041] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6037] <... futex resumed>) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] memfd_create("syzkaller", 0) = 4 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 66.983858][ T6045] loop0: detected capacity change from 0 to 32768 [pid 6045] <... ioctl resumed>) = 0 [pid 6045] close(3) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./file0", 0777) = 0 [ 67.016387][ T6043] BTRFS info (device loop1): using free-space-tree [ 67.068375][ T6045] BTRFS: device /dev/loop0 (7:0) using temp-fsid 75e4e3b4-f012-4034-9b8e-7a7638f82e0a [ 67.122408][ T6045] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6045) [pid 6045] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6039] <... mount resumed>) = 0 [pid 6039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./file0") = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_CLR_FD) = 0 [pid 6039] close(4 [pid 6040] <... mount resumed>) = 0 [pid 6039] <... close resumed>) = 0 [ 67.203116][ T6045] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... openat resumed>) = 3 [pid 6039] <... futex resumed>) = 1 [pid 6040] chdir("./file0" [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... chdir resumed>) = 0 [pid 6039] memfd_create("syzkaller", 0 [pid 6040] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6039] <... memfd_create resumed>) = 4 [pid 6040] <... openat resumed>) = 4 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] ioctl(4, LOOP_CLR_FD [pid 6039] <... mmap resumed>) = 0x7fb775000000 [pid 6043] <... mount resumed>) = 0 [pid 6040] <... ioctl resumed>) = 0 [pid 6043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6040] close(4 [pid 6043] <... openat resumed>) = 3 [pid 6040] <... close resumed>) = 0 [pid 6043] chdir("./file0" [ 67.244502][ T6045] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... chdir resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6040] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6038] <... futex resumed>) = 0 [pid 6040] memfd_create("syzkaller", 0 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... memfd_create resumed>) = 4 [pid 6043] ioctl(4, LOOP_CLR_FD [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6043] <... ioctl resumed>) = 0 [pid 6043] close(4) = 0 [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6043] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6042] <... futex resumed>) = 0 [pid 6043] memfd_create("syzkaller", 0 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... mmap resumed>) = 0x7fb775000000 [pid 6043] <... memfd_create resumed>) = 4 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 67.302973][ T6045] BTRFS info (device loop0): using free-space-tree [pid 6041] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6039] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6040] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6045] <... mount resumed>) = 0 [pid 6045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] chdir("./file0") = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6045] ioctl(4, LOOP_CLR_FD) = 0 [pid 6045] close(4) = 0 [pid 6045] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6044] <... futex resumed>) = 1 [pid 6045] memfd_create("syzkaller", 0 [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6045] <... memfd_create resumed>) = 4 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6043] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6039] <... write resumed>) = 16777216 [pid 6039] munmap(0x7fb775000000, 138412032) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6039] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6039] ioctl(5, LOOP_CLR_FD) = 0 [pid 6039] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6039] close(5) = 0 [pid 6039] close(4 [pid 6045] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6041] <... write resumed>) = 16777216 [pid 6041] munmap(0x7fb775000000, 138412032) = 0 [pid 6039] <... close resumed>) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6041] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6041] ioctl(5, LOOP_CLR_FD) = 0 [pid 6041] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6041] close(5) = 0 [pid 6041] close(4 [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6039] rename("./file1", "./file0/file0" [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... rename resumed>) = 0 [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6039] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6040] <... write resumed>) = 16777216 [pid 6040] munmap(0x7fb775000000, 138412032) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6040] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6040] ioctl(5, LOOP_CLR_FD) = 0 [ 68.202117][ T6039] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 68.228484][ T6039] BTRFS info (device loop4 state M): setting nodatasum [pid 6040] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6040] close(5) = 0 [pid 6040] close(4 [pid 6043] <... write resumed>) = 16777216 [ 68.251007][ T6039] BTRFS info (device loop4 state M): setting nodatasum [ 68.258566][ T6039] BTRFS info (device loop4 state M): turning off barriers [ 68.273797][ T6039] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 6043] munmap(0x7fb775000000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6043] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6043] ioctl(5, LOOP_CLR_FD [pid 6039] <... mount resumed>) = 0 [pid 6043] <... ioctl resumed>) = 0 [pid 6039] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6039] chdir(".") = 0 [pid 6041] <... close resumed>) = 0 [pid 6039] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] ioctl(5, LOOP_SET_FD, 4 [pid 6039] <... futex resumed>) = 1 [pid 6043] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6039] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] <... futex resumed>) = 0 [pid 6043] close(5) = 0 [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6041] rename("./file1", "./file0/file0" [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] close(4 [pid 6036] exit_group(0 [pid 6041] <... rename resumed>) = 0 [pid 6036] <... exit_group resumed>) = ? [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [ 68.311077][ T6039] BTRFS info (device loop4 state M): force clearing of disk cache [ 68.329717][ T6039] BTRFS info (device loop4 state M): doing ref verification [ 68.341695][ T6039] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6041] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6039] <... futex resumed>) = ? [pid 6039] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=65 /* 0.65 s */} --- [pid 5833] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] <... close resumed>) = 0 [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [ 68.425975][ T6041] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5833] newfstatat(AT_FDCWD, "./2/binderfs", [pid 6040] rename("./file1", "./file0/file0" [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] unlink("./2/binderfs") = 0 [ 68.482751][ T6041] BTRFS info (device loop2 state M): setting nodatasum [ 68.489715][ T6041] BTRFS info (device loop2 state M): setting nodatasum [pid 5833] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] <... rename resumed>) = 0 [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6040] mkdir(".", 0777 [pid 6038] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... mkdir resumed>) = -1 EEXIST (File exists) [ 68.529502][ T5833] BTRFS info (device loop4): last unmount of filesystem 343c5cb7-5af9-45e2-9dec-9b308a39a81d [ 68.549115][ T6041] BTRFS info (device loop2 state M): turning off barriers [ 68.561948][ T6041] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6040] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6045] <... write resumed>) = 16777216 [pid 6045] munmap(0x7fb775000000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6045] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6045] ioctl(5, LOOP_CLR_FD) = 0 [pid 6045] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6045] close(5) = 0 [ 68.591013][ T6041] BTRFS info (device loop2 state M): force clearing of disk cache [ 68.620255][ T6041] BTRFS info (device loop2 state M): doing ref verification [ 68.624827][ T6040] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6045] close(4 [pid 6043] <... close resumed>) = 0 [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6043] rename("./file1", "./file0/file0" [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.646383][ T6040] BTRFS info (device loop3 state M): setting nodatasum [ 68.654266][ T6040] BTRFS info (device loop3 state M): setting nodatasum [ 68.661160][ T6040] BTRFS info (device loop3 state M): turning off barriers [ 68.669899][ T6040] BTRFS info (device loop3 state M): turning on flush-on-commit [ 68.670470][ T6041] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... mount resumed>) = 0 [pid 6041] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6041] chdir(".") = 0 [pid 6041] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] <... futex resumed>) = 0 [pid 6037] exit_group(0) = ? [pid 6041] +++ exited with 0 +++ [pid 6037] +++ exited with 0 +++ [pid 6043] <... rename resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=58 /* 0.58 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] mkdir(".", 0777 [pid 6042] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6043] <... mkdir resumed>) = -1 EEXIST (File exists) [ 68.693132][ T6040] BTRFS info (device loop3 state M): force clearing of disk cache [pid 6043] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 68.721234][ T6040] BTRFS info (device loop3 state M): doing ref verification [ 68.758956][ T6040] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5831] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6040] <... mount resumed>) = 0 [ 68.768147][ T6043] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 68.811627][ T6043] BTRFS info (device loop1 state M): setting nodatasum [pid 5831] unlink("./2/binderfs") = 0 [pid 6040] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6040] <... openat resumed>) = 4 [pid 6040] chdir(".") = 0 [ 68.818536][ T6043] BTRFS info (device loop1 state M): setting nodatasum [pid 6040] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6040] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] exit_group(0 [pid 6040] <... futex resumed>) = ? [pid 6038] <... exit_group resumed>) = ? [pid 6040] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=62 /* 0.62 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./2/binderfs") = 0 [ 68.852107][ T6043] BTRFS info (device loop1 state M): turning off barriers [ 68.859593][ T6043] BTRFS info (device loop1 state M): turning on flush-on-commit [ 68.868328][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 68.899226][ T6043] BTRFS info (device loop1 state M): force clearing of disk cache [ 68.909013][ T5832] BTRFS info (device loop3): last unmount of filesystem 2f57d785-b7b1-42e4-91cb-da64b6afed20 [ 68.938062][ T6043] BTRFS info (device loop1 state M): doing ref verification [pid 5832] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6045] <... close resumed>) = 0 [pid 6045] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] rename("./file1", "./file0/file0" [pid 6043] <... mount resumed>) = 0 [pid 6043] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6043] chdir(".") = 0 [pid 6043] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... futex resumed>) = 0 [pid 6042] exit_group(0) = ? [pid 6043] <... futex resumed>) = ? [ 68.961707][ T6043] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6045] <... rename resumed>) = 0 [pid 6044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6043] +++ exited with 0 +++ [pid 6042] +++ exited with 0 +++ [pid 6044] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=64 /* 0.64 s */} --- [pid 6044] <... futex resumed>) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 5830] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6045] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... mprotect resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6045] <... futex resumed>) = 0 [pid 6044] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] <... openat resumed>) = 3 [pid 6045] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] newfstatat(3, "", [pid 6044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6044] <... clone3 resumed> => {parent_tid=[6133]}, 88) = 6133 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6044] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] newfstatat(AT_FDCWD, "./2/binderfs", [pid 6044] <... futex resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6044] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] unlink("./2/binderfs") = 0 [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6133 attached [pid 6133] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6133] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6133] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6133] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.062361][ T5830] BTRFS info (device loop1): last unmount of filesystem 9e3a5318-407d-4353-91d6-b33bb0d6d213 [pid 5833] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./2/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./2") = 0 [pid 5833] mkdir("./3", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6134 attached , child_tidptr=0x55558bffa690) = 6134 [pid 6134] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6134] chdir("./3") = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] setpgid(0, 0) = 0 [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6134] write(3, "1000", 4) = 4 [pid 6134] close(3) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6134] write(1, "executing program\n", 18) = 18 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6134] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6135 attached => {parent_tid=[6135]}, 88) = 6135 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6135] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6135] memfd_create("syzkaller", 0) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 69.131521][ T6133] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 69.221737][ T6133] BTRFS info (device loop0 state M): setting nodatasum [ 69.228877][ T6133] BTRFS info (device loop0 state M): setting nodatasum [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./2/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./2") = 0 [pid 5831] mkdir("./3", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6136 attached [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6136 [pid 6136] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6136] chdir("./3") = 0 [pid 6136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6136] setpgid(0, 0) = 0 [ 69.272176][ T6133] BTRFS info (device loop0 state M): turning off barriers [ 69.279563][ T6133] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6136] write(3, "1000", 4) = 4 [pid 6136] close(3) = 0 [pid 6136] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6136] write(1, "executing program\n", 18) = 18 [pid 5832] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... openat resumed>) = 4 [pid 6136] <... futex resumed>) = 0 [pid 6136] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5832] newfstatat(4, "", [pid 6136] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6136] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6136] <... clone3 resumed> => {parent_tid=[6137]}, 88) = 6137 [pid 6136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6137 attached [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6137] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5832] getdents64(4, [pid 6137] <... rseq resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [ 69.316425][ T6133] BTRFS info (device loop0 state M): force clearing of disk cache [ 69.348505][ T6133] BTRFS info (device loop0 state M): doing ref verification [pid 5832] close(4 [pid 6137] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6133] <... mount resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], [pid 6133] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] rmdir("./2/file0" [pid 6137] memfd_create("syzkaller", 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6137] <... memfd_create resumed>) = 3 [pid 6133] <... openat resumed>) = 4 [pid 5832] getdents64(3, [pid 6137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6133] chdir("." [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6137] <... mmap resumed>) = 0x7fb775000000 [pid 5832] close(3 [pid 6133] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./2" [pid 6133] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6133] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] exit_group(0 [pid 5832] <... rmdir resumed>) = 0 [pid 6045] <... futex resumed>) = ? [pid 6044] <... exit_group resumed>) = ? [pid 6045] +++ exited with 0 +++ [pid 6133] <... futex resumed>) = ? [pid 5832] mkdir("./3", 0777) = 0 [pid 6133] +++ exited with 0 +++ [pid 6044] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=70 /* 0.70 s */} --- [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5829] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.367996][ T6133] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 5829] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(3) = 0 [pid 5829] getdents64(3, [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 6138 attached [pid 5829] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6138 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6138] <... set_robust_list resumed>) = 0 [pid 5829] unlink("./2/binderfs") = 0 [pid 6138] chdir("./3" [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] <... chdir resumed>) = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] write(1, "executing program\n", 18executing program ) = 18 [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6138] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] <... umount2 resumed>) = 0 [ 69.482593][ T5829] BTRFS info (device loop0): last unmount of filesystem 75e4e3b4-f012-4034-9b8e-7a7638f82e0a [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6138] <... clone3 resumed> => {parent_tid=[6139]}, 88) = 6139 [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... openat resumed>) = 4 [pid 6138] <... futex resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6139 attached [pid 5830] getdents64(4, [pid 6139] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6139] <... rseq resumed>) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./2/file0" [pid 6139] set_robust_list(0x7fb77d6019a0, 24 [pid 5830] <... rmdir resumed>) = 0 [pid 6139] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, [pid 6139] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] close(3 [pid 6139] memfd_create("syzkaller", 0 [pid 5830] <... close resumed>) = 0 [pid 6139] <... memfd_create resumed>) = 3 [pid 5830] rmdir("./2" [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./3", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6140 attached [pid 6140] set_robust_list(0x55558bffa6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6140 [pid 6140] <... set_robust_list resumed>) = 0 [pid 6140] chdir("./3") = 0 [pid 6137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6140] setpgid(0, 0) = 0 [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] write(3, "1000", 4) = 4 [pid 6140] close(3) = 0 [pid 6140] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6140] write(1, "executing program\n", 18) = 18 [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6140] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6141]}, 88) = 6141 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6140] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6141 attached [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6141] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6141] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6141] memfd_create("syzkaller", 0) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./2/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./2") = 0 [pid 5829] mkdir("./3", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6142 ./strace-static-x86_64: Process 6142 attached [pid 6142] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6142] chdir("./3") = 0 [pid 6142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6142] setpgid(0, 0) = 0 [pid 6142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6142] write(3, "1000", 4) = 4 [pid 6142] close(3) = 0 [pid 6142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6142] write(1, "executing program\n", 18executing program ) = 18 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6142] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6143 attached => {parent_tid=[6143]}, 88) = 6143 [pid 6142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6143] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6143] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6143] memfd_create("syzkaller", 0 [pid 6135] <... write resumed>) = 16777216 [pid 6143] <... memfd_create resumed>) = 3 [pid 6135] munmap(0x7fb775000000, 138412032 [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6135] <... munmap resumed>) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6135] close(3) = 0 [pid 6135] close(4) = 0 [pid 6135] mkdir("./file0", 0777) = 0 [ 69.894755][ T6135] loop4: detected capacity change from 0 to 32768 [ 69.926583][ T6135] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6135) [pid 6135] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6137] <... write resumed>) = 16777216 [ 69.992961][ T6135] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 70.021885][ T6135] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6137] munmap(0x7fb775000000, 138412032) = 0 [ 70.061650][ T6135] BTRFS info (device loop4): using free-space-tree [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6137] close(3) = 0 [pid 6137] close(4) = 0 [pid 6137] mkdir("./file0", 0777) = 0 [ 70.123348][ T6137] loop2: detected capacity change from 0 to 32768 [pid 6137] mount("/dev/loop2", "./file0", "btrfs", 0, "" [ 70.167094][ T6137] BTRFS: device /dev/loop2 (7:2) using temp-fsid e1ef9c30-3fe3-48fc-aa85-ae732bab97a5 [pid 6143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6139] <... write resumed>) = 16777216 [ 70.222721][ T6137] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6137) [ 70.250953][ T6137] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6139] munmap(0x7fb775000000, 138412032) = 0 [pid 6135] <... mount resumed>) = 0 [pid 6135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6139] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6135] <... openat resumed>) = 3 [pid 6139] <... openat resumed>) = 4 [pid 6135] chdir("./file0" [pid 6139] ioctl(4, LOOP_SET_FD, 3 [pid 6135] <... chdir resumed>) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6139] <... ioctl resumed>) = 0 [pid 6135] <... openat resumed>) = 4 [ 70.311720][ T6137] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 70.320508][ T6137] BTRFS info (device loop2): using free-space-tree [ 70.343601][ T6139] loop3: detected capacity change from 0 to 32768 [pid 6135] ioctl(4, LOOP_CLR_FD) = 0 [pid 6135] close(4) = 0 [pid 6139] close(3) = 0 [pid 6139] close(4) = 0 [pid 6139] mkdir("./file0", 0777) = 0 [pid 6139] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6135] memfd_create("syzkaller", 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] <... memfd_create resumed>) = 4 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 70.370868][ T6139] BTRFS: device /dev/loop3 (7:3) using temp-fsid d246c24b-4097-43c2-a2f8-9369b45247f6 [ 70.432607][ T6139] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6139) [pid 6141] <... write resumed>) = 16777216 [ 70.522696][ T6139] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6141] munmap(0x7fb775000000, 138412032) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6137] <... mount resumed>) = 0 [pid 6135] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6137] chdir("./file0") = 0 [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6137] ioctl(4, LOOP_CLR_FD) = 0 [pid 6137] close(4) = 0 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6137] memfd_create("syzkaller", 0 [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... memfd_create resumed>) = 4 [pid 6136] <... futex resumed>) = 0 [pid 6137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6137] <... mmap resumed>) = 0x7fb775000000 [ 70.573365][ T6141] loop1: detected capacity change from 0 to 32768 [ 70.582655][ T6139] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 70.591500][ T6139] BTRFS info (device loop3): using free-space-tree [pid 6141] close(3) = 0 [pid 6141] close(4) = 0 [pid 6141] mkdir("./file0", 0777) = 0 [ 70.686369][ T6141] BTRFS: device /dev/loop1 (7:1) using temp-fsid 2adef47a-ff37-46cc-967c-6cdf1769d017 [pid 6141] mount("/dev/loop1", "./file0", "btrfs", 0, "" [ 70.744049][ T6141] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6141) [pid 6137] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6143] <... write resumed>) = 16777216 [pid 6139] <... mount resumed>) = 0 [pid 6139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6139] chdir("./file0") = 0 [ 70.806730][ T6141] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6139] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_CLR_FD) = 0 [pid 6139] close(4) = 0 [pid 6143] munmap(0x7fb775000000, 138412032) = 0 [ 70.861818][ T6141] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6143] ioctl(4, LOOP_SET_FD, 3 [pid 6139] <... futex resumed>) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6138] <... futex resumed>) = 0 [pid 6139] memfd_create("syzkaller", 0 [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] <... memfd_create resumed>) = 4 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6143] <... ioctl resumed>) = 0 [pid 6143] close(3) = 0 [pid 6143] close(4) = 0 [pid 6143] mkdir("./file0", 0777) = 0 [ 70.910569][ T6141] BTRFS info (device loop1): using free-space-tree [ 70.919666][ T6143] loop0: detected capacity change from 0 to 32768 [ 70.965176][ T6143] BTRFS: device /dev/loop0 (7:0) using temp-fsid 7cd1524a-bfde-4f5e-bb5e-b0015f952a62 [ 71.001710][ T6143] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6143) [pid 6143] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6137] <... write resumed>) = 16777216 [pid 6137] munmap(0x7fb775000000, 138412032) = 0 [ 71.046653][ T6143] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6141] <... mount resumed>) = 0 [pid 6141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6141] <... openat resumed>) = 3 [pid 6141] chdir("./file0" [pid 6137] <... openat resumed>) = 5 [pid 6137] ioctl(5, LOOP_SET_FD, 4 [pid 6141] <... chdir resumed>) = 0 [pid 6137] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6137] ioctl(5, LOOP_CLR_FD [pid 6141] ioctl(4, LOOP_CLR_FD [pid 6137] <... ioctl resumed>) = 0 [pid 6141] <... ioctl resumed>) = 0 [pid 6137] ioctl(5, LOOP_SET_FD, 4 [pid 6141] close(4 [pid 6137] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6141] <... close resumed>) = 0 [pid 6137] close(5 [pid 6141] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6137] <... close resumed>) = 0 [pid 6141] memfd_create("syzkaller", 0 [pid 6140] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] close(4 [pid 6140] <... futex resumed>) = 0 [ 71.112040][ T6143] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 71.120758][ T6143] BTRFS info (device loop0): using free-space-tree [pid 6141] <... memfd_create resumed>) = 4 [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6139] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6135] <... write resumed>) = 16777216 [pid 6135] munmap(0x7fb775000000, 138412032) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6135] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6135] ioctl(5, LOOP_CLR_FD) = 0 [pid 6135] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6135] close(5) = 0 [pid 6135] close(4 [pid 6137] <... close resumed>) = 0 [pid 6141] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6137] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] rename("./file1", "./file0/file0" [pid 6136] <... futex resumed>) = 0 [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... rename resumed>) = 0 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6136] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6136] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6137] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6143] <... mount resumed>) = 0 [pid 6143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6135] <... close resumed>) = 0 [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] chdir("./file0" [pid 6135] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] rename("./file1", "./file0/file0" [pid 6143] <... chdir resumed>) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6143] ioctl(4, LOOP_CLR_FD) = 0 [pid 6143] close(4) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] <... futex resumed>) = 0 [pid 6142] <... futex resumed>) = 1 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6143] memfd_create("syzkaller", 0) = 4 [ 71.570624][ T6137] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 71.604986][ T6137] BTRFS info (device loop2 state M): setting nodatasum [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6135] <... rename resumed>) = 0 [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] mkdir(".", 0777) = -1 EEXIST (File exists) [ 71.631955][ T6137] BTRFS info (device loop2 state M): setting nodatasum [ 71.660609][ T6137] BTRFS info (device loop2 state M): turning off barriers [ 71.672471][ T6135] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 71.691602][ T6137] BTRFS info (device loop2 state M): turning on flush-on-commit [ 71.712386][ T6137] BTRFS info (device loop2 state M): force clearing of disk cache [ 71.720258][ T6137] BTRFS info (device loop2 state M): doing ref verification [ 71.728689][ T6135] BTRFS info (device loop4 state M): setting nodatasum [ 71.741638][ T6135] BTRFS info (device loop4 state M): setting nodatasum [ 71.761293][ T6135] BTRFS info (device loop4 state M): turning off barriers [ 71.770318][ T6137] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6135] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6137] <... mount resumed>) = 0 [pid 6137] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6137] chdir(".") = 0 [pid 6137] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6137] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6136] exit_group(0 [pid 6137] <... futex resumed>) = ? [pid 6136] <... exit_group resumed>) = ? [pid 6137] +++ exited with 0 +++ [pid 6136] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6136, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=63 /* 0.63 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./3/binderfs") = 0 [ 71.790248][ T6135] BTRFS info (device loop4 state M): turning on flush-on-commit [ 71.808902][ T6135] BTRFS info (device loop4 state M): force clearing of disk cache [ 71.828691][ T5831] BTRFS info (device loop2): last unmount of filesystem e1ef9c30-3fe3-48fc-aa85-ae732bab97a5 [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6139] <... write resumed>) = 16777216 [pid 6139] munmap(0x7fb775000000, 138412032) = 0 [pid 6135] <... mount resumed>) = 0 [pid 6135] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6135] chdir(".") = 0 [pid 6135] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] exit_group(0 [pid 6135] <... futex resumed>) = ? [pid 6134] <... exit_group resumed>) = ? [pid 6135] +++ exited with 0 +++ [pid 6134] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=63 /* 0.63 s */} --- [ 71.853023][ T6135] BTRFS info (device loop4 state M): doing ref verification [ 71.860366][ T6135] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 5833] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./3/binderfs") = 0 [pid 5833] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6139] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6139] ioctl(5, LOOP_CLR_FD) = 0 [pid 6139] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6139] close(5) = 0 [ 71.941312][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6139] close(4 [pid 6143] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6141] <... write resumed>) = 16777216 [pid 6141] munmap(0x7fb775000000, 138412032) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6141] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6141] ioctl(5, LOOP_CLR_FD) = 0 [pid 6141] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6141] close(5) = 0 [pid 6141] close(4 [pid 6139] <... close resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6139] rename("./file1", "./file0/file0" [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... rename resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6139] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./3/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./3") = 0 [pid 5831] mkdir("./4", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6229 ./strace-static-x86_64: Process 6229 attached [pid 6229] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6229] chdir("./4") = 0 [pid 6229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6229] setpgid(0, 0) = 0 [pid 6229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6229] write(3, "1000", 4) = 4 [pid 6229] close(3) = 0 [pid 6229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6229] write(1, "executing program\n", 18executing program [ 72.284153][ T6139] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW ) = 18 [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6229] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6230 attached => {parent_tid=[6230]}, 88) = 6230 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], [pid 6230] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.341716][ T6139] BTRFS info (device loop3 state M): setting nodatasum [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6230] <... rseq resumed>) = 0 [pid 6230] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/file0", [pid 6230] memfd_create("syzkaller", 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6141] <... close resumed>) = 0 [pid 5833] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6230] <... memfd_create resumed>) = 3 [pid 6230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6141] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 6230] <... mmap resumed>) = 0x7fb775000000 [pid 6141] <... futex resumed>) = 1 [pid 6140] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 6140] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rmdir("./3/file0") = 0 [pid 6141] rename("./file1", "./file0/file0" [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./3") = 0 [pid 5833] mkdir("./4", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [ 72.387946][ T6139] BTRFS info (device loop3 state M): setting nodatasum [ 72.412884][ T6139] BTRFS info (device loop3 state M): turning off barriers [ 72.420062][ T6139] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6231 attached [pid 6231] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6231 [pid 6231] <... set_robust_list resumed>) = 0 [pid 6231] chdir("./4") = 0 [pid 6231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6231] setpgid(0, 0) = 0 [pid 6231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6140] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6231] write(3, "1000", 4 [pid 6140] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6231] <... write resumed>) = 4 [pid 6231] close(3) = 0 [pid 6231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6231] write(1, "executing program\n", 18 [pid 6140] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 6231] <... write resumed>) = 18 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] <... mprotect resumed>) = 0 [pid 6231] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6141] <... rename resumed>) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 6232 attached [pid 6231] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6231] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6140] <... clone3 resumed> => {parent_tid=[6232]}, 88) = 6232 [pid 6232] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6232] <... rseq resumed>) = 0 [pid 6231] <... mprotect resumed>) = 0 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6232] set_robust_list(0x7fb77d5e09a0, 24 [pid 6231] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6140] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... set_robust_list resumed>) = 0 [pid 6231] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6143] <... write resumed>) = 16777216 [pid 6141] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], [pid 6231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6140] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6233 attached [pid 6232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] <... futex resumed>) = 0 [pid 6231] <... clone3 resumed> => {parent_tid=[6233]}, 88) = 6233 [pid 6232] mkdir(".", 0777 [pid 6141] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6232] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6233] <... rseq resumed>) = 0 [pid 6231] rt_sigprocmask(SIG_SETMASK, [], [pid 6143] munmap(0x7fb775000000, 138412032 [pid 6233] set_robust_list(0x7fb77d6019a0, 24 [pid 6232] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6139] <... mount resumed>) = 0 [pid 6233] <... set_robust_list resumed>) = 0 [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6233] rt_sigprocmask(SIG_SETMASK, [], [pid 6231] <... futex resumed>) = 0 [pid 6139] <... openat resumed>) = 4 [pid 6233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] memfd_create("syzkaller", 0 [pid 6139] chdir("." [pid 6233] <... memfd_create resumed>) = 3 [pid 6139] <... chdir resumed>) = 0 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 72.487022][ T6139] BTRFS info (device loop3 state M): force clearing of disk cache [ 72.517343][ T6139] BTRFS info (device loop3 state M): doing ref verification [ 72.526607][ T6139] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6139] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] exit_group(0 [pid 6139] <... futex resumed>) = ? [pid 6138] <... exit_group resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6138] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=58 /* 0.58 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./3/binderfs") = 0 [pid 5832] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6143] <... munmap resumed>) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 72.564762][ T6232] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 72.583098][ T5832] BTRFS info (device loop3): last unmount of filesystem d246c24b-4097-43c2-a2f8-9369b45247f6 [ 72.598615][ T6232] BTRFS info (device loop1 state M): setting nodatasum [pid 6143] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6143] ioctl(5, LOOP_CLR_FD) = 0 [pid 6143] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 72.617804][ T6232] BTRFS info (device loop1 state M): setting nodatasum [ 72.632000][ T6232] BTRFS info (device loop1 state M): turning off barriers [pid 6143] close(5) = 0 [ 72.662184][ T6232] BTRFS info (device loop1 state M): turning on flush-on-commit [ 72.669899][ T6232] BTRFS info (device loop1 state M): force clearing of disk cache [pid 6143] close(4 [pid 6230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6232] <... mount resumed>) = 0 [ 72.708878][ T6232] BTRFS info (device loop1 state M): doing ref verification [ 72.722234][ T6232] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6232] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6232] chdir(".") = 0 [pid 6232] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6232] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] exit_group(0 [pid 6232] <... futex resumed>) = ? [pid 6141] <... futex resumed>) = ? [pid 6140] <... exit_group resumed>) = ? [pid 6232] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=66 /* 0.66 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./3/binderfs") = 0 [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 72.866363][ T5830] BTRFS info (device loop1): last unmount of filesystem 2adef47a-ff37-46cc-967c-6cdf1769d017 [pid 6233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6143] <... close resumed>) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] <... futex resumed>) = 0 [pid 6143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] rename("./file1", "./file0/file0" [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 6143] <... rename resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] close(4 [pid 6143] <... futex resumed>) = 0 [pid 6142] <... futex resumed>) = 1 [pid 5832] <... close resumed>) = 0 [pid 6143] mkdir(".", 0777 [pid 6142] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6143] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5832] rmdir("./3/file0" [pid 6143] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5832] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./3") = 0 [ 73.013627][ T6143] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 5832] mkdir("./4", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [ 73.064204][ T6143] BTRFS info (device loop0 state M): setting nodatasum [ 73.071116][ T6143] BTRFS info (device loop0 state M): setting nodatasum [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6235 attached [pid 6235] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6235 [pid 6235] <... set_robust_list resumed>) = 0 [pid 6235] chdir("./4") = 0 [pid 6235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 73.107899][ T6143] BTRFS info (device loop0 state M): turning off barriers [ 73.136479][ T6143] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6235] setpgid(0, 0) = 0 [pid 6235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6235] write(3, "1000", 4) = 4 [pid 6235] close(3) = 0 [pid 6235] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6143] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6235] write(1, "executing program\n", 18 [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6235] <... write resumed>) = 18 [pid 6143] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6235] <... futex resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./3/file0", [pid 6143] <... openat resumed>) = 4 [pid 6230] <... write resumed>) = 16777216 [pid 6235] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6143] chdir("." [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6235] <... rt_sigaction resumed>NULL, 8) = 0 [ 73.163275][ T6143] BTRFS info (device loop0 state M): force clearing of disk cache [ 73.172583][ T6143] BTRFS info (device loop0 state M): doing ref verification [ 73.202553][ T6143] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6230] munmap(0x7fb775000000, 138412032 [pid 6143] <... chdir resumed>) = 0 [pid 6235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6143] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6142] <... futex resumed>) = 0 [pid 6235] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6143] <... futex resumed>) = 1 [pid 6142] exit_group(0 [pid 6235] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6142] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6143] +++ exited with 0 +++ [pid 6142] +++ exited with 0 +++ [pid 5830] newfstatat(4, "", [pid 6235] <... mprotect resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6142, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] getdents64(4, ./strace-static-x86_64: Process 6236 attached [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6236] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6235] <... clone3 resumed> => {parent_tid=[6236]}, 88) = 6236 [pid 6236] <... rseq resumed>) = 0 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] set_robust_list(0x7fb77d6019a0, 24 [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] <... set_robust_list resumed>) = 0 [pid 6235] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] rt_sigprocmask(SIG_SETMASK, [], [pid 6235] <... futex resumed>) = 0 [pid 6236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6236] <... memfd_create resumed>) = 3 [pid 5830] getdents64(4, [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./3/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./3" [pid 6233] <... write resumed>) = 16777216 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6233] munmap(0x7fb775000000, 138412032 [pid 6230] <... munmap resumed>) = 0 [pid 5830] mkdir("./4", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5830] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6230] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6230] <... openat resumed>) = 4 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6230] ioctl(4, LOOP_SET_FD, 3 [pid 5830] close(3 [pid 5829] newfstatat(AT_FDCWD, "./3/binderfs", [pid 6233] <... munmap resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./3/binderfs" [pid 6233] <... openat resumed>) = 4 [pid 6233] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... unlink resumed>) = 0 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6237 [pid 6230] <... ioctl resumed>) = 0 [pid 6230] close(3) = 0 [pid 6230] close(4) = 0 [pid 6230] mkdir("./file0", 0777./strace-static-x86_64: Process 6237 attached [pid 6233] <... ioctl resumed>) = 0 [pid 6230] <... mkdir resumed>) = 0 [pid 6237] set_robust_list(0x55558bffa6a0, 24 [pid 6233] close(3 [ 73.275338][ T6230] loop2: detected capacity change from 0 to 32768 [ 73.293198][ T6233] loop4: detected capacity change from 0 to 32768 [ 73.301001][ T5829] BTRFS info (device loop0): last unmount of filesystem 7cd1524a-bfde-4f5e-bb5e-b0015f952a62 [pid 6230] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6237] <... set_robust_list resumed>) = 0 [pid 6233] <... close resumed>) = 0 [pid 6233] close(4 [pid 6237] chdir("./4" [pid 6233] <... close resumed>) = 0 [pid 6233] mkdir("./file0", 0777 [pid 6237] <... chdir resumed>) = 0 [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6233] <... mkdir resumed>) = 0 [pid 6233] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6237] <... prctl resumed>) = 0 [pid 6237] setpgid(0, 0) = 0 [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6237] write(3, "1000", 4) = 4 [pid 6237] close(3) = 0 [pid 6237] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6237] write(1, "executing program\n", 18) = 18 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6237] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6238 attached [ 73.321092][ T6230] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6230) => {parent_tid=[6238]}, 88) = 6238 [pid 6238] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6238] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6238] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] <... futex resumed>) = 0 [pid 6238] memfd_create("syzkaller", 0) = 3 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 73.378545][ T6230] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 73.380051][ T6233] BTRFS: device /dev/loop4 (7:4) using temp-fsid 509795a7-e90c-40f9-98e0-8d0106c4b646 [ 73.400115][ T6230] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 73.424585][ T6230] BTRFS info (device loop2): using free-space-tree [ 73.435015][ T6233] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6233) [ 73.497602][ T6233] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 73.541796][ T6233] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 73.550598][ T6233] BTRFS info (device loop4): using free-space-tree [pid 6236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6236] munmap(0x7fb775000000, 138412032) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6236] <... openat resumed>) = 4 [pid 6236] ioctl(4, LOOP_SET_FD, 3 [pid 6230] <... mount resumed>) = 0 [pid 6230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6230] chdir("./file0") = 0 [pid 6230] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6230] ioctl(4, LOOP_CLR_FD) = 0 [pid 6230] close(4) = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] <... ioctl resumed>) = 0 [pid 6236] close(3) = 0 [pid 6236] close(4) = 0 [pid 6236] mkdir("./file0", 0777) = 0 [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 73.743341][ T6236] loop3: detected capacity change from 0 to 32768 [pid 6230] memfd_create("syzkaller", 0) = 4 [pid 6236] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6233] <... mount resumed>) = 0 [pid 6233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6233] chdir("./file0") = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6233] ioctl(4, LOOP_CLR_FD) = 0 [pid 6233] close(4) = 0 [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6233] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... futex resumed>) = 0 [pid 6233] memfd_create("syzkaller", 0 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] <... memfd_create resumed>) = 4 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 73.789113][ T6236] BTRFS: device /dev/loop3 (7:3) using temp-fsid b5a471cf-7e7b-4fce-9d70-9c697094d2de [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./3/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./3") = 0 [pid 5829] mkdir("./4", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6271 ./strace-static-x86_64: Process 6271 attached [pid 6271] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6271] chdir("./4") = 0 [pid 6271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 73.849061][ T6236] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6236) [pid 6271] setpgid(0, 0) = 0 [pid 6271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6271] write(3, "1000", 4) = 4 [pid 6271] close(3) = 0 [pid 6271] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6271] write(1, "executing program\n", 18) = 18 [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6271] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6273 attached [pid 6273] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6273] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 73.965692][ T6236] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 73.992296][ T6236] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6273] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] <... clone3 resumed> => {parent_tid=[6273]}, 88) = 6273 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6273] memfd_create("syzkaller", 0) = 3 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 74.035343][ T6236] BTRFS info (device loop3): using free-space-tree [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6230] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6233] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6238] <... write resumed>) = 16777216 [pid 6236] <... mount resumed>) = 0 [pid 6236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6236] chdir("./file0") = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6236] ioctl(4, LOOP_CLR_FD) = 0 [pid 6236] close(4) = 0 [pid 6236] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6238] munmap(0x7fb775000000, 138412032 [pid 6236] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] <... munmap resumed>) = 0 [pid 6235] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6235] <... futex resumed>) = 1 [pid 6236] memfd_create("syzkaller", 0 [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] <... memfd_create resumed>) = 4 [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6238] close(3) = 0 [pid 6238] close(4) = 0 [ 74.232356][ T6238] loop1: detected capacity change from 0 to 32768 [pid 6238] mkdir("./file0", 0777) = 0 [pid 6238] mount("/dev/loop1", "./file0", "btrfs", 0, "" [ 74.301723][ T6238] BTRFS: device /dev/loop1 (7:1) using temp-fsid 343613f4-89ff-448f-b31e-0d14b75c9b12 [pid 6273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6230] <... write resumed>) = 16777216 [ 74.339334][ T6238] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6238) [pid 6230] munmap(0x7fb775000000, 138412032) = 0 [pid 6230] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6230] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6230] ioctl(5, LOOP_CLR_FD) = 0 [ 74.421649][ T6238] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 74.441872][ T6238] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6230] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6230] close(5) = 0 [ 74.472573][ T6238] BTRFS info (device loop1): using free-space-tree [pid 6230] close(4 [pid 6236] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6230] <... close resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6230] rename("./file1", "./file0/file0") = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6230] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6230] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6229] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] <... write resumed>) = 16777216 [pid 6238] <... mount resumed>) = 0 [pid 6230] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6273] munmap(0x7fb775000000, 138412032 [pid 6238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6238] chdir("./file0") = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_CLR_FD) = 0 [pid 6238] close(4) = 0 [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] memfd_create("syzkaller", 0) = 4 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6273] <... munmap resumed>) = 0 [pid 6233] <... write resumed>) = 16777216 [ 74.712011][ T6230] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 74.729687][ T6230] BTRFS info (device loop2 state M): setting nodatasum [ 74.737058][ T6230] BTRFS info (device loop2 state M): setting nodatasum [ 74.744599][ T6230] BTRFS info (device loop2 state M): turning off barriers [ 74.751795][ T6230] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6233] munmap(0x7fb775000000, 138412032 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_SET_FD, 3 [pid 6230] <... mount resumed>) = 0 [pid 6230] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6230] chdir(".") = 0 [pid 6230] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6229] exit_group(0) = ? [pid 6230] +++ exited with 0 +++ [pid 6229] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6229, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=59 /* 0.59 s */} --- [pid 6233] <... munmap resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./4/binderfs" [pid 6233] <... openat resumed>) = 5 [pid 6233] ioctl(5, LOOP_SET_FD, 4 [pid 5831] <... unlink resumed>) = 0 [pid 6233] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6233] ioctl(5, LOOP_CLR_FD) = 0 [ 74.759459][ T6230] BTRFS info (device loop2 state M): force clearing of disk cache [ 74.767382][ T6230] BTRFS info (device loop2 state M): doing ref verification [ 74.773228][ T6273] loop0: detected capacity change from 0 to 32768 [ 74.774953][ T6230] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6273] <... ioctl resumed>) = 0 [pid 6233] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6273] close(3 [pid 6233] close(5) = 0 [pid 6233] close(4 [pid 6273] <... close resumed>) = 0 [pid 6273] close(4) = 0 [pid 6273] mkdir("./file0", 0777) = 0 [ 74.818325][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 74.872259][ T6273] BTRFS: device /dev/loop0 (7:0) using temp-fsid e32e2381-00af-4648-a71a-0ecf7eaed21f [ 74.901662][ T6273] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6273) [pid 6273] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6238] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./4/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./4") = 0 [ 75.009229][ T6273] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 75.044923][ T6273] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6233] <... close resumed>) = 0 [pid 5831] mkdir("./5", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6308 attached [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] set_robust_list(0x55558bffa6a0, 24 [pid 6233] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6308 [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6231] <... futex resumed>) = 1 [pid 6233] rename("./file1", "./file0/file0" [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6308] <... set_robust_list resumed>) = 0 [pid 6308] chdir("./5" [pid 6236] <... write resumed>) = 16777216 [pid 6308] <... chdir resumed>) = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6236] munmap(0x7fb775000000, 138412032 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6308] write(1, "executing program\n", 18) = 18 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 75.089647][ T6273] BTRFS info (device loop0): using free-space-tree [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6233] <... rename resumed>) = 0 [pid 6308] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6316]}, 88) = 6316 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6316 attached ) = 0 [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6236] <... munmap resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6316] <... rseq resumed>) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6233] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] set_robust_list(0x7fb77d6019a0, 24 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... futex resumed>) = 0 [pid 6236] <... openat resumed>) = 5 [pid 6316] <... set_robust_list resumed>) = 0 [pid 6236] ioctl(5, LOOP_SET_FD, 4 [pid 6233] mkdir(".", 0777 [pid 6231] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6233] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] ioctl(5, LOOP_CLR_FD [pid 6233] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6316] memfd_create("syzkaller", 0 [pid 6236] <... ioctl resumed>) = 0 [pid 6316] <... memfd_create resumed>) = 3 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6236] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6236] close(5) = 0 [ 75.285866][ T6233] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 6236] close(4) = 0 [pid 6236] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... mount resumed>) = 0 [pid 6236] <... futex resumed>) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6235] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] rename("./file1", "./file0/file0" [pid 6273] <... openat resumed>) = 3 [pid 6235] <... futex resumed>) = 0 [pid 6273] chdir("./file0" [pid 6235] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... chdir resumed>) = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_CLR_FD) = 0 [pid 6273] close(4) = 0 [ 75.366389][ T6233] BTRFS info (device loop4 state M): setting nodatasum [ 75.383872][ T6233] BTRFS info (device loop4 state M): setting nodatasum [ 75.391209][ T6233] BTRFS info (device loop4 state M): turning off barriers [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6273] memfd_create("syzkaller", 0 [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... memfd_create resumed>) = 4 [pid 6271] <... futex resumed>) = 0 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] <... mmap resumed>) = 0x7fb775000000 [pid 6235] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6235] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 6235] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} => {parent_tid=[6326]}, 88) = 6326 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6235] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] <... rename resumed>) = 0 ./strace-static-x86_64: Process 6326 attached [pid 6236] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6326] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 6326] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] <... futex resumed>) = 0 [pid 6326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] mkdir(".", 0777) = -1 EEXIST (File exists) [ 75.426878][ T6233] BTRFS info (device loop4 state M): turning on flush-on-commit [ 75.451610][ T6233] BTRFS info (device loop4 state M): force clearing of disk cache [ 75.459479][ T6233] BTRFS info (device loop4 state M): doing ref verification [pid 6326] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6233] <... mount resumed>) = 0 [pid 6233] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6238] <... write resumed>) = 16777216 [ 75.522030][ T6233] BTRFS info (device loop4 state M): max_inline set to 26856 [ 75.530799][ T6326] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6233] chdir(".") = 0 [pid 6238] munmap(0x7fb775000000, 138412032 [pid 6233] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] exit_group(0) = ? [pid 6233] +++ exited with 0 +++ [pid 6231] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6231, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=51 /* 0.51 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6238] <... munmap resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./4/binderfs", [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./4/binderfs") = 0 [pid 5833] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] <... openat resumed>) = 5 [pid 6238] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6238] ioctl(5, LOOP_CLR_FD) = 0 [pid 6238] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6238] close(5) = 0 [ 75.587414][ T6326] BTRFS info (device loop3 state M): setting nodatasum [ 75.618740][ T6326] BTRFS info (device loop3 state M): setting nodatasum [ 75.640352][ T6326] BTRFS info (device loop3 state M): turning off barriers [ 75.653103][ T5833] BTRFS info (device loop4): last unmount of filesystem 509795a7-e90c-40f9-98e0-8d0106c4b646 [ 75.659354][ T6326] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 6238] close(4 [ 75.686279][ T6326] BTRFS info (device loop3 state M): force clearing of disk cache [ 75.704932][ T6326] BTRFS info (device loop3 state M): doing ref verification [pid 6316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6326] <... mount resumed>) = 0 [pid 6326] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [ 75.747228][ T6326] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6326] chdir(".") = 0 [pid 6326] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] <... futex resumed>) = 0 [pid 6235] exit_group(0) = ? [pid 6326] <... futex resumed>) = ? [pid 6236] <... futex resumed>) = ? [pid 6326] +++ exited with 0 +++ [pid 6236] +++ exited with 0 +++ [pid 6235] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6235, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=58 /* 0.58 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6273] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./4/binderfs") = 0 [pid 5832] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 5833] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] rename("./file1", "./file0/file0" [pid 5833] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.922872][ T5832] BTRFS info (device loop3): last unmount of filesystem b5a471cf-7e7b-4fce-9d70-9c697094d2de [pid 5833] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", [pid 6238] <... rename resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6238] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] close(4) = 0 [pid 5833] rmdir("./4/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./4") = 0 [pid 5833] mkdir("./5", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6328 attached , child_tidptr=0x55558bffa690) = 6328 [pid 6328] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6328] chdir("./5") = 0 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6328] setpgid(0, 0) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6328] write(3, "1000", 4) = 4 [pid 6328] close(3) = 0 [ 76.092463][ T6238] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW executing program [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6328] write(1, "executing program\n", 18) = 18 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6328] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6329]}, 88) = 6329 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6329 attached NULL, 8) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6329] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6329] memfd_create("syzkaller", 0) = 3 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 76.145118][ T6238] BTRFS info (device loop1 state M): setting nodatasum [ 76.171633][ T6238] BTRFS info (device loop1 state M): setting nodatasum [ 76.178610][ T6238] BTRFS info (device loop1 state M): turning off barriers [ 76.215755][ T6238] BTRFS info (device loop1 state M): turning on flush-on-commit [ 76.251645][ T6238] BTRFS info (device loop1 state M): force clearing of disk cache [pid 6273] <... write resumed>) = 16777216 [pid 6273] munmap(0x7fb775000000, 138412032) = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6273] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6273] ioctl(5, LOOP_CLR_FD) = 0 [pid 6316] <... write resumed>) = 16777216 [pid 6273] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6273] close(5) = 0 [pid 6273] close(4 [pid 6316] munmap(0x7fb775000000, 138412032 [pid 6238] <... mount resumed>) = 0 [pid 6316] <... munmap resumed>) = 0 [pid 6238] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6238] chdir("." [pid 5832] <... umount2 resumed>) = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6238] <... chdir resumed>) = 0 [pid 5832] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6238] <... futex resumed>) = 1 [pid 6237] <... futex resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./4/file0", [pid 6238] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] exit_group(0 [pid 6316] <... openat resumed>) = 4 [pid 6238] <... futex resumed>) = ? [pid 6237] <... exit_group resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6238] +++ exited with 0 +++ [ 76.259996][ T6238] BTRFS info (device loop1 state M): doing ref verification [ 76.278241][ T6238] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6237] +++ exited with 0 +++ [pid 5832] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6316] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=16 /* 0.16 s */, si_stime=63 /* 0.63 s */} --- [pid 5830] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6316] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 6316] close(3) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6316] close(4 [pid 5832] newfstatat(4, "", [pid 6316] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6316] mkdir("./file0", 0777 [pid 5832] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./4/binderfs", [pid 6316] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6316] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5832] getdents64(4, [pid 5830] unlink("./4/binderfs" [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] rmdir("./4/file0" [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [ 76.332544][ T6316] loop2: detected capacity change from 0 to 32768 [pid 5832] rmdir("./4" [pid 6329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./5", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6331 attached [pid 6331] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6331 [pid 6331] <... set_robust_list resumed>) = 0 [pid 6331] chdir("./5") = 0 [ 76.373623][ T5830] BTRFS info (device loop1): last unmount of filesystem 343613f4-89ff-448f-b31e-0d14b75c9b12 [ 76.392217][ T6316] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6316) [pid 6331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6331] setpgid(0, 0) = 0 [pid 6331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6331] write(3, "1000", 4) = 4 [pid 6331] close(3) = 0 [pid 6331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6331] write(1, "executing program\n", 18executing program ) = 18 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6331] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6334 attached => {parent_tid=[6334]}, 88) = 6334 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6334] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... rseq resumed>) = 0 [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 76.454548][ T6316] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 76.471676][ T6316] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 76.480705][ T6316] BTRFS info (device loop2): using free-space-tree [pid 6334] memfd_create("syzkaller", 0) = 3 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6273] <... close resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6273] rename("./file1", "./file0/file0" [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... rename resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6273] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] <... futex resumed>) = 0 [pid 6273] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6273] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6316] <... mount resumed>) = 0 [pid 6316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6316] chdir("./file0") = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6316] ioctl(4, LOOP_CLR_FD) = 0 [pid 6316] close(4) = 0 [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6316] memfd_create("syzkaller", 0 [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... memfd_create resumed>) = 4 [pid 6308] <... futex resumed>) = 0 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] <... mmap resumed>) = 0x7fb775000000 [pid 6329] <... write resumed>) = 16777216 [pid 6329] munmap(0x7fb775000000, 138412032) = 0 [ 76.684642][ T6273] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 6329] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6329] close(3) = 0 [pid 6329] close(4) = 0 [pid 6329] mkdir("./file0", 0777) = 0 [ 76.759028][ T25] cfg80211: failed to load regulatory.db [ 76.765709][ T6329] loop4: detected capacity change from 0 to 32768 [ 76.771929][ T6273] BTRFS info (device loop0 state M): setting nodatasum [ 76.779013][ T6273] BTRFS info (device loop0 state M): setting nodatasum [ 76.835547][ T6329] BTRFS: device /dev/loop4 (7:4) using temp-fsid de63c674-ca28-4248-aa55-11c2c73a0d8c [ 76.851626][ T6273] BTRFS info (device loop0 state M): turning off barriers [ 76.872365][ T6329] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6329) [ 76.891654][ T6273] BTRFS info (device loop0 state M): turning on flush-on-commit [ 76.931892][ T6273] BTRFS info (device loop0 state M): force clearing of disk cache [pid 6329] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = 0 [pid 6334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.939987][ T6273] BTRFS info (device loop0 state M): doing ref verification [ 76.947357][ T6329] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 76.947428][ T6329] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 5830] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", [pid 6316] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 6273] <... mount resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6273] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5830] close(4 [pid 6273] <... openat resumed>) = 4 [pid 6273] chdir(".") = 0 [pid 6273] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6271] exit_group(0) = ? [pid 6273] +++ exited with 0 +++ [pid 6271] +++ exited with 0 +++ [pid 5830] <... close resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6271, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=64 /* 0.64 s */} --- [pid 5830] rmdir("./4/file0" [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5829] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./4" [pid 5829] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] mkdir("./5", 0777 [pid 5829] getdents64(3, [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5829] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./4/binderfs") = 0 [ 77.022384][ T6273] BTRFS info (device loop0 state M): max_inline set to 26856 [ 77.048271][ T6329] BTRFS info (device loop4): using free-space-tree [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6357 attached , child_tidptr=0x55558bffa690) = 6357 [pid 6357] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6357] chdir("./5") = 0 [pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6357] setpgid(0, 0) = 0 [pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6357] write(3, "1000", 4) = 4 [pid 6357] close(3) = 0 [pid 6357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6357] write(1, "executing program\n", 18executing program ) = 18 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [ 77.102587][ T5829] BTRFS info (device loop0): last unmount of filesystem e32e2381-00af-4648-a71a-0ecf7eaed21f [pid 6357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6357] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6366 attached => {parent_tid=[6366]}, 88) = 6366 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] <... rseq resumed>) = 0 [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... mount resumed>) = 0 [pid 6366] set_robust_list(0x7fb77d6019a0, 24 [pid 6357] <... futex resumed>) = 0 [pid 6329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6366] <... set_robust_list resumed>) = 0 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] <... openat resumed>) = 3 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6329] chdir("./file0" [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] <... chdir resumed>) = 0 [pid 6366] memfd_create("syzkaller", 0 [pid 6329] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6366] <... memfd_create resumed>) = 3 [pid 6329] <... openat resumed>) = 4 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6329] ioctl(4, LOOP_CLR_FD [pid 6366] <... mmap resumed>) = 0x7fb775000000 [pid 6329] <... ioctl resumed>) = 0 [pid 6329] close(4) = 0 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] <... futex resumed>) = 0 [pid 6329] memfd_create("syzkaller", 0) = 4 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6316] <... write resumed>) = 16777216 [pid 6316] munmap(0x7fb775000000, 138412032) = 0 [pid 6334] <... write resumed>) = 16777216 [pid 6316] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6316] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6316] ioctl(5, LOOP_CLR_FD) = 0 [pid 6316] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6316] close(5) = 0 [pid 6316] close(4 [pid 6334] munmap(0x7fb775000000, 138412032 [pid 5829] <... umount2 resumed>) = 0 [pid 6334] <... munmap resumed>) = 0 [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] newfstatat(AT_FDCWD, "./4/file0", [pid 6334] <... openat resumed>) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6334] <... ioctl resumed>) = 0 [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6334] <... close resumed>) = 0 [pid 6334] close(4) = 0 [pid 6334] mkdir("./file0", 0777) = 0 [pid 5829] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6334] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 77.574135][ T6334] loop3: detected capacity change from 0 to 32768 [pid 5829] getdents64(4, [pid 6329] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./4/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./4") = 0 [pid 5829] mkdir("./5", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [ 77.616038][ T6334] BTRFS: device /dev/loop3 (7:3) using temp-fsid 05f3542e-7de1-4cfa-b17e-33a59f446996 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 6368 attached [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 6368 [pid 6368] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6368] chdir("./5") = 0 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6368] setpgid(0, 0) = 0 [ 77.670930][ T6334] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6334) [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6368] write(3, "1000", 4) = 4 [pid 6368] close(3) = 0 [pid 6368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6368] write(1, "executing program\n", 18executing program ) = 18 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6368] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6369 attached [pid 6369] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6369] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6369] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] <... clone3 resumed> => {parent_tid=[6369]}, 88) = 6369 [ 77.762598][ T6334] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 77.795267][ T6334] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6316] <... close resumed>) = 0 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6316] <... futex resumed>) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6316] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 6316] rename("./file1", "./file0/file0" [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... futex resumed>) = 0 [pid 6368] <... futex resumed>) = 1 [pid 6369] memfd_create("syzkaller", 0) = 3 [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] <... rename resumed>) = 0 [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6316] mkdir(".", 0777 [pid 6308] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 77.822050][ T6334] BTRFS info (device loop3): using free-space-tree [ 77.932797][ T6316] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 6316] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6334] <... mount resumed>) = 0 [pid 6334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6334] chdir("./file0") = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_CLR_FD) = 0 [pid 6334] close(4) = 0 [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 77.980024][ T6316] BTRFS info (device loop2 state M): setting nodatasum [pid 6334] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 6334] memfd_create("syzkaller", 0 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] <... memfd_create resumed>) = 4 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 78.031706][ T6316] BTRFS info (device loop2 state M): setting nodatasum [ 78.051680][ T6316] BTRFS info (device loop2 state M): turning off barriers [pid 6366] <... write resumed>) = 16777216 [pid 6366] munmap(0x7fb775000000, 138412032 [pid 6369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6366] <... munmap resumed>) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 78.091677][ T6316] BTRFS info (device loop2 state M): turning on flush-on-commit [ 78.099376][ T6316] BTRFS info (device loop2 state M): force clearing of disk cache [ 78.143396][ T6366] loop1: detected capacity change from 0 to 32768 [ 78.171621][ T6316] BTRFS info (device loop2 state M): doing ref verification [ 78.179055][ T6316] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6366] close(3) = 0 [pid 6366] close(4) = 0 [pid 6366] mkdir("./file0", 0777) = 0 [ 78.184816][ T6366] BTRFS: device /dev/loop1 (7:1) using temp-fsid d8f31db2-638e-4c70-a207-95007c67bb21 [pid 6366] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6316] <... mount resumed>) = 0 [pid 6316] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6329] <... write resumed>) = 16777216 [pid 6316] <... openat resumed>) = 4 [pid 6316] chdir(".") = 0 [ 78.221664][ T6366] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6366) [pid 6316] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] munmap(0x7fb775000000, 138412032 [pid 6316] <... futex resumed>) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6308] exit_group(0 [pid 6329] <... munmap resumed>) = 0 [pid 6308] <... exit_group resumed>) = ? [pid 6316] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=68 /* 0.68 s */} --- [pid 6329] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 5831] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6329] ioctl(5, LOOP_SET_FD, 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6329] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6329] ioctl(5, LOOP_CLR_FD [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6329] <... ioctl resumed>) = 0 [pid 5831] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./5/binderfs" [pid 6329] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5831] <... unlink resumed>) = 0 [pid 6329] close(5 [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6329] <... close resumed>) = 0 [ 78.312258][ T6366] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 78.347370][ T6366] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 78.357248][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6329] close(4 [ 78.390249][ T6366] BTRFS info (device loop1): using free-space-tree [pid 6334] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6366] <... mount resumed>) = 0 [pid 6366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6366] chdir("./file0") = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6366] ioctl(4, LOOP_CLR_FD) = 0 [pid 6366] close(4) = 0 [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6366] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] <... futex resumed>) = 0 [pid 6366] memfd_create("syzkaller", 0 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6366] <... memfd_create resumed>) = 4 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6329] <... close resumed>) = 0 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] rename("./file1", "./file0/file0" [pid 6369] <... write resumed>) = 16777216 [pid 6329] <... rename resumed>) = 0 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] munmap(0x7fb775000000, 138412032 [pid 6334] <... write resumed>) = 16777216 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] mkdir(".", 0777 [pid 6334] munmap(0x7fb775000000, 138412032 [pid 6329] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6329] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6369] <... munmap resumed>) = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6369] close(3) = 0 [pid 6334] <... munmap resumed>) = 0 [pid 6369] close(4 [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6369] <... close resumed>) = 0 [pid 6369] mkdir("./file0", 0777 [pid 6334] <... openat resumed>) = 5 [pid 6369] <... mkdir resumed>) = 0 [pid 6369] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6334] ioctl(5, LOOP_SET_FD, 4 [pid 5831] <... umount2 resumed>) = 0 [ 78.787700][ T6369] loop0: detected capacity change from 0 to 32768 [ 78.822563][ T6329] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6334] ioctl(5, LOOP_CLR_FD [pid 5831] newfstatat(AT_FDCWD, "./5/file0", [pid 6334] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6334] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6334] close(5 [pid 5831] newfstatat(4, "", [pid 6334] <... close resumed>) = 0 [pid 6334] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [ 78.846847][ T6369] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6369) [ 78.851592][ T6329] BTRFS info (device loop4 state M): setting nodatasum [ 78.885135][ T6369] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] rmdir("./5/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./5") = 0 [pid 5831] mkdir("./6", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [ 78.909049][ T6329] BTRFS info (device loop4 state M): setting nodatasum [ 78.924777][ T6369] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 78.946316][ T6329] BTRFS info (device loop4 state M): turning off barriers [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6409 attached [pid 6409] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6409] chdir("./6") = 0 [pid 6409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6409] setpgid(0, 0) = 0 [pid 6409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6409] write(3, "1000", 4) = 4 [pid 6409] close(3) = 0 [pid 6409] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6409] write(1, "executing program\n", 18) = 18 [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6409 [pid 6409] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6409] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6419]}, 88) = 6419 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.962811][ T6369] BTRFS info (device loop0): using free-space-tree [ 78.976555][ T6329] BTRFS info (device loop4 state M): turning on flush-on-commit [ 78.987435][ T6329] BTRFS info (device loop4 state M): force clearing of disk cache [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6419 attached [pid 6366] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6419] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6329] <... mount resumed>) = 0 [pid 6419] <... rseq resumed>) = 0 [pid 6419] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6329] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6419] memfd_create("syzkaller", 0 [pid 6329] <... openat resumed>) = 4 [pid 6329] chdir("." [pid 6419] <... memfd_create resumed>) = 3 [pid 6329] <... chdir resumed>) = 0 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6329] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... mmap resumed>) = 0x7fb775000000 [pid 6369] <... mount resumed>) = 0 [pid 6329] <... futex resumed>) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6328] exit_group(0 [pid 6369] <... openat resumed>) = 3 [pid 6329] <... futex resumed>) = ? [pid 6328] <... exit_group resumed>) = ? [pid 6329] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6328, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=64 /* 0.64 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 6369] chdir("./file0") = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... restart_syscall resumed>) = 0 [pid 6369] <... openat resumed>) = 4 [pid 5833] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6369] ioctl(4, LOOP_CLR_FD [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... ioctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6369] close(4 [pid 5833] <... openat resumed>) = 3 [pid 6369] <... close resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6369] <... futex resumed>) = 1 [pid 6368] <... futex resumed>) = 0 [pid 5833] getdents64(3, [ 79.030929][ T6329] BTRFS info (device loop4 state M): doing ref verification [ 79.042427][ T6329] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] memfd_create("syzkaller", 0 [pid 6368] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./5/binderfs", [pid 6369] <... memfd_create resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./5/binderfs" [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5833] <... unlink resumed>) = 0 [pid 5833] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] <... close resumed>) = 0 [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6334] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 6334] rename("./file1", "./file0/file0") = 0 [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] <... futex resumed>) = 0 [pid 6331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] mkdir(".", 0777 [pid 6331] <... futex resumed>) = 0 [pid 6334] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 79.193639][ T5833] BTRFS info (device loop4): last unmount of filesystem de63c674-ca28-4248-aa55-11c2c73a0d8c [pid 6334] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6366] <... write resumed>) = 16777216 [ 79.279470][ T6334] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 79.308340][ T6334] BTRFS info (device loop3 state M): setting nodatasum [pid 6366] munmap(0x7fb775000000, 138412032) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6366] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6366] ioctl(5, LOOP_CLR_FD) = 0 [ 79.344379][ T6334] BTRFS info (device loop3 state M): setting nodatasum [ 79.351293][ T6334] BTRFS info (device loop3 state M): turning off barriers [ 79.370216][ T6334] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 6366] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6366] close(5) = 0 [pid 6366] close(4 [pid 6419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6369] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6334] <... mount resumed>) = 0 [pid 6334] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6334] chdir(".") = 0 [pid 6334] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 79.423559][ T6334] BTRFS info (device loop3 state M): force clearing of disk cache [ 79.452815][ T6334] BTRFS info (device loop3 state M): doing ref verification [ 79.462921][ T6334] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6331] <... futex resumed>) = 0 [pid 6334] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] exit_group(0 [pid 6334] <... futex resumed>) = ? [pid 6331] <... exit_group resumed>) = ? [pid 6334] +++ exited with 0 +++ [pid 6331] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6331, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=57 /* 0.57 s */} --- [pid 5832] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./5/binderfs") = 0 [ 79.593125][ T5832] BTRFS info (device loop3): last unmount of filesystem 05f3542e-7de1-4cfa-b17e-33a59f446996 [pid 5832] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... umount2 resumed>) = 0 [pid 6366] <... close resumed>) = 0 [pid 5833] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6366] <... futex resumed>) = 1 [pid 6366] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... futex resumed>) = 0 [pid 5833] newfstatat(AT_FDCWD, "./5/file0", [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6366] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 5833] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6366] rename("./file1", "./file0/file0" [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", [pid 6366] <... rename resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 6366] <... futex resumed>) = 1 [pid 6357] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 6357] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6366] mkdir(".", 0777 [pid 5833] rmdir("./5/file0" [pid 6366] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] <... rmdir resumed>) = 0 [pid 6366] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./5") = 0 [pid 5833] mkdir("./6", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 79.750915][ T6366] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 79.786042][ T6366] BTRFS info (device loop1 state M): setting nodatasum [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6423 attached , child_tidptr=0x55558bffa690) = 6423 [pid 6423] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6423] chdir("./6") = 0 [pid 6423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6423] setpgid(0, 0) = 0 [ 79.816047][ T6366] BTRFS info (device loop1 state M): setting nodatasum [ 79.838526][ T6366] BTRFS info (device loop1 state M): turning off barriers [pid 6423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6423] write(3, "1000", 4) = 4 [pid 6423] close(3) = 0 [pid 6419] <... write resumed>) = 16777216 [pid 6423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6423] write(1, "executing program\n", 18executing program ) = 18 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6423] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6419] munmap(0x7fb775000000, 138412032 [pid 6423] <... mprotect resumed>) = 0 [pid 6423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 79.871048][ T6366] BTRFS info (device loop1 state M): turning on flush-on-commit [ 79.897647][ T6366] BTRFS info (device loop1 state M): force clearing of disk cache [pid 6419] <... munmap resumed>) = 0 [pid 6423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6424 attached [pid 6424] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6419] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6419] ioctl(4, LOOP_SET_FD, 3 [pid 6424] <... rseq resumed>) = 0 [pid 6423] <... clone3 resumed> => {parent_tid=[6424]}, 88) = 6424 [pid 6369] <... write resumed>) = 16777216 [pid 6366] <... mount resumed>) = 0 [pid 6424] set_robust_list(0x7fb77d6019a0, 24 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6419] <... ioctl resumed>) = 0 [pid 6424] <... set_robust_list resumed>) = 0 [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] munmap(0x7fb775000000, 138412032 [pid 6366] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = 0 [pid 6424] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] close(3 [pid 5832] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6424] memfd_create("syzkaller", 0 [pid 6423] <... futex resumed>) = 0 [pid 6419] <... close resumed>) = 0 [pid 6366] <... openat resumed>) = 4 [pid 5832] newfstatat(AT_FDCWD, "./5/file0", [pid 6424] <... memfd_create resumed>) = 3 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] close(4 [pid 6366] chdir("." [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6419] <... close resumed>) = 0 [pid 6369] <... munmap resumed>) = 0 [ 79.919899][ T6366] BTRFS info (device loop1 state M): doing ref verification [ 79.937863][ T6366] BTRFS info (device loop1 state M): max_inline set to 26856 [ 79.948529][ T6419] loop2: detected capacity change from 0 to 32768 [pid 6366] <... chdir resumed>) = 0 [pid 6424] <... mmap resumed>) = 0x7fb775000000 [pid 6419] mkdir("./file0", 0777 [pid 6366] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6419] <... mkdir resumed>) = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6366] <... futex resumed>) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6419] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6369] <... openat resumed>) = 5 [pid 6366] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] exit_group(0 [pid 6366] <... futex resumed>) = ? [pid 6357] <... exit_group resumed>) = ? [pid 6369] ioctl(5, LOOP_SET_FD, 4 [pid 6366] +++ exited with 0 +++ [pid 6357] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6369] ioctl(5, LOOP_CLR_FD [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6357, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=67 /* 0.67 s */} --- [pid 6369] <... ioctl resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6369] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6369] close(5) = 0 [pid 6369] close(4 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 5830] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(3, "", [pid 5832] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 5832] close(4) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] rmdir("./5/file0" [pid 5830] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5830] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] close(3 [ 79.988150][ T6419] BTRFS: device /dev/loop2 (7:2) using temp-fsid 653cc6b2-a333-4f26-b102-7874d1192181 [ 80.013310][ T6419] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6419) [pid 5830] unlink("./5/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] rmdir("./5" [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./6", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 80.048137][ T5830] BTRFS info (device loop1): last unmount of filesystem d8f31db2-638e-4c70-a207-95007c67bb21 [ 80.066197][ T6419] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6426 attached , child_tidptr=0x55558bffa690) = 6426 [pid 6426] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6426] chdir("./6") = 0 [pid 6426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6426] setpgid(0, 0) = 0 [pid 6426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6426] write(3, "1000", 4) = 4 [ 80.096688][ T6419] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 80.131623][ T6419] BTRFS info (device loop2): using free-space-tree [pid 6426] close(3) = 0 [pid 6426] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6426] write(1, "executing program\n", 18) = 18 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6426] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6439]}, 88) = 6439 [pid 6426] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6439 attached NULL, 8) = 0 [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] <... rseq resumed>) = 0 [pid 6439] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6439] memfd_create("syzkaller", 0) = 3 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6369] <... close resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] rename("./file1", "./file0/file0" [pid 6419] <... mount resumed>) = 0 [pid 6419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6419] chdir("./file0") = 0 [pid 6419] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6419] ioctl(4, LOOP_CLR_FD [pid 6369] <... rename resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... ioctl resumed>) = 0 [pid 6369] <... futex resumed>) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6419] close(4) = 0 [pid 6369] mkdir(".", 0777 [pid 6368] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6368] <... futex resumed>) = 0 [pid 6419] <... futex resumed>) = 1 [pid 6369] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6368] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 1 [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] memfd_create("syzkaller", 0) = 4 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 80.373765][ T6369] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 80.423278][ T6369] BTRFS info (device loop0 state M): setting nodatasum [ 80.430181][ T6369] BTRFS info (device loop0 state M): setting nodatasum [ 80.473675][ T6369] BTRFS info (device loop0 state M): turning off barriers [ 80.480842][ T6369] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./5/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./5") = 0 [pid 5830] mkdir("./6", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6444 attached [pid 6444] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6444 [pid 6444] chdir("./6") = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6444] setpgid(0, 0) = 0 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6444] write(3, "1000", 4) = 4 [pid 6444] close(3) = 0 executing program [pid 6444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6444] write(1, "executing program\n", 18) = 18 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6444] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6445]}, 88) = 6445 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6445 attached [ 80.514565][ T6369] BTRFS info (device loop0 state M): force clearing of disk cache [ 80.548293][ T6369] BTRFS info (device loop0 state M): doing ref verification [pid 6369] <... mount resumed>) = 0 [pid 6445] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6445] <... rseq resumed>) = 0 [pid 6369] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6445] set_robust_list(0x7fb77d6019a0, 24 [pid 6419] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6369] <... openat resumed>) = 4 [pid 6445] <... set_robust_list resumed>) = 0 [pid 6445] rt_sigprocmask(SIG_SETMASK, [], [pid 6369] chdir("." [pid 6445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] <... chdir resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6445] memfd_create("syzkaller", 0 [pid 6368] exit_group(0 [pid 6369] <... futex resumed>) = ? [pid 6368] <... exit_group resumed>) = ? [pid 6369] +++ exited with 0 +++ [pid 6368] +++ exited with 0 +++ [pid 6445] <... memfd_create resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6368, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=60 /* 0.60 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/binderfs", [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6445] <... mmap resumed>) = 0x7fb775000000 [pid 5829] unlink("./5/binderfs") = 0 [ 80.588846][ T6369] BTRFS info (device loop0 state M): max_inline set to 26856 [ 80.634514][ T5829] BTRFS info (device loop0): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6424] <... write resumed>) = 16777216 [pid 6424] munmap(0x7fb775000000, 138412032) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... umount2 resumed>) = 0 [pid 6424] <... openat resumed>) = 4 [pid 6419] <... write resumed>) = 16777216 [pid 6424] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6419] munmap(0x7fb775000000, 138412032 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/file0", [pid 6424] <... ioctl resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6424] close(3) = 0 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6424] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 6424] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6424] mkdir("./file0", 0777 [pid 5829] close(4) = 0 [pid 5829] rmdir("./5/file0" [pid 6424] <... mkdir resumed>) = 0 [pid 6419] <... munmap resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6424] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6419] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] getdents64(3, [pid 6419] <... openat resumed>) = 5 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6419] ioctl(5, LOOP_SET_FD, 4 [pid 5829] close(3 [pid 6419] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... close resumed>) = 0 [pid 6419] ioctl(5, LOOP_CLR_FD [pid 5829] rmdir("./5" [pid 6419] <... ioctl resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./6", 0777) = 0 [ 80.907567][ T6424] loop4: detected capacity change from 0 to 32768 [pid 6419] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6419] close(5 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6419] <... close resumed>) = 0 [pid 6419] close(4 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6446 attached , child_tidptr=0x55558bffa690) = 6446 [pid 6446] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6446] chdir("./6") = 0 [pid 6446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6446] setpgid(0, 0) = 0 executing program [pid 6446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6446] write(3, "1000", 4) = 4 [pid 6446] close(3) = 0 [pid 6446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6446] write(1, "executing program\n", 18) = 18 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6446] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6447 attached => {parent_tid=[6447]}, 88) = 6447 [pid 6446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6447] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6447] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6447] memfd_create("syzkaller", 0) = 3 [pid 6447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 80.954078][ T6424] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6424) [ 81.030951][ T6424] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 81.062971][ T6424] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6439] <... write resumed>) = 16777216 [pid 6439] munmap(0x7fb775000000, 138412032) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 81.111955][ T6424] BTRFS info (device loop4): using free-space-tree [pid 6439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6439] close(3) = 0 [pid 6439] close(4) = 0 [pid 6439] mkdir("./file0", 0777) = 0 [ 81.164164][ T6439] loop3: detected capacity change from 0 to 32768 [ 81.215553][ T6439] BTRFS: device /dev/loop3 (7:3) using temp-fsid fac6dbd3-43d0-414d-a936-641c86a7f406 [pid 6439] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6419] <... close resumed>) = 0 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6419] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 1 [pid 6419] rename("./file1", "./file0/file0" [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... write resumed>) = 16777216 [pid 6419] <... rename resumed>) = 0 [pid 6445] munmap(0x7fb775000000, 138412032 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6409] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] mkdir(".", 0777) = -1 EEXIST (File exists) [ 81.273683][ T6439] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6439) [pid 6419] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6445] <... munmap resumed>) = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 81.351398][ T6439] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 81.352700][ T6419] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 81.361994][ T6439] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 81.375489][ T6445] loop1: detected capacity change from 0 to 32768 [ 81.381467][ T6439] BTRFS info (device loop3): using free-space-tree [pid 6445] ioctl(4, LOOP_SET_FD, 3 [pid 6419] <... mount resumed>) = 0 [pid 6445] <... ioctl resumed>) = 0 [pid 6447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6445] close(3 [pid 6424] <... mount resumed>) = 0 [pid 6419] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6445] <... close resumed>) = 0 [pid 6424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6419] <... openat resumed>) = 4 [pid 6445] close(4 [pid 6424] <... openat resumed>) = 3 [pid 6419] chdir("." [pid 6424] chdir("./file0") = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6445] <... close resumed>) = 0 [pid 6419] <... chdir resumed>) = 0 [pid 6445] mkdir("./file0", 0777 [pid 6419] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... openat resumed>) = 4 [pid 6445] <... mkdir resumed>) = 0 [pid 6424] ioctl(4, LOOP_CLR_FD [pid 6419] <... futex resumed>) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6424] <... ioctl resumed>) = 0 [pid 6409] exit_group(0 [pid 6424] close(4 [pid 6409] <... exit_group resumed>) = ? [pid 6424] <... close resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6445] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [ 81.395784][ T6419] BTRFS info (device loop2 state M): setting nodatasum [ 81.402944][ T6419] BTRFS info (device loop2 state M): setting nodatasum [ 81.409822][ T6419] BTRFS info (device loop2 state M): turning off barriers [ 81.417360][ T6419] BTRFS info (device loop2 state M): turning on flush-on-commit [ 81.425452][ T6419] BTRFS info (device loop2 state M): force clearing of disk cache [ 81.433951][ T6419] BTRFS info (device loop2 state M): doing ref verification [ 81.441937][ T6419] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [pid 6424] memfd_create("syzkaller", 0 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6424] <... memfd_create resumed>) = 4 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6419] +++ exited with 0 +++ [pid 6409] +++ exited with 0 +++ [pid 6424] <... mmap resumed>) = 0x7fb775000000 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6409, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=60 /* 0.60 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./6/binderfs") = 0 [ 81.486486][ T6445] BTRFS: device /dev/loop1 (7:1) using temp-fsid 5a10da71-4767-4993-8a7d-2fc289cae8a7 [ 81.515148][ T6445] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6445) [ 81.529714][ T5831] BTRFS info (device loop2): last unmount of filesystem 653cc6b2-a333-4f26-b102-7874d1192181 [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6439] <... mount resumed>) = 0 [pid 6439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 81.612699][ T6445] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6439] chdir("./file0") = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6439] ioctl(4, LOOP_CLR_FD) = 0 [pid 6439] close(4) = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] memfd_create("syzkaller", 0 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] <... memfd_create resumed>) = 4 [ 81.691759][ T6445] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 81.732322][ T6445] BTRFS info (device loop1): using free-space-tree [pid 6447] <... write resumed>) = 16777216 [pid 6447] munmap(0x7fb775000000, 138412032) = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6447] ioctl(4, LOOP_SET_FD, 3 [pid 6439] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6447] <... ioctl resumed>) = 0 [pid 6447] close(3) = 0 [pid 6447] close(4 [pid 6424] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6447] <... close resumed>) = 0 [pid 6447] mkdir("./file0", 0777) = 0 [ 81.887401][ T6447] loop0: detected capacity change from 0 to 32768 [pid 6447] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6445] <... mount resumed>) = 0 [pid 6445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] chdir("./file0") = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6445] ioctl(4, LOOP_CLR_FD) = 0 [pid 6445] close(4) = 0 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6444] <... futex resumed>) = 0 [ 81.947683][ T6447] BTRFS: device /dev/loop0 (7:0) using temp-fsid 8f998d4c-990f-4b3c-a995-273645222cad [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6445] memfd_create("syzkaller", 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6445] <... memfd_create resumed>) = 4 [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 82.004965][ T6447] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6447) [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./6/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./6") = 0 [pid 5831] mkdir("./7", 0777) = 0 [ 82.064610][ T6447] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 82.102404][ T6447] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6499 ./strace-static-x86_64: Process 6499 attached [pid 6499] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6499] chdir("./7") = 0 [pid 6499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6499] setpgid(0, 0) = 0 [pid 6499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6499] write(3, "1000", 4) = 4 [ 82.129343][ T6447] BTRFS info (device loop0): using free-space-tree [pid 6499] close(3) = 0 [pid 6499] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6499] write(1, "executing program\n", 18) = 18 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6499] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6506]}, 88) = 6506 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6506 attached [pid 6506] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6506] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6506] memfd_create("syzkaller", 0) = 3 [pid 6506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6439] <... write resumed>) = 16777216 [pid 6439] munmap(0x7fb775000000, 138412032) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6439] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6439] ioctl(5, LOOP_CLR_FD) = 0 [pid 6439] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6439] close(5 [pid 6445] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6439] <... close resumed>) = 0 [pid 6439] close(4 [pid 6424] <... write resumed>) = 16777216 [pid 6424] munmap(0x7fb775000000, 138412032 [pid 6447] <... mount resumed>) = 0 [pid 6447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6447] chdir("./file0") = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6447] ioctl(4, LOOP_CLR_FD) = 0 [pid 6447] close(4) = 0 [pid 6447] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6447] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6446] <... futex resumed>) = 0 [pid 6447] memfd_create("syzkaller", 0 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6447] <... memfd_create resumed>) = 4 [pid 6447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6424] <... munmap resumed>) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6424] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6424] ioctl(5, LOOP_CLR_FD) = 0 [pid 6424] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6424] close(5) = 0 [pid 6424] close(4 [pid 6439] <... close resumed>) = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6439] rename("./file1", "./file0/file0" [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... rename resumed>) = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] mkdir(".", 0777) = -1 EEXIST (File exists) [ 82.552066][ T6439] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6439] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 82.592337][ T6439] BTRFS info (device loop3 state M): setting nodatasum [ 82.622842][ T6439] BTRFS info (device loop3 state M): setting nodatasum [ 82.629743][ T6439] BTRFS info (device loop3 state M): turning off barriers [ 82.671611][ T6439] BTRFS info (device loop3 state M): turning on flush-on-commit [ 82.701170][ T6439] BTRFS info (device loop3 state M): force clearing of disk cache [pid 6506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6447] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6424] <... close resumed>) = 0 [pid 6439] <... mount resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [pid 6424] rename("./file1", "./file0/file0" [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6439] chdir(".") = 0 [pid 6439] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6424] <... rename resumed>) = 0 [pid 6439] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] exit_group(0 [pid 6439] <... futex resumed>) = ? [pid 6426] <... exit_group resumed>) = ? [pid 6439] +++ exited with 0 +++ [pid 6426] +++ exited with 0 +++ [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6426, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=59 /* 0.59 s */} --- [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6445] <... write resumed>) = 16777216 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [ 82.720960][ T6439] BTRFS info (device loop3 state M): doing ref verification [ 82.741988][ T6439] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6423] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 6424] mkdir(".", 0777 [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6424] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5832] newfstatat(AT_FDCWD, "./6/binderfs", [pid 6424] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./6/binderfs") = 0 [pid 5832] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6445] munmap(0x7fb775000000, 138412032) = 0 [ 82.822239][ T5832] BTRFS info (device loop3): last unmount of filesystem fac6dbd3-43d0-414d-a936-641c86a7f406 [ 82.852143][ T6424] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 6445] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6445] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] ioctl(5, LOOP_CLR_FD) = 0 [ 82.876723][ T6424] BTRFS info (device loop4 state M): setting nodatasum [ 82.891732][ T6424] BTRFS info (device loop4 state M): setting nodatasum [ 82.899165][ T6424] BTRFS info (device loop4 state M): turning off barriers [ 82.916281][ T6424] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 6445] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] close(5) = 0 [pid 6445] close(4 [pid 6424] <... mount resumed>) = 0 [pid 6424] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6424] chdir(".") = 0 [pid 6424] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] exit_group(0 [pid 6424] <... futex resumed>) = ? [pid 6423] <... exit_group resumed>) = ? [pid 6424] +++ exited with 0 +++ [pid 6423] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6423, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=66 /* 0.66 s */} --- [ 82.938389][ T6424] BTRFS info (device loop4 state M): force clearing of disk cache [ 82.951312][ T6424] BTRFS info (device loop4 state M): doing ref verification [ 82.960505][ T6424] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./6/binderfs") = 0 [ 83.088332][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6506] <... write resumed>) = 16777216 [pid 6447] <... write resumed>) = 16777216 [pid 6506] munmap(0x7fb775000000, 138412032 [pid 6447] munmap(0x7fb775000000, 138412032 [pid 6506] <... munmap resumed>) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6506] ioctl(4, LOOP_SET_FD, 3 [pid 6447] <... munmap resumed>) = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6445] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6506] <... ioctl resumed>) = 0 [pid 6447] <... openat resumed>) = 5 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] close(3) = 0 [pid 6506] close(4) = 0 [pid 6506] mkdir("./file0", 0777 [pid 6447] ioctl(5, LOOP_SET_FD, 4 [pid 6445] <... futex resumed>) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6506] <... mkdir resumed>) = 0 [pid 6506] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 83.232809][ T6506] loop2: detected capacity change from 0 to 32768 [pid 6445] rename("./file1", "./file0/file0" [pid 6447] ioctl(5, LOOP_CLR_FD [pid 5832] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6447] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6447] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6447] close(5 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6447] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6447] close(4 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 6445] <... rename resumed>) = 0 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 6445] <... futex resumed>) = 1 [pid 6445] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6444] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 6445] <... futex resumed>) = 0 [pid 6444] <... futex resumed>) = 1 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6445] mkdir(".", 0777 [pid 6444] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] close(4 [pid 6445] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5832] <... close resumed>) = 0 [pid 6445] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 83.291069][ T6506] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6506) [pid 5832] rmdir("./6/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./6") = 0 [pid 5832] mkdir("./7", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6518 ./strace-static-x86_64: Process 6518 attached [pid 6518] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6518] chdir("./7") = 0 [pid 6518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6518] setpgid(0, 0) = 0 [pid 6518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6518] write(3, "1000", 4) = 4 [pid 6518] close(3) = 0 [pid 6518] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6518] write(1, "executing program\n", 18) = 18 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6518] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6518] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [ 83.365442][ T6506] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 83.380475][ T6445] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 83.400847][ T6506] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 6518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6519]}, 88) = 6519 [pid 6518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6519 attached ) = 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6519] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6519] memfd_create("syzkaller", 0) = 3 [pid 6519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 83.438682][ T6506] BTRFS info (device loop2): using free-space-tree [ 83.472367][ T6445] BTRFS info (device loop1 state M): setting nodatasum [ 83.480953][ T6445] BTRFS info (device loop1 state M): setting nodatasum [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 83.489429][ T6445] BTRFS info (device loop1 state M): turning off barriers [ 83.498629][ T6445] BTRFS info (device loop1 state M): turning on flush-on-commit [ 83.519468][ T6445] BTRFS info (device loop1 state M): force clearing of disk cache [pid 5833] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./6/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 6506] <... mount resumed>) = 0 [pid 5833] <... close resumed>) = 0 [ 83.537697][ T6445] BTRFS info (device loop1 state M): doing ref verification [pid 5833] rmdir("./6" [pid 6506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] <... mount resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 6445] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5833] mkdir("./7", 0777 [pid 6506] chdir("./file0" [pid 6445] <... openat resumed>) = 4 [pid 5833] <... mkdir resumed>) = 0 [pid 6506] <... chdir resumed>) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6506] ioctl(4, LOOP_CLR_FD) = 0 [pid 6506] close(4) = 0 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] memfd_create("syzkaller", 0 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6506] <... memfd_create resumed>) = 4 [pid 6506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6445] chdir("." [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6445] <... chdir resumed>) = 0 [pid 6445] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6444] exit_group(0 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6537 [pid 6444] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6537 attached [pid 6447] <... close resumed>) = 0 [ 83.572086][ T6445] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6537] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6537] chdir("./7" [pid 6447] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... chdir resumed>) = 0 [pid 6446] <... futex resumed>) = 0 [pid 6445] +++ exited with 0 +++ [pid 6444] +++ exited with 0 +++ [pid 6537] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6447] <... futex resumed>) = 1 [pid 6446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6444, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=61 /* 0.61 s */} --- [pid 6537] <... prctl resumed>) = 0 [pid 6447] rename("./file1", "./file0/file0" [pid 6446] <... futex resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6537] setpgid(0, 0) = 0 [pid 6446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... restart_syscall resumed>) = 0 [pid 6537] <... openat resumed>) = 3 [pid 5830] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6537] write(3, "1000", 4 [pid 5830] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6537] <... write resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 6537] close(3 [pid 5830] newfstatat(3, "", [pid 6537] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6537] symlink("/dev/binderfs", "./binderfs" [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./6/binderfs") = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6537] <... symlink resumed>) = 0 [pid 6537] write(1, "executing program\n", 18) = 18 [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6537] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6447] <... rename resumed>) = 0 [pid 6446] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [pid 6447] <... futex resumed>) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6447] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6446] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6446] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 6538 attached [pid 6537] <... clone3 resumed> => {parent_tid=[6538]}, 88) = 6538 [pid 6446] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6538] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6446] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6538] <... rseq resumed>) = 0 [pid 6446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 6538] set_robust_list(0x7fb77d6019a0, 24./strace-static-x86_64: Process 6539 attached ) = 0 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6539] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 6538] rt_sigprocmask(SIG_SETMASK, [], [pid 6446] <... clone3 resumed> => {parent_tid=[6539]}, 88) = 6539 [pid 6539] <... rseq resumed>) = 0 [pid 6538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] rt_sigprocmask(SIG_SETMASK, [], [pid 6539] set_robust_list(0x7fb77d5e09a0, 24 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6539] <... set_robust_list resumed>) = 0 [pid 6446] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6539] rt_sigprocmask(SIG_SETMASK, [], [pid 6446] <... futex resumed>) = 0 [pid 6539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6539] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6539] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6538] memfd_create("syzkaller", 0) = 3 [ 83.697679][ T5830] BTRFS info (device loop1): last unmount of filesystem 5a10da71-4767-4993-8a7d-2fc289cae8a7 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 83.749324][ T6539] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 83.784006][ T6539] BTRFS info (device loop0 state M): setting nodatasum [ 83.805501][ T6539] BTRFS info (device loop0 state M): setting nodatasum [ 83.851674][ T6539] BTRFS info (device loop0 state M): turning off barriers [ 83.858837][ T6539] BTRFS info (device loop0 state M): turning on flush-on-commit [ 83.921926][ T6539] BTRFS info (device loop0 state M): force clearing of disk cache [ 83.958435][ T6539] BTRFS info (device loop0 state M): doing ref verification [pid 6519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6539] <... mount resumed>) = 0 [pid 6539] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6539] chdir(".") = 0 [pid 6539] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6539] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] exit_group(0 [pid 6539] <... futex resumed>) = ? [pid 6447] <... futex resumed>) = ? [pid 6446] <... exit_group resumed>) = ? [pid 6539] +++ exited with 0 +++ [pid 6447] +++ exited with 0 +++ [pid 6446] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6446, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 5829] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6506] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.985637][ T6539] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 5829] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./6/binderfs") = 0 [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 84.043246][ T5829] BTRFS info (device loop0): last unmount of filesystem 8f998d4c-990f-4b3c-a995-273645222cad [pid 6538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./6/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./6") = 0 [pid 5830] mkdir("./7", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6519] <... write resumed>) = 16777216 [pid 6519] munmap(0x7fb775000000, 138412032 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6540 attached , child_tidptr=0x55558bffa690) = 6540 [pid 6540] set_robust_list(0x55558bffa6a0, 24 [pid 6519] <... munmap resumed>) = 0 [pid 6540] <... set_robust_list resumed>) = 0 [pid 6540] chdir("./7") = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6519] <... openat resumed>) = 4 [pid 6540] setpgid(0, 0 [pid 6519] ioctl(4, LOOP_SET_FD, 3 [pid 6540] <... setpgid resumed>) = 0 [pid 6540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6519] <... ioctl resumed>) = 0 [pid 6540] write(3, "1000", 4 [pid 6519] close(3 [pid 6540] <... write resumed>) = 4 [pid 6519] <... close resumed>) = 0 [pid 6540] close(3 [pid 6519] close(4 [pid 6540] <... close resumed>) = 0 [pid 6519] <... close resumed>) = 0 [pid 6540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6519] mkdir("./file0", 0777 [pid 6540] write(1, "executing program\n", 18executing program [pid 6519] <... mkdir resumed>) = 0 [pid 6540] <... write resumed>) = 18 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6540] <... futex resumed>) = 0 [pid 6540] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6540] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 84.250175][ T6519] loop3: detected capacity change from 0 to 32768 [ 84.281738][ T6519] BTRFS: device /dev/loop3 (7:3) using temp-fsid f9b3b2d1-15d7-434b-aa0b-6866d873c4ba [pid 6540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6541 attached [pid 6541] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6540] <... clone3 resumed> => {parent_tid=[6541]}, 88) = 6541 [pid 6541] <... rseq resumed>) = 0 [pid 6540] rt_sigprocmask(SIG_SETMASK, [], [pid 6541] set_robust_list(0x7fb77d6019a0, 24 [pid 6540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6541] <... set_robust_list resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] memfd_create("syzkaller", 0) = 3 [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 84.303887][ T6519] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6519) [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./6/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./6") = 0 [pid 5829] mkdir("./7", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6543 ./strace-static-x86_64: Process 6543 attached [pid 6543] set_robust_list(0x55558bffa6a0, 24) = 0 [ 84.375335][ T6519] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 84.411865][ T6519] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6543] chdir("./7") = 0 [pid 6543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6543] setpgid(0, 0) = 0 [pid 6543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6543] write(3, "1000", 4) = 4 [pid 6543] close(3) = 0 [pid 6543] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6543] write(1, "executing program\n", 18) = 18 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6543] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6544 attached [pid 6544] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6543] <... clone3 resumed> => {parent_tid=[6544]}, 88) = 6544 [pid 6544] <... rseq resumed>) = 0 [pid 6543] rt_sigprocmask(SIG_SETMASK, [], [pid 6544] set_robust_list(0x7fb77d6019a0, 24 [pid 6543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6506] <... write resumed>) = 16777216 [pid 6544] <... set_robust_list resumed>) = 0 [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] rt_sigprocmask(SIG_SETMASK, [], [pid 6543] <... futex resumed>) = 0 [pid 6544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] memfd_create("syzkaller", 0 [pid 6506] munmap(0x7fb775000000, 138412032 [pid 6544] <... memfd_create resumed>) = 3 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 84.421086][ T6519] BTRFS info (device loop3): using free-space-tree [pid 6506] <... munmap resumed>) = 0 [pid 6506] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6506] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6506] ioctl(5, LOOP_CLR_FD) = 0 [pid 6506] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6506] close(5) = 0 [pid 6506] close(4 [pid 6538] <... write resumed>) = 16777216 [pid 6538] munmap(0x7fb775000000, 138412032) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6538] close(3) = 0 [pid 6538] close(4) = 0 [pid 6538] mkdir("./file0", 0777) = 0 [ 84.583624][ T6538] loop4: detected capacity change from 0 to 32768 [ 84.632382][ T6538] BTRFS: device /dev/loop4 (7:4) using temp-fsid 1034d870-7657-47b0-80a7-f39252052cc5 [ 84.644064][ T6538] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6538) [pid 6538] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6519] <... mount resumed>) = 0 [pid 6519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6519] chdir("./file0") = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6519] ioctl(4, LOOP_CLR_FD) = 0 [ 84.676797][ T6538] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 84.691717][ T6538] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 84.700519][ T6538] BTRFS info (device loop4): using free-space-tree [pid 6519] close(4) = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6519] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6506] <... close resumed>) = 0 [pid 6519] <... futex resumed>) = 0 [pid 6519] memfd_create("syzkaller", 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] <... memfd_create resumed>) = 4 [pid 6519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6506] rename("./file1", "./file0/file0" [pid 6541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6506] <... rename resumed>) = 0 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] mkdir(".", 0777 [pid 6499] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6506] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6506] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 84.848443][ T6506] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 84.862084][ T6506] BTRFS info (device loop2 state M): setting nodatasum [ 84.869351][ T6506] BTRFS info (device loop2 state M): setting nodatasum [ 84.877605][ T6506] BTRFS info (device loop2 state M): turning off barriers [ 84.885111][ T6506] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6538] <... mount resumed>) = 0 [pid 6538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6506] <... mount resumed>) = 0 [pid 6538] <... openat resumed>) = 3 [pid 6506] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6538] chdir("./file0" [pid 6506] <... openat resumed>) = 4 [pid 6538] <... chdir resumed>) = 0 [pid 6506] chdir("." [pid 6538] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6506] <... chdir resumed>) = 0 [pid 6506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... openat resumed>) = 4 [pid 6506] <... futex resumed>) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6538] ioctl(4, LOOP_CLR_FD) = 0 [pid 6538] close(4 [pid 6506] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6499] exit_group(0) = ? [pid 6506] <... futex resumed>) = ? [pid 6538] <... close resumed>) = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6506] +++ exited with 0 +++ [pid 6499] +++ exited with 0 +++ [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6499, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=56 /* 0.56 s */} --- [pid 6538] memfd_create("syzkaller", 0 [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6538] <... memfd_create resumed>) = 4 [pid 5831] <... restart_syscall resumed>) = 0 [ 84.893178][ T6506] BTRFS info (device loop2 state M): force clearing of disk cache [ 84.901008][ T6506] BTRFS info (device loop2 state M): doing ref verification [ 84.908864][ T6506] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./7/binderfs") = 0 [ 85.033396][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6519] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6538] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6541] <... write resumed>) = 16777216 [pid 6541] munmap(0x7fb775000000, 138412032) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6544] <... write resumed>) = 16777216 [pid 6541] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./7/file0", [pid 6544] munmap(0x7fb775000000, 138412032 [pid 6541] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6541] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 6541] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./7/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./7") = 0 [pid 5831] mkdir("./8", 0777 [pid 6544] <... munmap resumed>) = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6541] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 6544] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6544] ioctl(4, LOOP_SET_FD, 3 [pid 6541] <... close resumed>) = 0 [pid 6541] close(4 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6578 attached , child_tidptr=0x55558bffa690) = 6578 [pid 6578] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6578] chdir("./8" [pid 6541] <... close resumed>) = 0 [pid 6578] <... chdir resumed>) = 0 [pid 6578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] setpgid(0, 0) = 0 [pid 6578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6578] write(3, "1000", 4) = 4 [pid 6541] mkdir("./file0", 0777 [pid 6578] close(3) = 0 [pid 6578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6541] <... mkdir resumed>) = 0 [ 85.434832][ T6541] loop1: detected capacity change from 0 to 32768 [ 85.459781][ T6544] loop0: detected capacity change from 0 to 32768 [pid 6541] mount("/dev/loop1", "./file0", "btrfs", 0, ""executing program [pid 6578] write(1, "executing program\n", 18) = 18 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6578] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6579 attached => {parent_tid=[6579]}, 88) = 6579 [pid 6578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6579] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6579] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6579] memfd_create("syzkaller", 0) = 3 [pid 6579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6544] <... ioctl resumed>) = 0 [pid 6544] close(3) = 0 [pid 6544] close(4) = 0 [ 85.476423][ T6541] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6541) [pid 6544] mkdir("./file0", 0777) = 0 [ 85.523490][ T6544] BTRFS: device /dev/loop0 (7:0) using temp-fsid 75e8d51c-39f9-4f9b-bf54-f5dc5fab07cc [ 85.540839][ T6541] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 85.561670][ T6544] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6544) [ 85.582049][ T6541] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 85.590821][ T6541] BTRFS info (device loop1): using free-space-tree [pid 6544] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6519] <... write resumed>) = 16777216 [pid 6519] munmap(0x7fb775000000, 138412032) = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6519] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6519] ioctl(5, LOOP_CLR_FD) = 0 [pid 6538] <... write resumed>) = 16777216 [ 85.621627][ T6544] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 85.643674][ T6544] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 85.661880][ T6544] BTRFS info (device loop0): using free-space-tree [pid 6519] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6519] close(5 [pid 6538] munmap(0x7fb775000000, 138412032 [pid 6519] <... close resumed>) = 0 [pid 6538] <... munmap resumed>) = 0 [pid 6519] close(4 [pid 6538] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6538] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6538] ioctl(5, LOOP_CLR_FD) = 0 [pid 6538] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6538] close(5) = 0 [pid 6538] close(4 [pid 6541] <... mount resumed>) = 0 [pid 6541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6541] chdir("./file0") = 0 [pid 6541] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6541] ioctl(4, LOOP_CLR_FD) = 0 [pid 6541] close(4) = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6541] <... futex resumed>) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] memfd_create("syzkaller", 0) = 4 [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6544] <... mount resumed>) = 0 [pid 6544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6544] chdir("./file0") = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6544] ioctl(4, LOOP_CLR_FD) = 0 [pid 6544] close(4) = 0 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6544] memfd_create("syzkaller", 0 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] <... memfd_create resumed>) = 4 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6519] <... close resumed>) = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] rename("./file1", "./file0/file0" [pid 6538] <... close resumed>) = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6519] <... rename resumed>) = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6518] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] mkdir(".", 0777 [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] rename("./file1", "./file0/file0" [pid 6519] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... rename resumed>) = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6538] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 86.262826][ T6519] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 86.286919][ T6538] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 86.298399][ T6519] BTRFS info (device loop3 state M): setting nodatasum [ 86.298424][ T6519] BTRFS info (device loop3 state M): setting nodatasum [pid 6537] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6579] <... write resumed>) = 16777216 [pid 6544] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6541] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6519] <... mount resumed>) = 0 [pid 6579] munmap(0x7fb775000000, 138412032 [pid 6519] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6519] chdir(".") = 0 [pid 6519] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6518] exit_group(0) = ? [ 86.298440][ T6519] BTRFS info (device loop3 state M): turning off barriers [ 86.298456][ T6519] BTRFS info (device loop3 state M): turning on flush-on-commit [ 86.298472][ T6519] BTRFS info (device loop3 state M): force clearing of disk cache [ 86.298488][ T6519] BTRFS info (device loop3 state M): doing ref verification [ 86.298510][ T6519] BTRFS info (device loop3 state M): max_inline set to 26856 [ 86.351208][ T6538] BTRFS info (device loop4 state M): setting nodatasum [pid 6519] +++ exited with 0 +++ [pid 6518] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6518, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=48 /* 0.48 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6579] <... munmap resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./7/binderfs", [pid 6579] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6579] <... openat resumed>) = 4 [pid 5832] unlink("./7/binderfs" [pid 6579] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... unlink resumed>) = 0 [ 86.360106][ T6538] BTRFS info (device loop4 state M): setting nodatasum [ 86.367847][ T6538] BTRFS info (device loop4 state M): turning off barriers [ 86.376220][ T6538] BTRFS info (device loop4 state M): turning on flush-on-commit [ 86.387814][ T6579] loop2: detected capacity change from 0 to 32768 [ 86.388023][ T5832] BTRFS info (device loop3): last unmount of filesystem f9b3b2d1-15d7-434b-aa0b-6866d873c4ba [pid 5832] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] <... ioctl resumed>) = 0 [pid 6579] close(3) = 0 [pid 6579] close(4) = 0 [pid 6579] mkdir("./file0", 0777) = 0 [pid 6579] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6538] <... mount resumed>) = 0 [pid 6538] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6538] chdir(".") = 0 [pid 6538] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] exit_group(0) = ? [ 86.411732][ T6538] BTRFS info (device loop4 state M): force clearing of disk cache [ 86.420381][ T6538] BTRFS info (device loop4 state M): doing ref verification [ 86.431711][ T6579] BTRFS: device /dev/loop2 (7:2) using temp-fsid f252c591-7221-4e6d-bae9-d28e10e45246 [ 86.441731][ T6538] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6538] +++ exited with 0 +++ [pid 6537] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6537, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=68 /* 0.68 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./7/binderfs") = 0 [ 86.460186][ T6579] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6579) [ 86.511625][ T5833] BTRFS info (device loop4): last unmount of filesystem 1034d870-7657-47b0-80a7-f39252052cc5 [ 86.538685][ T6579] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 86.603719][ T6579] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 86.637741][ T6579] BTRFS info (device loop2): using free-space-tree [pid 5833] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6544] <... write resumed>) = 16777216 [pid 6544] munmap(0x7fb775000000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6544] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] getdents64(4, [pid 6544] <... openat resumed>) = 5 [pid 6544] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6544] ioctl(5, LOOP_CLR_FD) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./7/file0" [pid 6544] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6544] close(5) = 0 [pid 6544] close(4 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./7") = 0 [pid 5832] mkdir("./8", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6630 ./strace-static-x86_64: Process 6630 attached [pid 6579] <... mount resumed>) = 0 [pid 6579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6630] set_robust_list(0x55558bffa6a0, 24 [pid 6579] <... openat resumed>) = 3 [pid 6630] <... set_robust_list resumed>) = 0 [pid 6579] chdir("./file0" [pid 6630] chdir("./8" [pid 6579] <... chdir resumed>) = 0 [pid 6630] <... chdir resumed>) = 0 [pid 6579] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6630] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6579] <... openat resumed>) = 4 [pid 6630] <... prctl resumed>) = 0 [pid 6579] ioctl(4, LOOP_CLR_FD [pid 6630] setpgid(0, 0 [pid 6579] <... ioctl resumed>) = 0 [pid 6630] <... setpgid resumed>) = 0 [pid 6579] close(4) = 0 [pid 6630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... openat resumed>) = 3 [pid 6579] memfd_create("syzkaller", 0 [pid 6578] <... futex resumed>) = 0 [pid 6630] write(3, "1000", 4 [pid 6579] <... memfd_create resumed>) = 4 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6630] <... write resumed>) = 4 [pid 6541] <... write resumed>) = 16777216 executing program [pid 6541] munmap(0x7fb775000000, 138412032 [pid 6630] close(3) = 0 [pid 6630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6630] write(1, "executing program\n", 18) = 18 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6630] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6630] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6632]}, 88) = 6632 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], [pid 6541] <... munmap resumed>) = 0 [pid 6630] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6632 attached [pid 6630] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6541] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6541] ioctl(5, LOOP_CLR_FD) = 0 [pid 6632] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6541] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6541] close(5) = 0 [pid 6541] close(4 [pid 6632] <... rseq resumed>) = 0 [pid 6632] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5833] <... umount2 resumed>) = 0 [pid 6632] memfd_create("syzkaller", 0 [pid 5833] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6632] <... memfd_create resumed>) = 3 [pid 5833] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6632] <... mmap resumed>) = 0x7fb775000000 [pid 5833] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./7/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./7") = 0 [pid 5833] mkdir("./8", 0777) = 0 [pid 6544] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6544] <... futex resumed>) = 1 [pid 6543] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6634 attached [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] rename("./file1", "./file0/file0" [pid 6634] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6634 [pid 6544] <... rename resumed>) = 0 [pid 6634] <... set_robust_list resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] chdir("./8" [pid 6544] <... futex resumed>) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6634] <... chdir resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6544] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6543] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6634] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6541] <... close resumed>) = 0 [pid 6634] <... prctl resumed>) = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] rename("./file1", "./file0/file0" [pid 6634] setpgid(0, 0 [pid 6579] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6634] <... setpgid resumed>) = 0 [pid 6541] <... rename resumed>) = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] <... futex resumed>) = 1 [pid 6541] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6541] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6634] write(3, "1000", 4) = 4 [pid 6634] close(3) = 0 [ 87.210475][ T6544] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 87.239594][ T6544] BTRFS info (device loop0 state M): setting nodatasum [pid 6634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6634] write(1, "executing program\n", 18executing program ) = 18 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6634] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6635]}, 88) = 6635 [pid 6634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6635 attached [pid 6635] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6635] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6635] memfd_create("syzkaller", 0) = 3 [pid 6635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 87.259195][ T6544] BTRFS info (device loop0 state M): setting nodatasum [ 87.268934][ T6541] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 87.277587][ T6544] BTRFS info (device loop0 state M): turning off barriers [ 87.311764][ T6541] BTRFS info (device loop1 state M): setting nodatasum [ 87.318941][ T6541] BTRFS info (device loop1 state M): setting nodatasum [ 87.331601][ T6544] BTRFS info (device loop0 state M): turning on flush-on-commit [ 87.351602][ T6541] BTRFS info (device loop1 state M): turning off barriers [ 87.365303][ T6544] BTRFS info (device loop0 state M): force clearing of disk cache [ 87.369858][ T6541] BTRFS info (device loop1 state M): turning on flush-on-commit [ 87.384798][ T6544] BTRFS info (device loop0 state M): doing ref verification [ 87.401894][ T6544] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6544] <... mount resumed>) = 0 [pid 6544] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6544] chdir(".") = 0 [pid 6544] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] exit_group(0) = ? [pid 6544] <... futex resumed>) = ? [pid 6544] +++ exited with 0 +++ [pid 6543] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6543, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=71 /* 0.71 s */} --- [pid 5829] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./7/binderfs") = 0 [ 87.403584][ T6541] BTRFS info (device loop1 state M): force clearing of disk cache [ 87.449385][ T5829] BTRFS info (device loop0): last unmount of filesystem 75e8d51c-39f9-4f9b-bf54-f5dc5fab07cc [ 87.451707][ T6541] BTRFS info (device loop1 state M): doing ref verification [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6541] <... mount resumed>) = 0 [pid 6541] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6541] chdir(".") = 0 [pid 6541] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6540] exit_group(0) = ? [pid 6541] +++ exited with 0 +++ [pid 6540] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6540, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=59 /* 0.59 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 87.531930][ T6541] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./7/binderfs") = 0 [ 87.596537][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] <... write resumed>) = 16777216 [pid 6579] munmap(0x7fb775000000, 138412032 [pid 6632] <... write resumed>) = 16777216 [pid 6632] munmap(0x7fb775000000, 138412032) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6579] <... munmap resumed>) = 0 [pid 6579] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6579] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6579] ioctl(5, LOOP_CLR_FD) = 0 [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./7/file0", [pid 6579] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6579] close(5) = 0 [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6632] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6632] <... openat resumed>) = 4 [pid 6632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6632] close(3 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6632] <... close resumed>) = 0 [pid 5829] getdents64(4, [pid 6632] close(4 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6632] <... close resumed>) = 0 [pid 5829] close(4 [pid 6632] mkdir("./file0", 0777) = 0 [pid 6632] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./7/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./7") = 0 [pid 5829] mkdir("./8", 0777) = 0 [ 87.773243][ T6632] loop3: detected capacity change from 0 to 32768 [ 87.806330][ T6632] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6632) [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6637 attached , child_tidptr=0x55558bffa690) = 6637 [pid 6637] set_robust_list(0x55558bffa6a0, 24) = 0 [ 87.858478][ T6632] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 87.892560][ T6632] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 6637] chdir("./8") = 0 [pid 6637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6637] setpgid(0, 0) = 0 [pid 6637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 87.915524][ T6632] BTRFS info (device loop3): using free-space-tree [pid 6637] write(3, "1000", 4 [pid 5830] <... umount2 resumed>) = 0 [pid 6637] <... write resumed>) = 4 [pid 6637] close(3) = 0 [pid 6637] symlink("/dev/binderfs", "./binderfs" [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6637] <... symlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6637] write(1, "executing program\n", 18) = 18 [pid 5830] newfstatat(AT_FDCWD, "./7/file0", [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6637] <... futex resumed>) = 0 [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6637] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6637] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5830] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] <... openat resumed>) = 4 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6637] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] newfstatat(4, "", [pid 6637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] getdents64(4, ./strace-static-x86_64: Process 6646 attached 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6637] <... clone3 resumed> => {parent_tid=[6646]}, 88) = 6646 [pid 6637] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] rmdir("./7/file0" [pid 6646] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rmdir resumed>) = 0 [pid 6646] <... rseq resumed>) = 0 [pid 6637] <... futex resumed>) = 0 [pid 6646] set_robust_list(0x7fb77d6019a0, 24 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 6646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] rmdir("./7" [pid 6646] memfd_create("syzkaller", 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6646] <... memfd_create resumed>) = 3 [pid 5830] mkdir("./8", 0777 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6579] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6652 attached [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6652 [pid 6652] set_robust_list(0x55558bffa6a0, 24 [pid 6579] <... futex resumed>) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6652] <... set_robust_list resumed>) = 0 [pid 6652] chdir("./8") = 0 [pid 6652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] setpgid(0, 0) = 0 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6579] rename("./file1", "./file0/file0" [pid 6652] <... openat resumed>) = 3 [pid 6652] write(3, "1000", 4) = 4 [pid 6652] close(3) = 0 [pid 6652] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6652] write(1, "executing program\n", 18) = 18 [pid 6579] <... rename resumed>) = 0 [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 0 [pid 6632] <... mount resumed>) = 0 [pid 6652] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6632] <... openat resumed>) = 3 [pid 6652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6632] chdir("./file0" [pid 6652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6632] <... chdir resumed>) = 0 [pid 6632] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6652] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6652] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6632] <... openat resumed>) = 4 [pid 6652] <... mprotect resumed>) = 0 [pid 6635] <... write resumed>) = 16777216 [pid 6632] ioctl(4, LOOP_CLR_FD [pid 6579] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6652] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6579] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6652] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6656 attached [pid 6656] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6632] <... ioctl resumed>) = 0 [pid 6632] close(4 [pid 6656] <... rseq resumed>) = 0 [pid 6652] <... clone3 resumed> => {parent_tid=[6656]}, 88) = 6656 [pid 6635] munmap(0x7fb775000000, 138412032 [pid 6656] set_robust_list(0x7fb77d6019a0, 24 [pid 6652] rt_sigprocmask(SIG_SETMASK, [], [pid 6656] <... set_robust_list resumed>) = 0 [pid 6652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6656] rt_sigprocmask(SIG_SETMASK, [], [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6652] <... futex resumed>) = 0 [pid 6656] memfd_create("syzkaller", 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6632] <... close resumed>) = 0 [pid 6635] <... munmap resumed>) = 0 [pid 6656] <... memfd_create resumed>) = 3 [pid 6635] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6635] <... openat resumed>) = 4 [pid 6632] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6635] ioctl(4, LOOP_SET_FD, 3 [pid 6632] memfd_create("syzkaller", 0 [pid 6630] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... memfd_create resumed>) = 4 [pid 6632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6656] <... mmap resumed>) = 0x7fb775000000 [ 88.175285][ T6579] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 88.188780][ T6579] BTRFS info (device loop2 state M): setting nodatasum [ 88.196852][ T6635] loop4: detected capacity change from 0 to 32768 [ 88.212915][ T6579] BTRFS info (device loop2 state M): setting nodatasum [pid 6635] <... ioctl resumed>) = 0 [pid 6635] close(3) = 0 [pid 6635] close(4) = 0 [pid 6635] mkdir("./file0", 0777) = 0 [ 88.219895][ T6579] BTRFS info (device loop2 state M): turning off barriers [ 88.241901][ T6579] BTRFS info (device loop2 state M): turning on flush-on-commit [ 88.275158][ T6635] BTRFS: device /dev/loop4 (7:4) using temp-fsid d283dade-a00b-4d9c-9a9e-6d65c4c693bd [ 88.275478][ T6579] BTRFS info (device loop2 state M): force clearing of disk cache [ 88.304413][ T6635] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6635) [ 88.336479][ T6579] BTRFS info (device loop2 state M): doing ref verification [ 88.359154][ T6635] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 88.369427][ T6579] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6635] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6579] <... mount resumed>) = 0 [pid 6579] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6579] chdir(".") = 0 [pid 6579] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6579] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] exit_group(0 [pid 6579] <... futex resumed>) = ? [pid 6578] <... exit_group resumed>) = ? [pid 6579] +++ exited with 0 +++ [pid 6578] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6578, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=69 /* 0.69 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 88.391794][ T6635] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 88.422539][ T6635] BTRFS info (device loop4): using free-space-tree [pid 5831] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./8/binderfs") = 0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 88.497902][ T5831] BTRFS info (device loop2): last unmount of filesystem f252c591-7221-4e6d-bae9-d28e10e45246 [pid 6632] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6635] <... mount resumed>) = 0 [pid 6635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6635] chdir("./file0") = 0 [pid 6635] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6635] ioctl(4, LOOP_CLR_FD) = 0 [pid 6635] close(4) = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6646] <... write resumed>) = 16777216 [pid 6635] memfd_create("syzkaller", 0 [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... memfd_create resumed>) = 4 [pid 6634] <... futex resumed>) = 0 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] munmap(0x7fb775000000, 138412032 [pid 6635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6646] <... munmap resumed>) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6646] close(3) = 0 [ 88.697317][ T6646] loop0: detected capacity change from 0 to 32768 [pid 6646] close(4) = 0 [pid 6646] mkdir("./file0", 0777) = 0 [pid 6646] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [ 88.790382][ T6646] BTRFS: device /dev/loop0 (7:0) using temp-fsid bd58b99e-68a2-4a27-a65f-0abfe21a7da0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [ 88.829436][ T6646] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6646) [pid 5831] rmdir("./8/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./8") = 0 [ 88.874326][ T6646] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 88.891702][ T6646] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6632] <... write resumed>) = 16777216 [pid 5831] mkdir("./9", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 6632] munmap(0x7fb775000000, 138412032 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6635] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6674 ./strace-static-x86_64: Process 6674 attached [pid 6656] <... write resumed>) = 16777216 [pid 6674] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6674] chdir("./9") = 0 [pid 6674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6674] setpgid(0, 0) = 0 [pid 6674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6674] write(3, "1000", 4) = 4 [pid 6674] close(3) = 0 [pid 6674] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6674] write(1, "executing program\n", 18) = 18 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.921186][ T6646] BTRFS info (device loop0): using free-space-tree [pid 6674] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6632] <... munmap resumed>) = 0 [pid 6674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6656] munmap(0x7fb775000000, 138412032 [pid 6632] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6632] <... openat resumed>) = 5 [pid 6674] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6632] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6674] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6632] ioctl(5, LOOP_CLR_FD [pid 6674] <... mprotect resumed>) = 0 [pid 6632] <... ioctl resumed>) = 0 [pid 6674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6632] ioctl(5, LOOP_SET_FD, 4 [pid 6674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6632] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6685 attached [pid 6632] close(5 [pid 6674] <... clone3 resumed> => {parent_tid=[6685]}, 88) = 6685 [pid 6632] <... close resumed>) = 0 [pid 6674] rt_sigprocmask(SIG_SETMASK, [], [pid 6632] close(4 [pid 6685] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6656] <... munmap resumed>) = 0 [pid 6685] <... rseq resumed>) = 0 [pid 6685] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6685] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = 0 [pid 6674] <... futex resumed>) = 1 [pid 6685] memfd_create("syzkaller", 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] <... memfd_create resumed>) = 3 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6656] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6656] close(3 [pid 6646] <... mount resumed>) = 0 [pid 6656] <... close resumed>) = 0 [pid 6656] close(4 [pid 6646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6656] <... close resumed>) = 0 [pid 6646] <... openat resumed>) = 3 [pid 6646] chdir("./file0" [pid 6656] mkdir("./file0", 0777 [pid 6646] <... chdir resumed>) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6656] <... mkdir resumed>) = 0 [pid 6646] <... openat resumed>) = 4 [pid 6656] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6646] ioctl(4, LOOP_CLR_FD) = 0 [pid 6646] close(4) = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6637] <... futex resumed>) = 0 [ 89.044420][ T6656] loop1: detected capacity change from 0 to 32768 [ 89.084306][ T6656] BTRFS: device /dev/loop1 (7:1) using temp-fsid 9ce82430-3ce2-48f2-bce3-1609cf35cdba [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... futex resumed>) = 0 [pid 6637] <... futex resumed>) = 1 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] memfd_create("syzkaller", 0 [pid 6632] <... close resumed>) = 0 [pid 6646] <... memfd_create resumed>) = 4 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6632] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... mmap resumed>) = 0x7fb775000000 [pid 6632] <... futex resumed>) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6632] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 89.134136][ T6656] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6656) [pid 6632] rename("./file1", "./file0/file0" [pid 6630] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6632] <... rename resumed>) = 0 [pid 6630] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6632] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6630] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} [pid 6632] <... futex resumed>) = 0 [pid 6630] <... clone3 resumed> => {parent_tid=[6693]}, 88) = 6693 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6630] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6693 attached [pid 6630] <... futex resumed>) = 0 [ 89.174427][ T6656] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6630] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6693] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6693] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 6693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6693] mkdir(".", 0777) = -1 EEXIST (File exists) [ 89.252470][ T6656] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 89.261422][ T6656] BTRFS info (device loop1): using free-space-tree [ 89.291347][ T6693] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6693] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 89.352280][ T6693] BTRFS info (device loop3 state M): setting nodatasum [ 89.359200][ T6693] BTRFS info (device loop3 state M): setting nodatasum [pid 6646] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6635] <... write resumed>) = 16777216 [ 89.421229][ T6693] BTRFS info (device loop3 state M): turning off barriers [ 89.439539][ T6693] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 6635] munmap(0x7fb775000000, 138412032) = 0 [pid 6635] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6635] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6635] ioctl(5, LOOP_CLR_FD) = 0 [pid 6656] <... mount resumed>) = 0 [pid 6656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6635] ioctl(5, LOOP_SET_FD, 4 [pid 6656] chdir("./file0") = 0 [pid 6635] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6635] close(5 [pid 6656] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6635] <... close resumed>) = 0 [pid 6656] <... openat resumed>) = 4 [pid 6635] close(4 [pid 6656] ioctl(4, LOOP_CLR_FD) = 0 [pid 6656] close(4) = 0 [ 89.493202][ T6693] BTRFS info (device loop3 state M): force clearing of disk cache [ 89.534037][ T6693] BTRFS info (device loop3 state M): doing ref verification [ 89.541380][ T6693] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6656] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6652] <... futex resumed>) = 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6656] memfd_create("syzkaller", 0) = 4 [pid 6656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6693] <... mount resumed>) = 0 [pid 6693] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6693] chdir(".") = 0 [pid 6693] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6630] exit_group(0) = ? [pid 6632] <... futex resumed>) = ? [pid 6632] +++ exited with 0 +++ [pid 6693] +++ exited with 0 +++ [pid 6630] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6630, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=66 /* 0.66 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./8/binderfs") = 0 [pid 5832] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6646] <... write resumed>) = 16777216 [pid 6646] munmap(0x7fb775000000, 138412032) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6646] ioctl(5, LOOP_CLR_FD) = 0 [pid 6646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6646] close(5) = 0 [ 89.734004][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6646] close(4 [pid 6635] <... close resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6634] <... futex resumed>) = 0 [pid 6635] rename("./file1", "./file0/file0" [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... rename resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6635] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] <... futex resumed>) = 0 [pid 6635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6634] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] mkdir(".", 0777 [pid 6634] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6635] <... mkdir resumed>) = -1 EEXIST (File exists) [ 89.942076][ T6635] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 6635] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6656] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] <... write resumed>) = 16777216 [ 90.021649][ T6635] BTRFS info (device loop4 state M): setting nodatasum [ 90.028562][ T6635] BTRFS info (device loop4 state M): setting nodatasum [pid 6685] munmap(0x7fb775000000, 138412032) = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6685] ioctl(4, LOOP_SET_FD, 3 [pid 6646] <... close resumed>) = 0 [ 90.081657][ T6635] BTRFS info (device loop4 state M): turning off barriers [ 90.088817][ T6635] BTRFS info (device loop4 state M): turning on flush-on-commit [ 90.105531][ T6635] BTRFS info (device loop4 state M): force clearing of disk cache [ 90.114208][ T6635] BTRFS info (device loop4 state M): doing ref verification [pid 6685] <... ioctl resumed>) = 0 [pid 6685] close(3) = 0 [pid 6685] close(4) = 0 [pid 6685] mkdir("./file0", 0777) = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6646] <... futex resumed>) = 1 [pid 6637] <... futex resumed>) = 0 [pid 6646] rename("./file1", "./file0/file0" [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.131936][ T6685] loop2: detected capacity change from 0 to 32768 [ 90.166341][ T6635] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... mount resumed>) = 0 [pid 6635] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6635] chdir(".") = 0 [pid 6635] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6635] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] exit_group(0 [pid 6635] <... futex resumed>) = ? [pid 6634] <... exit_group resumed>) = ? [pid 6635] +++ exited with 0 +++ [pid 6634] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6634, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=61 /* 0.61 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 6646] <... rename resumed>) = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6637] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6646] <... futex resumed>) = 1 [pid 6637] <... futex resumed>) = 0 [pid 5833] newfstatat(3, "", [ 90.175081][ T6685] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6685) [pid 6637] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=46000000} [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6646] mkdir(".", 0777 [pid 5833] getdents64(3, [pid 6646] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6646] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./8/binderfs") = 0 [pid 5833] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.262723][ T6646] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 90.277229][ T6685] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 90.295066][ T5833] BTRFS info (device loop4): last unmount of filesystem d283dade-a00b-4d9c-9a9e-6d65c4c693bd [pid 5832] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./8/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./8") = 0 [pid 5832] mkdir("./9", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6712 ./strace-static-x86_64: Process 6712 attached [pid 6712] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6712] chdir("./9") = 0 [pid 6712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6712] setpgid(0, 0) = 0 [pid 6712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6712] write(3, "1000", 4) = 4 [pid 6712] close(3) = 0 [pid 6712] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6712] write(1, "executing program\n", 18) = 18 [ 90.306777][ T6646] BTRFS info (device loop0 state M): setting nodatasum [ 90.321985][ T6685] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 90.330674][ T6685] BTRFS info (device loop2): using free-space-tree [ 90.338136][ T6646] BTRFS info (device loop0 state M): setting nodatasum [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6712] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6714 attached => {parent_tid=[6714]}, 88) = 6714 [pid 6712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6714] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6714] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6714] memfd_create("syzkaller", 0) = 3 [pid 6714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 90.366275][ T6646] BTRFS info (device loop0 state M): turning off barriers [ 90.396655][ T6646] BTRFS info (device loop0 state M): turning on flush-on-commit [pid 6646] <... mount resumed>) = 0 [pid 6646] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6646] chdir(".") = 0 [pid 6646] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6637] <... futex resumed>) = 0 [pid 6637] exit_group(0 [pid 6646] <... futex resumed>) = ? [pid 6637] <... exit_group resumed>) = ? [ 90.432632][ T6646] BTRFS info (device loop0 state M): force clearing of disk cache [ 90.463778][ T6646] BTRFS info (device loop0 state M): doing ref verification [ 90.471119][ T6646] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6646] +++ exited with 0 +++ [pid 6637] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6637, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=62 /* 0.62 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./8/binderfs", [pid 6685] <... mount resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./8/binderfs" [pid 6685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] <... unlink resumed>) = 0 [pid 6685] chdir("./file0") = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6685] <... openat resumed>) = 4 [pid 6685] ioctl(4, LOOP_CLR_FD) = 0 [pid 6685] close(4) = 0 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] memfd_create("syzkaller", 0 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] <... memfd_create resumed>) = 4 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] <... mmap resumed>) = 0x7fb775000000 [ 90.565611][ T5829] BTRFS info (device loop0): last unmount of filesystem bd58b99e-68a2-4a27-a65f-0abfe21a7da0 [pid 6656] <... write resumed>) = 16777216 [pid 6656] munmap(0x7fb775000000, 138412032) = 0 [pid 6656] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6656] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6656] ioctl(5, LOOP_CLR_FD) = 0 [pid 6656] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6656] close(5) = 0 [pid 6656] close(4 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./8/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./8") = 0 [pid 5833] mkdir("./9", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6732 attached , child_tidptr=0x55558bffa690) = 6732 [pid 6732] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6732] chdir("./9") = 0 [pid 6732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6732] setpgid(0, 0) = 0 [pid 6732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6732] write(3, "1000", 4) = 4 [pid 6732] close(3) = 0 [pid 6732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6732] write(1, "executing program\n", 18) = 18 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6732] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6733 attached => {parent_tid=[6733]}, 88) = 6733 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6656] <... close resumed>) = 0 [pid 6733] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6733] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6656] <... futex resumed>) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6733] memfd_create("syzkaller", 0 [pid 6656] rename("./file1", "./file0/file0" [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... memfd_create resumed>) = 3 [pid 6652] <... futex resumed>) = 0 [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6656] <... rename resumed>) = 0 [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... mmap resumed>) = 0x7fb775000000 [pid 5829] <... umount2 resumed>) = 0 [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6656] mkdir(".", 0777 [pid 6652] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6652] <... futex resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6656] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6652] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] newfstatat(AT_FDCWD, "./8/file0", [pid 6685] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./8/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./8") = 0 [pid 5829] mkdir("./9", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6734 attached , child_tidptr=0x55558bffa690) = 6734 [pid 6734] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6734] chdir("./9") = 0 [pid 6734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6734] setpgid(0, 0) = 0 [pid 6734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6734] write(3, "1000", 4) = 4 [pid 6734] close(3) = 0 [pid 6734] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6734] write(1, "executing program\n", 18) = 18 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 91.082374][ T6656] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [pid 6734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6734] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6735 attached => {parent_tid=[6735]}, 88) = 6735 [pid 6734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6735] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6735] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6735] memfd_create("syzkaller", 0) = 3 [pid 6735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 91.123788][ T6656] BTRFS info (device loop1 state M): setting nodatasum [ 91.130743][ T6656] BTRFS info (device loop1 state M): setting nodatasum [pid 6714] <... write resumed>) = 16777216 [pid 6714] munmap(0x7fb775000000, 138412032) = 0 [pid 6714] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 91.181588][ T6656] BTRFS info (device loop1 state M): turning off barriers [ 91.188754][ T6656] BTRFS info (device loop1 state M): turning on flush-on-commit [ 91.202471][ T6714] loop3: detected capacity change from 0 to 32768 [pid 6714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6714] close(3) = 0 [pid 6714] close(4) = 0 [pid 6714] mkdir("./file0", 0777) = 0 [ 91.237316][ T6656] BTRFS info (device loop1 state M): force clearing of disk cache [ 91.241736][ T6714] BTRFS: device /dev/loop3 (7:3) using temp-fsid 0c4041f2-c097-476d-b4c5-ad88b5056669 [ 91.266049][ T6656] BTRFS info (device loop1 state M): doing ref verification [pid 6714] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6656] <... mount resumed>) = 0 [pid 6656] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6656] chdir(".") = 0 [pid 6656] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6656] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6652] exit_group(0 [pid 6656] <... futex resumed>) = ? [pid 6652] <... exit_group resumed>) = ? [pid 6656] +++ exited with 0 +++ [pid 6652] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6652, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=62 /* 0.62 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.276873][ T6714] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6714) [ 91.301491][ T6656] BTRFS info (device loop1 state M): max_inline set to 26856 [ 91.318115][ T6714] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./8/binderfs") = 0 [ 91.364542][ T6714] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 91.391698][ T6714] BTRFS info (device loop3): using free-space-tree [ 91.400834][ T5830] BTRFS info (device loop1): last unmount of filesystem 9ce82430-3ce2-48f2-bce3-1609cf35cdba [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6685] <... write resumed>) = 16777216 [pid 6685] munmap(0x7fb775000000, 138412032 [pid 6735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6685] <... munmap resumed>) = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6685] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6685] ioctl(5, LOOP_CLR_FD) = 0 [pid 6685] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6685] close(5) = 0 [pid 6685] close(4 [pid 6733] <... write resumed>) = 16777216 [pid 6733] munmap(0x7fb775000000, 138412032) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6714] <... mount resumed>) = 0 [pid 6733] close(3 [pid 6714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6733] <... close resumed>) = 0 [pid 6714] <... openat resumed>) = 3 [pid 6733] close(4 [pid 6714] chdir("./file0" [pid 6733] <... close resumed>) = 0 [pid 6733] mkdir("./file0", 0777 [pid 6714] <... chdir resumed>) = 0 [pid 6733] <... mkdir resumed>) = 0 [pid 6714] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6733] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 6714] <... openat resumed>) = 4 [pid 6714] ioctl(4, LOOP_CLR_FD) = 0 [pid 6714] close(4) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6712] <... futex resumed>) = 0 [pid 6714] memfd_create("syzkaller", 0 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6714] <... memfd_create resumed>) = 4 [pid 6714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 91.652421][ T6733] loop4: detected capacity change from 0 to 32768 [ 91.690088][ T6733] BTRFS: device /dev/loop4 (7:4) using temp-fsid d045321e-783a-4c1a-a85d-5b893220f93d [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./8/file0") = 0 [ 91.731707][ T6733] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6733) [pid 5830] getdents64(3, [pid 6685] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... close resumed>) = 0 [pid 6685] <... futex resumed>) = 1 [pid 6674] <... futex resumed>) = 0 [pid 5830] rmdir("./8" [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] rename("./file1", "./file0/file0" [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./9", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6685] <... rename resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [ 91.813128][ T6733] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6685] <... futex resumed>) = 1 [pid 6674] <... futex resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3 [pid 6674] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] mkdir(".", 0777 [pid 5830] <... close resumed>) = 0 [pid 6685] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6754 attached [pid 6685] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6754] set_robust_list(0x55558bffa6a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6754 [pid 6754] <... set_robust_list resumed>) = 0 [pid 6754] chdir("./9") = 0 [pid 6754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6754] setpgid(0, 0) = 0 [pid 6754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6754] write(3, "1000", 4) = 4 [ 91.862404][ T6733] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 91.878706][ T6733] BTRFS info (device loop4): using free-space-tree [ 91.894350][ T6685] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 6754] close(3) = 0 [pid 6754] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6754] write(1, "executing program\n", 18) = 18 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6754] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6760]}, 88) = 6760 [pid 6754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6760 attached [pid 6760] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6760] set_robust_list(0x7fb77d6019a0, 24) = 0 [ 91.933695][ T6685] BTRFS info (device loop2 state M): setting nodatasum [ 91.940603][ T6685] BTRFS info (device loop2 state M): setting nodatasum [pid 6760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6760] memfd_create("syzkaller", 0) = 3 [pid 6760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 92.002788][ T6685] BTRFS info (device loop2 state M): turning off barriers [ 92.053331][ T6685] BTRFS info (device loop2 state M): turning on flush-on-commit [ 92.061374][ T6685] BTRFS info (device loop2 state M): force clearing of disk cache [pid 6735] <... write resumed>) = 16777216 [ 92.107591][ T6685] BTRFS info (device loop2 state M): doing ref verification [pid 6714] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6735] munmap(0x7fb775000000, 138412032 [pid 6733] <... mount resumed>) = 0 [pid 6733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6733] chdir("./file0") = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_CLR_FD) = 0 [pid 6733] close(4) = 0 [pid 6760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... mount resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] memfd_create("syzkaller", 0 [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... memfd_create resumed>) = 4 [pid 6732] <... futex resumed>) = 0 [pid 6685] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] <... openat resumed>) = 4 [pid 6733] <... mmap resumed>) = 0x7fb775000000 [pid 6685] chdir("." [pid 6735] <... munmap resumed>) = 0 [pid 6685] <... chdir resumed>) = 0 [pid 6685] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6685] <... futex resumed>) = 1 [pid 6674] <... futex resumed>) = 0 [pid 6735] <... openat resumed>) = 4 [pid 6685] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6674] exit_group(0 [pid 6685] <... futex resumed>) = ? [pid 6674] <... exit_group resumed>) = ? [pid 6735] ioctl(4, LOOP_SET_FD, 3 [pid 6685] +++ exited with 0 +++ [pid 6674] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6674, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=63 /* 0.63 s */} --- [pid 5831] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./9/binderfs") = 0 [ 92.152661][ T6685] BTRFS info (device loop2 state M): max_inline set to 26856 [ 92.189465][ T6735] loop0: detected capacity change from 0 to 32768 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6735] <... ioctl resumed>) = 0 [pid 6735] close(3) = 0 [pid 6735] close(4) = 0 [pid 6735] mkdir("./file0", 0777) = 0 [ 92.212167][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 92.241959][ T6735] BTRFS: device /dev/loop0 (7:0) using temp-fsid c4b88fff-61ac-4e32-8ff1-193284a224f7 [ 92.292627][ T6735] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6735) [ 92.346457][ T6735] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 92.406787][ T6735] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 92.461889][ T6735] BTRFS info (device loop0): using free-space-tree [pid 6735] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./9/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./9") = 0 [pid 5831] mkdir("./10", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6786 [pid 6714] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 6786 attached [pid 6786] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6786] chdir("./10") = 0 [pid 6786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6714] munmap(0x7fb775000000, 138412032 [pid 6786] setpgid(0, 0) = 0 [pid 6786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6786] write(3, "1000", 4) = 4 [pid 6786] close(3) = 0 [pid 6786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6786] write(1, "executing program\n", 18executing program ) = 18 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6714] <... munmap resumed>) = 0 [pid 6786] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6733] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6714] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6786] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6714] <... openat resumed>) = 5 [pid 6786] <... mprotect resumed>) = 0 [pid 6714] ioctl(5, LOOP_SET_FD, 4 [pid 6786] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6714] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6786] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6714] ioctl(5, LOOP_CLR_FD [pid 6786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6789 attached [pid 6714] <... ioctl resumed>) = 0 [pid 6786] <... clone3 resumed> => {parent_tid=[6789]}, 88) = 6789 [pid 6786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6789] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... mount resumed>) = 0 [pid 6714] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6714] close(5) = 0 [pid 6714] close(4 [pid 6789] <... rseq resumed>) = 0 [pid 6786] <... futex resumed>) = 0 [pid 6735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6789] set_robust_list(0x7fb77d6019a0, 24 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6735] <... openat resumed>) = 3 [pid 6789] <... set_robust_list resumed>) = 0 [pid 6735] chdir("./file0" [pid 6789] rt_sigprocmask(SIG_SETMASK, [], [pid 6735] <... chdir resumed>) = 0 [pid 6789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6789] memfd_create("syzkaller", 0 [pid 6735] <... openat resumed>) = 4 [pid 6735] ioctl(4, LOOP_CLR_FD) = 0 [pid 6789] <... memfd_create resumed>) = 3 [pid 6735] close(4) = 0 [pid 6789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... mmap resumed>) = 0x7fb775000000 [pid 6735] <... futex resumed>) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6735] memfd_create("syzkaller", 0 [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... memfd_create resumed>) = 4 [pid 6734] <... futex resumed>) = 0 [pid 6735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6735] <... mmap resumed>) = 0x7fb775000000 [pid 6733] <... write resumed>) = 16777216 [pid 6733] munmap(0x7fb775000000, 138412032) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6733] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6733] ioctl(5, LOOP_CLR_FD) = 0 [pid 6733] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6733] close(5) = 0 [pid 6733] close(4 [pid 6760] <... write resumed>) = 16777216 [pid 6760] munmap(0x7fb775000000, 138412032) = 0 [pid 6760] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6760] close(3) = 0 [pid 6760] close(4) = 0 [pid 6760] mkdir("./file0", 0777) = 0 [pid 6760] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 6735] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6714] <... close resumed>) = 0 [ 92.976373][ T6760] loop1: detected capacity change from 0 to 32768 [ 93.012168][ T6760] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6760) [pid 6733] <... close resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] rename("./file1", "./file0/file0" [pid 6789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... rename resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6712] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6712] <... futex resumed>) = 0 [pid 6714] mkdir(".", 0777 [pid 6712] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6714] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6733] <... futex resumed>) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6714] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6733] rename("./file1", "./file0/file0" [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... rename resumed>) = 0 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] mkdir(".", 0777 [pid 6732] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6732] <... futex resumed>) = 0 [pid 6733] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 93.095308][ T6714] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 93.121637][ T6760] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 93.132948][ T6733] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 93.141643][ T6714] BTRFS info (device loop3 state M): setting nodatasum [ 93.151200][ T6760] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 93.163684][ T6733] BTRFS info (device loop4 state M): setting nodatasum [ 93.182264][ T6733] BTRFS info (device loop4 state M): setting nodatasum [ 93.183259][ T6714] BTRFS info (device loop3 state M): setting nodatasum [ 93.196146][ T6760] BTRFS info (device loop1): using free-space-tree [ 93.213351][ T6733] BTRFS info (device loop4 state M): turning off barriers [ 93.220514][ T6733] BTRFS info (device loop4 state M): turning on flush-on-commit [ 93.221626][ T6714] BTRFS info (device loop3 state M): turning off barriers [ 93.261639][ T6733] BTRFS info (device loop4 state M): force clearing of disk cache [ 93.269621][ T6714] BTRFS info (device loop3 state M): turning on flush-on-commit [ 93.294666][ T6714] BTRFS info (device loop3 state M): force clearing of disk cache [ 93.295203][ T6733] BTRFS info (device loop4 state M): doing ref verification [pid 6732] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6733] <... mount resumed>) = 0 [pid 6733] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6733] chdir(".") = 0 [pid 6733] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6732] exit_group(0) = ? [pid 6733] +++ exited with 0 +++ [pid 6732] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6732, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=59 /* 0.59 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.303558][ T6714] BTRFS info (device loop3 state M): doing ref verification [ 93.322528][ T6733] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./9/binderfs") = 0 [pid 5833] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6760] <... mount resumed>) = 0 [pid 6760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6760] chdir("./file0") = 0 [pid 6760] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6760] ioctl(4, LOOP_CLR_FD [pid 6714] <... mount resumed>) = 0 [pid 6760] <... ioctl resumed>) = 0 [pid 6714] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6760] close(4 [pid 6714] <... openat resumed>) = 4 [pid 6760] <... close resumed>) = 0 [pid 6714] chdir("." [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... chdir resumed>) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6714] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6760] memfd_create("syzkaller", 0 [pid 6714] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... memfd_create resumed>) = 4 [pid 6754] <... futex resumed>) = 0 [pid 6712] exit_group(0 [pid 6760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] <... mmap resumed>) = 0x7fb775000000 [pid 6714] <... futex resumed>) = ? [pid 6712] <... exit_group resumed>) = ? [pid 6714] +++ exited with 0 +++ [pid 6712] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6712, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=57 /* 0.57 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6789] <... write resumed>) = 16777216 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 93.381785][ T5833] BTRFS info (device loop4): last unmount of filesystem d045321e-783a-4c1a-a85d-5b893220f93d [ 93.402197][ T6714] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] unlink("./9/binderfs") = 0 [pid 5832] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6789] munmap(0x7fb775000000, 138412032) = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6789] close(3) = 0 [pid 6789] close(4) = 0 [pid 6789] mkdir("./file0", 0777) = 0 [ 93.473849][ T5832] BTRFS info (device loop3): last unmount of filesystem 0c4041f2-c097-476d-b4c5-ad88b5056669 [ 93.502838][ T6789] loop2: detected capacity change from 0 to 32768 [pid 6789] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6735] <... write resumed>) = 16777216 [ 93.527871][ T6789] BTRFS: device /dev/loop2 (7:2) using temp-fsid 9ceaa309-1664-4a38-938c-8fbf6ab8610c [ 93.564163][ T6789] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6789) [pid 6735] munmap(0x7fb775000000, 138412032) = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6735] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6735] ioctl(5, LOOP_CLR_FD) = 0 [pid 6735] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6735] close(5) = 0 [pid 6735] close(4 [ 93.648985][ T6789] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 93.684791][ T6789] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 6760] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... umount2 resumed>) = 0 [ 93.721941][ T6789] BTRFS info (device loop2): using free-space-tree [pid 5833] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./9/file0" [pid 6735] <... close resumed>) = 0 [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rmdir resumed>) = 0 [pid 6735] <... futex resumed>) = 1 [pid 6734] <... futex resumed>) = 0 [pid 5833] getdents64(3, [pid 6735] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(3 [pid 6735] <... futex resumed>) = 0 [pid 6734] <... futex resumed>) = 1 [pid 5833] <... close resumed>) = 0 [pid 6735] rename("./file1", "./file0/file0" [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] rmdir("./9") = 0 [pid 5833] mkdir("./10", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6823 [pid 6735] <... rename resumed>) = 0 ./strace-static-x86_64: Process 6823 attached [pid 6823] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6823] chdir("./10" [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6734] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] <... chdir resumed>) = 0 [pid 6735] <... futex resumed>) = 0 [pid 6734] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6735] mkdir(".", 0777 [pid 6823] <... prctl resumed>) = 0 [pid 6735] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6735] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6823] setpgid(0, 0) = 0 [pid 6823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6823] write(3, "1000", 4) = 4 [pid 6823] close(3) = 0 [pid 6823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6789] <... mount resumed>) = 0 [pid 6789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6789] chdir("./file0") = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6789] ioctl(4, LOOP_CLR_FD) = 0 [pid 6789] close(4) = 0 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] <... futex resumed>) = 0 executing program [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] write(1, "executing program\n", 18 [pid 6786] <... futex resumed>) = 1 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] <... write resumed>) = 18 [pid 6789] <... futex resumed>) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] memfd_create("syzkaller", 0) = 4 [pid 6789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6823] <... futex resumed>) = 0 [pid 6823] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6823] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6823] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... umount2 resumed>) = 0 [pid 6823] <... mprotect resumed>) = 0 [pid 5832] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 93.985579][ T6735] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 6823] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] newfstatat(AT_FDCWD, "./9/file0", [pid 6823] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6825 attached [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6823] <... clone3 resumed> => {parent_tid=[6825]}, 88) = 6825 [pid 5832] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] <... openat resumed>) = 4 [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] newfstatat(4, "", [pid 6825] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6760] <... write resumed>) = 16777216 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6825] <... rseq resumed>) = 0 [pid 6760] munmap(0x7fb775000000, 138412032 [pid 5832] getdents64(4, [pid 6825] set_robust_list(0x7fb77d6019a0, 24 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6825] <... set_robust_list resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6825] rt_sigprocmask(SIG_SETMASK, [], [ 94.028608][ T6735] BTRFS info (device loop0 state M): setting nodatasum [ 94.053056][ T6735] BTRFS info (device loop0 state M): setting nodatasum [ 94.071206][ T6735] BTRFS info (device loop0 state M): turning off barriers [pid 5832] rmdir("./9/file0" [pid 6825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6760] <... munmap resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6825] memfd_create("syzkaller", 0 [pid 5832] getdents64(3, [pid 6825] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./9" [pid 6760] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 6760] <... openat resumed>) = 5 [pid 5832] mkdir("./10", 0777 [pid 6760] ioctl(5, LOOP_SET_FD, 4 [pid 5832] <... mkdir resumed>) = 0 [pid 6760] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6760] ioctl(5, LOOP_CLR_FD [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6760] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6760] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6760] close(5) = 0 [pid 6760] close(4 [pid 5832] close(3) = 0 [ 94.089031][ T6735] BTRFS info (device loop0 state M): turning on flush-on-commit [ 94.119628][ T6735] BTRFS info (device loop0 state M): force clearing of disk cache [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6826 attached , child_tidptr=0x55558bffa690) = 6826 [pid 6826] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6826] chdir("./10") = 0 [pid 6826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 94.162628][ T6735] BTRFS info (device loop0 state M): doing ref verification [pid 6826] setpgid(0, 0) = 0 [pid 6826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6826] write(3, "1000", 4) = 4 [pid 6826] close(3) = 0 executing program [pid 6826] symlink("/dev/binderfs", "./binderfs" [pid 6789] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6826] <... symlink resumed>) = 0 [pid 6826] write(1, "executing program\n", 18) = 18 [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6735] <... mount resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6735] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6735] <... openat resumed>) = 4 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6735] chdir("." [pid 6826] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6735] <... chdir resumed>) = 0 [pid 6826] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6735] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... mprotect resumed>) = 0 [pid 6735] <... futex resumed>) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6735] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] exit_group(0 [pid 6826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6735] <... futex resumed>) = ? [pid 6734] <... exit_group resumed>) = ? [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6735] +++ exited with 0 +++ [pid 6734] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6734, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=63 /* 0.63 s */} --- [pid 6826] <... clone3 resumed> => {parent_tid=[6827]}, 88) = 6827 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6826] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6827 attached NULL, 8) = 0 [pid 6826] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 94.202965][ T6735] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6827] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6827] <... rseq resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6827] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6827] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] newfstatat(3, "", [pid 6827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] memfd_create("syzkaller", 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6827] <... memfd_create resumed>) = 3 [pid 5829] getdents64(3, [pid 6827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 6827] <... mmap resumed>) = 0x7fb775000000 [pid 5829] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./9/binderfs") = 0 [ 94.307071][ T5829] BTRFS info (device loop0): last unmount of filesystem c4b88fff-61ac-4e32-8ff1-193284a224f7 [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6760] <... close resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6760] rename("./file1", "./file0/file0" [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... rename resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... futex resumed>) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6754] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] mkdir(".", 0777 [pid 6754] <... futex resumed>) = 0 [pid 6760] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6754] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 94.490222][ T6760] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 94.522257][ T6760] BTRFS info (device loop1 state M): setting nodatasum [ 94.529278][ T6760] BTRFS info (device loop1 state M): setting nodatasum [ 94.544022][ T6760] BTRFS info (device loop1 state M): turning off barriers [ 94.575969][ T6760] BTRFS info (device loop1 state M): turning on flush-on-commit [pid 6825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 94.601647][ T6760] BTRFS info (device loop1 state M): force clearing of disk cache [ 94.627430][ T6760] BTRFS info (device loop1 state M): doing ref verification [ 94.643679][ T6760] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 6827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6760] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6760] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6760] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6760] chdir("." [pid 5829] newfstatat(AT_FDCWD, "./9/file0", [pid 6760] <... chdir resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6760] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6754] exit_group(0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6760] <... futex resumed>) = ? [pid 6754] <... exit_group resumed>) = ? [pid 5829] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6760] +++ exited with 0 +++ [pid 5829] <... openat resumed>) = 4 [pid 6754] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6754, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=61 /* 0.61 s */} --- [pid 5829] newfstatat(4, "", [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./9/file0" [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5829] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5830] getdents64(3, [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] close(3) = 0 [pid 5830] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./9" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5829] mkdir("./10", 0777) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] unlink("./9/binderfs" [pid 5829] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6789] <... write resumed>) = 16777216 [pid 6789] munmap(0x7fb775000000, 138412032./strace-static-x86_64: Process 6829 attached [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 6829 [pid 6829] set_robust_list(0x55558bffa6a0, 24 [pid 6789] <... munmap resumed>) = 0 [pid 6829] <... set_robust_list resumed>) = 0 [pid 6829] chdir("./10") = 0 [pid 6829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6829] setpgid(0, 0) = 0 [pid 6789] <... openat resumed>) = 5 [pid 6829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6829] write(3, "1000", 4 [pid 6789] ioctl(5, LOOP_SET_FD, 4 [pid 6829] <... write resumed>) = 4 [pid 6789] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6829] close(3 [pid 6789] ioctl(5, LOOP_CLR_FD [pid 6829] <... close resumed>) = 0 [pid 6829] symlink("/dev/binderfs", "./binderfs" [pid 6789] <... ioctl resumed>) = 0 [pid 6829] <... symlink resumed>) = 0 executing program [pid 6829] write(1, "executing program\n", 18) = 18 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6789] ioctl(5, LOOP_SET_FD, 4 [pid 6829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6789] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6789] close(5 [pid 6829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6789] <... close resumed>) = 0 [ 94.732297][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6829] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6789] close(4 [pid 6829] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6825] <... write resumed>) = 16777216 [pid 6829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6825] munmap(0x7fb775000000, 138412032 [pid 6829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6830 attached [pid 6830] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6830] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6829] <... clone3 resumed> => {parent_tid=[6830]}, 88) = 6830 [pid 6830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] <... munmap resumed>) = 0 [pid 6829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6830] <... futex resumed>) = 0 [pid 6830] memfd_create("syzkaller", 0) = 3 [pid 6830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6825] close(3) = 0 [pid 6825] close(4) = 0 [ 94.882855][ T6825] loop4: detected capacity change from 0 to 32768 [pid 6825] mkdir("./file0", 0777) = 0 [ 94.939230][ T6825] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6825) [ 94.996069][ T6825] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 95.021682][ T6825] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6825] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 6789] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./9/file0") = 0 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] getdents64(3, [pid 6789] <... futex resumed>) = 1 [pid 6786] <... futex resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] rename("./file1", "./file0/file0" [pid 6786] <... futex resumed>) = 0 [ 95.053960][ T6825] BTRFS info (device loop4): using free-space-tree [pid 5830] close(3 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./9") = 0 [pid 5830] mkdir("./10", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 6846 ./strace-static-x86_64: Process 6846 attached [pid 6846] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6846] chdir("./10" [pid 6789] <... rename resumed>) = 0 [pid 6846] <... chdir resumed>) = 0 [pid 6846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6846] setpgid(0, 0) = 0 [pid 6846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6846] write(3, "1000", 4 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... write resumed>) = 4 [pid 6786] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6789] <... futex resumed>) = 0 [pid 6846] close(3 [pid 6786] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... close resumed>) = 0 [pid 6789] mkdir(".", 0777 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6846] symlink("/dev/binderfs", "./binderfs" [pid 6789] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6789] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6846] <... symlink resumed>) = 0 executing program [pid 6846] write(1, "executing program\n", 18) = 18 [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6846] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6848]}, 88) = 6848 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6848 attached [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6848] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6848] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6848] memfd_create("syzkaller", 0) = 3 [pid 6848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6827] <... write resumed>) = 16777216 [pid 6848] <... mmap resumed>) = 0x7fb775000000 [pid 6830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 95.188769][ T6789] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 95.213386][ T6789] BTRFS info (device loop2 state M): setting nodatasum [pid 6827] munmap(0x7fb775000000, 138412032 [pid 6825] <... mount resumed>) = 0 [pid 6827] <... munmap resumed>) = 0 [pid 6825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6827] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6825] <... openat resumed>) = 3 [pid 6827] ioctl(4, LOOP_SET_FD, 3 [pid 6825] chdir("./file0") = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6827] <... ioctl resumed>) = 0 [pid 6827] close(3 [pid 6825] ioctl(4, LOOP_CLR_FD [pid 6827] <... close resumed>) = 0 [pid 6827] close(4 [pid 6825] <... ioctl resumed>) = 0 [pid 6827] <... close resumed>) = 0 [pid 6825] close(4 [pid 6827] mkdir("./file0", 0777) = 0 [pid 6825] <... close resumed>) = 0 [ 95.241797][ T6789] BTRFS info (device loop2 state M): setting nodatasum [ 95.254752][ T6827] loop3: detected capacity change from 0 to 32768 [ 95.262030][ T6789] BTRFS info (device loop2 state M): turning off barriers [ 95.279757][ T6789] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6827] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] <... futex resumed>) = 0 [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6825] memfd_create("syzkaller", 0) = 4 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 95.307964][ T6789] BTRFS info (device loop2 state M): force clearing of disk cache [ 95.316400][ T6827] BTRFS: device /dev/loop3 (7:3) using temp-fsid 259a730f-4383-4c39-8f57-c1589f89d5aa [ 95.331658][ T6827] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6827) [ 95.357093][ T6789] BTRFS info (device loop2 state M): doing ref verification [ 95.381651][ T6789] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6789] <... mount resumed>) = 0 [pid 6789] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6789] chdir(".") = 0 [pid 6789] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6786] <... futex resumed>) = 0 [pid 6789] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] exit_group(0 [pid 6789] <... futex resumed>) = ? [pid 6786] <... exit_group resumed>) = ? [pid 6789] +++ exited with 0 +++ [pid 6786] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6786, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=66 /* 0.66 s */} --- [pid 5831] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./10/binderfs") = 0 [ 95.413911][ T6827] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 95.445411][ T6827] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 95.457716][ T5831] BTRFS info (device loop2): last unmount of filesystem 9ceaa309-1664-4a38-938c-8fbf6ab8610c [ 95.481832][ T6827] BTRFS info (device loop3): using free-space-tree [pid 6848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6830] <... write resumed>) = 16777216 [pid 6830] munmap(0x7fb775000000, 138412032) = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6830] close(3) = 0 [pid 6830] close(4) = 0 [pid 6830] mkdir("./file0", 0777) = 0 [ 95.652371][ T6830] loop0: detected capacity change from 0 to 32768 [ 95.681781][ T6830] BTRFS: device /dev/loop0 (7:0) using temp-fsid 184816e6-a5fc-45de-a3b6-919fd3585675 [pid 6830] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6827] <... mount resumed>) = 0 [pid 6827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6827] chdir("./file0") = 0 [pid 6827] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6827] ioctl(4, LOOP_CLR_FD) = 0 [pid 6827] close(4) = 0 [pid 6827] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] <... futex resumed>) = 0 [pid 6826] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6827] <... futex resumed>) = 0 [pid 6827] memfd_create("syzkaller", 0) = 4 [pid 6827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 95.701769][ T6830] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6830) [pid 6825] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6848] <... write resumed>) = 16777216 [pid 6848] munmap(0x7fb775000000, 138412032) = 0 [ 95.761641][ T6830] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 95.787384][ T6830] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6848] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6848] close(3) = 0 [pid 6848] close(4) = 0 [pid 6848] mkdir("./file0", 0777) = 0 [ 95.827025][ T6830] BTRFS info (device loop0): using free-space-tree [ 95.835651][ T6848] loop1: detected capacity change from 0 to 32768 [pid 6848] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 95.893194][ T6848] BTRFS: device /dev/loop1 (7:1) using temp-fsid 054c0680-a6fd-40b6-b7f7-b12e1c5c5a58 [ 95.910195][ T6848] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6848) [pid 5831] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./10/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./10") = 0 [pid 5831] mkdir("./11", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6827] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 6830] <... mount resumed>) = 0 [pid 6830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6830] chdir("./file0") = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6830] ioctl(4, LOOP_CLR_FD) = 0 [pid 6830] close(4) = 0 [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6830] memfd_create("syzkaller", 0) = 4 [pid 6830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 95.985344][ T6848] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 96.005829][ T6848] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 96.017920][ T6848] BTRFS info (device loop1): using free-space-tree ./strace-static-x86_64: Process 6886 attached [pid 6886] set_robust_list(0x55558bffa6a0, 24) = 0 executing program [pid 6886] chdir("./11") = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6886 [pid 6886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6886] setpgid(0, 0) = 0 [pid 6886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6886] write(3, "1000", 4) = 4 [pid 6886] close(3) = 0 [pid 6886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6886] write(1, "executing program\n", 18) = 18 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6886] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6888]}, 88) = 6888 [pid 6886] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6888 attached NULL, 8) = 0 [pid 6888] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... rseq resumed>) = 0 [pid 6886] <... futex resumed>) = 0 [pid 6888] set_robust_list(0x7fb77d6019a0, 24 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6888] <... set_robust_list resumed>) = 0 [pid 6888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6888] memfd_create("syzkaller", 0) = 3 [pid 6888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6825] <... write resumed>) = 16777216 [pid 6848] <... mount resumed>) = 0 [pid 6825] munmap(0x7fb775000000, 138412032 [pid 6848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6848] chdir("./file0") = 0 [pid 6848] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6848] ioctl(4, LOOP_CLR_FD) = 0 [pid 6848] close(4) = 0 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6848] memfd_create("syzkaller", 0 [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6848] <... memfd_create resumed>) = 4 [pid 6848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6825] <... munmap resumed>) = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6825] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6825] ioctl(5, LOOP_CLR_FD) = 0 [pid 6825] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6825] close(5) = 0 [pid 6825] close(4 [pid 6848] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6830] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6825] <... close resumed>) = 0 [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6825] rename("./file1", "./file0/file0" [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... rename resumed>) = 0 [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6823] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6825] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6825] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6827] <... write resumed>) = 16777216 [ 96.652650][ T6825] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 96.692052][ T6825] BTRFS info (device loop4 state M): setting nodatasum [pid 6827] munmap(0x7fb775000000, 138412032) = 0 [pid 6827] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6827] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6827] ioctl(5, LOOP_CLR_FD) = 0 [pid 6827] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6827] close(5) = 0 [pid 6827] close(4 [pid 6888] <... write resumed>) = 16777216 [ 96.717056][ T6825] BTRFS info (device loop4 state M): setting nodatasum [ 96.735987][ T6825] BTRFS info (device loop4 state M): turning off barriers [pid 6888] munmap(0x7fb775000000, 138412032) = 0 [pid 6888] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6888] ioctl(4, LOOP_SET_FD, 3) = 0 [ 96.775758][ T6825] BTRFS info (device loop4 state M): turning on flush-on-commit [ 96.796820][ T6888] loop2: detected capacity change from 0 to 32768 [ 96.816361][ T6825] BTRFS info (device loop4 state M): force clearing of disk cache [pid 6888] close(3) = 0 [pid 6888] close(4) = 0 [pid 6888] mkdir("./file0", 0777) = 0 [pid 6888] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6825] <... mount resumed>) = 0 [pid 6825] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6825] chdir(".") = 0 [pid 6825] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] <... futex resumed>) = 0 [ 96.831928][ T6825] BTRFS info (device loop4 state M): doing ref verification [ 96.849996][ T6825] BTRFS info (device loop4 state M): max_inline set to 26856 [ 96.872082][ T6888] BTRFS: device /dev/loop2 (7:2) using temp-fsid 6c7fbc1c-4e4b-439d-9288-48fdb843ab92 [pid 6823] exit_group(0) = ? [pid 6825] +++ exited with 0 +++ [pid 6823] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6823, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=61 /* 0.61 s */} --- [pid 6848] <... write resumed>) = 16777216 [pid 5833] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./10/binderfs") = 0 [ 96.904876][ T6888] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6888) [pid 5833] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 96.947388][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 96.973975][ T6888] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6848] munmap(0x7fb775000000, 138412032) = 0 [pid 6848] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 6848] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6848] ioctl(5, LOOP_CLR_FD) = 0 [pid 6848] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6848] close(5 [pid 6827] <... close resumed>) = 0 [pid 6848] <... close resumed>) = 0 [pid 6848] close(4 [pid 6827] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6827] rename("./file1", "./file0/file0" [pid 6826] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.007084][ T6888] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 97.047138][ T6888] BTRFS info (device loop2): using free-space-tree [pid 6826] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6830] <... write resumed>) = 16777216 [pid 6827] <... rename resumed>) = 0 [pid 6826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6826] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 6826] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE [pid 6830] munmap(0x7fb775000000, 138412032 [pid 6827] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... mprotect resumed>) = 0 [pid 6827] <... futex resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6827] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0} => {parent_tid=[6907]}, 88) = 6907 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6826] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6907 attached [pid 6907] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053) = 0 [pid 6907] set_robust_list(0x7fb77d5e09a0, 24 [pid 6830] <... munmap resumed>) = 0 [pid 6907] <... set_robust_list resumed>) = 0 [pid 6907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6907] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6907] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6830] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6830] ioctl(5, LOOP_CLR_FD) = 0 [pid 6830] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6830] close(5) = 0 [ 97.175370][ T6907] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 6830] close(4 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./10/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./10") = 0 [pid 5833] mkdir("./11", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [ 97.241151][ T6907] BTRFS info (device loop3 state M): setting nodatasum [ 97.261661][ T6907] BTRFS info (device loop3 state M): setting nodatasum [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6923 attached [pid 6888] <... mount resumed>) = 0 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 6923 [pid 6888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6888] chdir("./file0") = 0 [pid 6888] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6923] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6923] chdir("./11" [pid 6888] ioctl(4, LOOP_CLR_FD) = 0 [pid 6923] <... chdir resumed>) = 0 [pid 6923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6888] close(4 [pid 6923] <... prctl resumed>) = 0 [pid 6888] <... close resumed>) = 0 [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 97.317849][ T6907] BTRFS info (device loop3 state M): turning off barriers [pid 6888] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] setpgid(0, 0 [pid 6886] <... futex resumed>) = 0 [pid 6923] <... setpgid resumed>) = 0 [pid 6923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6886] <... futex resumed>) = 1 [pid 6888] memfd_create("syzkaller", 0) = 4 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6923] <... openat resumed>) = 3 [pid 6923] write(3, "1000", 4) = 4 [pid 6923] close(3) = 0 [pid 6923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6923] write(1, "executing program\n", 18executing program ) = 18 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [ 97.364441][ T6907] BTRFS info (device loop3 state M): turning on flush-on-commit [ 97.403853][ T6907] BTRFS info (device loop3 state M): force clearing of disk cache [pid 6923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6848] <... close resumed>) = 0 [pid 6923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6923] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6923] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6848] rename("./file1", "./file0/file0" [pid 6846] <... futex resumed>) = 0 [pid 6923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6924 attached [pid 6924] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6923] <... clone3 resumed> => {parent_tid=[6924]}, 88) = 6924 [pid 6923] rt_sigprocmask(SIG_SETMASK, [], [pid 6924] <... rseq resumed>) = 0 [pid 6923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6924] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] rt_sigprocmask(SIG_SETMASK, [], [pid 6923] <... futex resumed>) = 0 [pid 6924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] memfd_create("syzkaller", 0) = 3 [pid 6924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6848] <... rename resumed>) = 0 [ 97.473128][ T6907] BTRFS info (device loop3 state M): doing ref verification [ 97.480669][ T6907] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6924] <... mmap resumed>) = 0x7fb775000000 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... mount resumed>) = 0 [pid 6848] <... futex resumed>) = 0 [pid 6846] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6907] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 6846] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... openat resumed>) = 4 [pid 6848] mkdir(".", 0777 [pid 6846] <... futex resumed>) = 0 [pid 6907] chdir("." [pid 6848] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6846] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6907] <... chdir resumed>) = 0 [pid 6848] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6907] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6907] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] exit_group(0 [pid 6907] <... futex resumed>) = ? [pid 6826] <... exit_group resumed>) = ? [pid 6907] +++ exited with 0 +++ [pid 6830] <... close resumed>) = 0 [pid 6827] <... futex resumed>) = ? [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6829] <... futex resumed>) = 0 [pid 6827] +++ exited with 0 +++ [pid 6826] +++ exited with 0 +++ [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6826, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=60 /* 0.60 s */} --- [pid 6830] rename("./file1", "./file0/file0" [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./10/binderfs") = 0 [pid 5832] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6830] <... rename resumed>) = 0 [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6829] <... futex resumed>) = 0 [pid 6829] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6830] mkdir(".", 0777 [pid 6829] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6830] <... mkdir resumed>) = -1 EEXIST (File exists) [ 97.575037][ T5832] BTRFS info (device loop3): last unmount of filesystem 259a730f-4383-4c39-8f57-c1589f89d5aa [ 97.588507][ T6848] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 97.630648][ T6848] BTRFS info (device loop1 state M): setting nodatasum [ 97.647275][ T6848] BTRFS info (device loop1 state M): setting nodatasum [ 97.649906][ T6830] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 97.661572][ T6848] BTRFS info (device loop1 state M): turning off barriers [ 97.685024][ T6848] BTRFS info (device loop1 state M): turning on flush-on-commit [ 97.717874][ T6848] BTRFS info (device loop1 state M): force clearing of disk cache [ 97.725968][ T6830] BTRFS info (device loop0 state M): setting nodatasum [pid 6830] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 97.725991][ T6830] BTRFS info (device loop0 state M): setting nodatasum [ 97.726007][ T6830] BTRFS info (device loop0 state M): turning off barriers [ 97.726023][ T6830] BTRFS info (device loop0 state M): turning on flush-on-commit [ 97.726038][ T6830] BTRFS info (device loop0 state M): force clearing of disk cache [ 97.726053][ T6830] BTRFS info (device loop0 state M): doing ref verification [ 97.738420][ T6848] BTRFS info (device loop1 state M): doing ref verification [ 97.771917][ T6830] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 6888] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6830] <... mount resumed>) = 0 [pid 6830] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6830] chdir(".") = 0 [pid 6830] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6830] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6829] exit_group(0 [pid 6830] <... futex resumed>) = ? [pid 6829] <... exit_group resumed>) = ? [pid 6830] +++ exited with 0 +++ [pid 6829] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6829, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=67 /* 0.67 s */} --- [pid 5829] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6848] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5829] newfstatat(AT_FDCWD, "./10/binderfs", [pid 6848] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./10/binderfs") = 0 [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] chdir(".") = 0 [pid 6848] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6848] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] exit_group(0 [pid 6848] <... futex resumed>) = ? [pid 6846] <... exit_group resumed>) = ? [pid 6848] +++ exited with 0 +++ [pid 6846] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6846, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=73 /* 0.73 s */} --- [ 97.842066][ T6848] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 97.883015][ T5829] BTRFS info (device loop0): last unmount of filesystem 184816e6-a5fc-45de-a3b6-919fd3585675 [pid 5830] unlink("./10/binderfs" [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./10/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./10") = 0 [pid 5832] mkdir("./11", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6926 attached [pid 6926] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 6926 [pid 6926] <... set_robust_list resumed>) = 0 [pid 6926] chdir("./11") = 0 [pid 6926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6926] setpgid(0, 0) = 0 [pid 6926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6926] write(3, "1000", 4) = 4 [pid 6926] close(3) = 0 [pid 6926] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6926] write(1, "executing program\n", 18) = 18 [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [ 97.952331][ T5830] BTRFS info (device loop1): last unmount of filesystem 054c0680-a6fd-40b6-b7f7-b12e1c5c5a58 [pid 6926] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6927 attached => {parent_tid=[6927]}, 88) = 6927 [pid 6927] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6926] rt_sigprocmask(SIG_SETMASK, [], [pid 6927] <... rseq resumed>) = 0 [pid 6926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6927] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6927] memfd_create("syzkaller", 0) = 3 [pid 6927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6888] <... write resumed>) = 16777216 [pid 6888] munmap(0x7fb775000000, 138412032) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6888] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 6888] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6888] ioctl(5, LOOP_CLR_FD [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6888] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./10/file0", [pid 6888] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6924] <... write resumed>) = 16777216 [pid 6927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6888] close(5 [pid 6924] munmap(0x7fb775000000, 138412032 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6888] <... close resumed>) = 0 [pid 6888] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6924] <... munmap resumed>) = 0 [pid 5830] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./10/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./10") = 0 [pid 5829] mkdir("./11", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6929 attached [pid 6929] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6929] chdir("./11" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 6929 [pid 6924] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./10/file0", [pid 6929] <... chdir resumed>) = 0 [pid 6924] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6924] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6929] setpgid(0, 0) = 0 [pid 6929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6929] write(3, "1000", 4) = 4 [pid 6929] close(3) = 0 [pid 6929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5830] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6929] write(1, "executing program\n", 18) = 18 [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6929] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5830] <... openat resumed>) = 4 [pid 6929] <... clone3 resumed> => {parent_tid=[6932]}, 88) = 6932 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] newfstatat(4, "", ./strace-static-x86_64: Process 6932 attached [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6932] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6924] <... ioctl resumed>) = 0 [pid 6924] close(3 [pid 6932] <... rseq resumed>) = 0 [pid 5830] getdents64(4, [pid 6932] set_robust_list(0x7fb77d6019a0, 24 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6932] <... set_robust_list resumed>) = 0 [pid 6924] <... close resumed>) = 0 [pid 6924] close(4 [pid 6932] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] getdents64(4, [pid 6924] <... close resumed>) = 0 [pid 6932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6932] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6924] mkdir("./file0", 0777) = 0 [pid 6932] <... memfd_create resumed>) = 3 [pid 6924] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] close(4 [pid 6932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./10/file0") = 0 [ 98.360595][ T6924] loop4: detected capacity change from 0 to 32768 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [ 98.403569][ T6924] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (6924) [pid 5830] rmdir("./10") = 0 [pid 5830] mkdir("./11", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 6888] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] rename("./file1", "./file0/file0"./strace-static-x86_64: Process 6934 attached ) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 6934 [ 98.493997][ T6924] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 98.531673][ T6924] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 6934] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 6934] chdir("./11" [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... chdir resumed>) = 0 [pid 6888] <... futex resumed>) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6934] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6888] mkdir(".", 0777 [pid 6886] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... prctl resumed>) = 0 [pid 6888] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6886] <... futex resumed>) = 0 [pid 6934] setpgid(0, 0 [pid 6888] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6886] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6934] <... setpgid resumed>) = 0 [pid 6934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6934] write(3, "1000", 4) = 4 [pid 6934] close(3) = 0 executing program [pid 6934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6934] write(1, "executing program\n", 18) = 18 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6934] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[6937]}, 88) = 6937 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6937 attached [pid 6937] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6937] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6937] memfd_create("syzkaller", 0) = 3 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 98.572187][ T6924] BTRFS info (device loop4): using free-space-tree [ 98.596355][ T6888] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 98.651590][ T6888] BTRFS info (device loop2 state M): setting nodatasum [ 98.681822][ T6888] BTRFS info (device loop2 state M): setting nodatasum [ 98.711698][ T6888] BTRFS info (device loop2 state M): turning off barriers [ 98.718866][ T6888] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 6932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6927] <... write resumed>) = 16777216 [pid 6888] <... mount resumed>) = 0 [pid 6927] munmap(0x7fb775000000, 138412032 [pid 6888] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6888] chdir(".") = 0 [pid 6888] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6886] exit_group(0 [pid 6924] <... mount resumed>) = 0 [pid 6886] <... exit_group resumed>) = ? [pid 6924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6924] chdir("./file0") = 0 [pid 6888] +++ exited with 0 +++ [pid 6886] +++ exited with 0 +++ [pid 6924] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6886, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=68 /* 0.68 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6927] <... munmap resumed>) = 0 [pid 6924] <... openat resumed>) = 4 [ 98.771675][ T6888] BTRFS info (device loop2 state M): force clearing of disk cache [ 98.780402][ T6888] BTRFS info (device loop2 state M): doing ref verification [ 98.789822][ T6888] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 6927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6924] ioctl(4, LOOP_CLR_FD [pid 6927] <... openat resumed>) = 4 [pid 6924] <... ioctl resumed>) = 0 [pid 5831] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] ioctl(4, LOOP_SET_FD, 3 [pid 6924] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6924] <... close resumed>) = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6924] memfd_create("syzkaller", 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... openat resumed>) = 3 [pid 6924] <... memfd_create resumed>) = 4 [pid 6923] <... futex resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] <... mmap resumed>) = 0x7fb775000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./11/binderfs" [pid 6927] <... ioctl resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 6927] close(3) = 0 [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] close(4) = 0 [ 98.847552][ T6927] loop3: detected capacity change from 0 to 32768 [pid 6927] mkdir("./file0", 0777) = 0 [ 98.893593][ T5831] BTRFS info (device loop2): last unmount of filesystem 6c7fbc1c-4e4b-439d-9288-48fdb843ab92 [ 98.937126][ T6927] BTRFS: device /dev/loop3 (7:3) using temp-fsid b1c0d177-2309-44c0-a47b-ef58c7e09a12 [pid 6927] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 6932] <... write resumed>) = 16777216 [ 98.991196][ T6927] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (6927) [pid 6932] munmap(0x7fb775000000, 138412032) = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 99.075885][ T6927] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 99.112735][ T6932] loop0: detected capacity change from 0 to 32768 [pid 6932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6932] close(3) = 0 [pid 6932] close(4) = 0 [pid 6932] mkdir("./file0", 0777) = 0 [ 99.119358][ T6927] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 99.141710][ T6927] BTRFS info (device loop3): using free-space-tree [pid 6932] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 6937] <... write resumed>) = 16777216 [ 99.201782][ T6932] BTRFS: device /dev/loop0 (7:0) using temp-fsid d2b1352c-95ff-4963-98d4-9dcd0653b021 [pid 6937] munmap(0x7fb775000000, 138412032) = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6937] ioctl(4, LOOP_SET_FD, 3 [pid 6924] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6937] <... ioctl resumed>) = 0 [pid 6937] close(3) = 0 [pid 6937] close(4) = 0 [pid 6937] mkdir("./file0", 0777 [pid 5831] <... umount2 resumed>) = 0 [pid 6937] <... mkdir resumed>) = 0 [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 99.272560][ T6932] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (6932) [ 99.307877][ T6937] loop1: detected capacity change from 0 to 32768 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./11/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./11") = 0 [pid 5831] mkdir("./12", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [ 99.396342][ T6937] BTRFS: device /dev/loop1 (7:1) using temp-fsid 45f4fed5-50ad-47cc-868c-5ce72691c311 [ 99.406198][ T6932] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6970 attached [pid 6970] set_robust_list(0x55558bffa6a0, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 6970 [pid 6970] <... set_robust_list resumed>) = 0 [pid 6970] chdir("./12") = 0 [pid 6970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6970] setpgid(0, 0 [pid 6927] <... mount resumed>) = 0 [pid 6927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6927] chdir("./file0" [pid 6970] <... setpgid resumed>) = 0 [pid 6927] <... chdir resumed>) = 0 [pid 6927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6927] <... openat resumed>) = 4 [pid 6927] ioctl(4, LOOP_CLR_FD) = 0 [pid 6927] close(4) = 0 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [ 99.445377][ T6937] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (6937) [ 99.447410][ T6932] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 6927] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] <... openat resumed>) = 3 [pid 6970] write(3, "1000", 4) = 4 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] close(3 [pid 6927] <... futex resumed>) = 0 [pid 6926] <... futex resumed>) = 1 [pid 6927] memfd_create("syzkaller", 0) = 4 [pid 6927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6970] <... close resumed>) = 0 [pid 6970] symlink("/dev/binderfs", "./binderfs" [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6970] <... symlink resumed>) = 0 executing program [pid 6970] write(1, "executing program\n", 18) = 18 [ 99.531421][ T6937] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 99.539230][ T6932] BTRFS info (device loop0): using free-space-tree [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 6970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 6970] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 6975 attached [pid 6975] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 6970] <... clone3 resumed> => {parent_tid=[6975]}, 88) = 6975 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] <... rseq resumed>) = 0 [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6975] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 6975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] memfd_create("syzkaller", 0) = 3 [pid 6975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 99.572769][ T6937] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 99.606942][ T6937] BTRFS info (device loop1): using free-space-tree [pid 6924] <... write resumed>) = 16777216 [pid 6924] munmap(0x7fb775000000, 138412032) = 0 [pid 6924] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 6924] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6932] <... mount resumed>) = 0 [pid 6927] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6924] ioctl(5, LOOP_CLR_FD [pid 6932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6924] <... ioctl resumed>) = 0 [pid 6932] <... openat resumed>) = 3 [pid 6932] chdir("./file0") = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6924] ioctl(5, LOOP_SET_FD, 4 [pid 6932] ioctl(4, LOOP_CLR_FD [pid 6924] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6932] <... ioctl resumed>) = 0 [pid 6924] close(5 [pid 6932] close(4 [pid 6924] <... close resumed>) = 0 [pid 6932] <... close resumed>) = 0 [pid 6924] close(4 [pid 6932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6929] <... futex resumed>) = 0 [pid 6932] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6929] <... futex resumed>) = 0 [pid 6932] memfd_create("syzkaller", 0 [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6932] <... memfd_create resumed>) = 4 [pid 6932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6937] <... mount resumed>) = 0 [pid 6937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6937] chdir("./file0") = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6937] ioctl(4, LOOP_CLR_FD) = 0 [pid 6937] close(4) = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = 0 [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6937] <... futex resumed>) = 1 [pid 6937] memfd_create("syzkaller", 0) = 4 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6924] <... close resumed>) = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] rename("./file1", "./file0/file0") = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6924] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6924] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6924] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6927] <... write resumed>) = 16777216 [pid 6927] munmap(0x7fb775000000, 138412032) = 0 [pid 6927] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 6927] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6927] ioctl(5, LOOP_CLR_FD) = 0 [pid 6927] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6927] close(5) = 0 [pid 6927] close(4 [ 100.136716][ T6924] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 100.176981][ T6924] BTRFS info (device loop4 state M): setting nodatasum [ 100.194761][ T6924] BTRFS info (device loop4 state M): setting nodatasum [ 100.216429][ T6924] BTRFS info (device loop4 state M): turning off barriers [pid 6932] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 100.241615][ T6924] BTRFS info (device loop4 state M): turning on flush-on-commit [ 100.253588][ T6924] BTRFS info (device loop4 state M): force clearing of disk cache [ 100.261444][ T6924] BTRFS info (device loop4 state M): doing ref verification [pid 6937] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6924] <... mount resumed>) = 0 [pid 6924] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6924] chdir(".") = 0 [pid 6924] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6924] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] exit_group(0) = ? [pid 6924] <... futex resumed>) = ? [pid 6924] +++ exited with 0 +++ [pid 6923] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6923, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=57 /* 0.57 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [ 100.307855][ T6924] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./11/binderfs") = 0 [pid 5833] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] <... close resumed>) = 0 [ 100.383441][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] <... write resumed>) = 16777216 [pid 6926] <... futex resumed>) = 0 [pid 6927] <... futex resumed>) = 1 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6927] rename("./file1", "./file0/file0" [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] munmap(0x7fb775000000, 138412032 [pid 6927] <... rename resumed>) = 0 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [pid 6927] mkdir(".", 0777 [pid 6926] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6926] <... futex resumed>) = 0 [pid 6926] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6975] <... munmap resumed>) = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6927] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6975] <... openat resumed>) = 4 [pid 6975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6975] close(3) = 0 [pid 6975] close(4) = 0 [pid 6975] mkdir("./file0", 0777) = 0 [ 100.523594][ T6975] loop2: detected capacity change from 0 to 32768 [ 100.550280][ T6975] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (6975) [ 100.571510][ T6927] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 100.627173][ T6927] BTRFS info (device loop3 state M): setting nodatasum [ 100.627872][ T6975] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 100.644365][ T6927] BTRFS info (device loop3 state M): setting nodatasum [ 100.651246][ T6927] BTRFS info (device loop3 state M): turning off barriers [pid 6975] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 6932] <... write resumed>) = 16777216 [pid 6932] munmap(0x7fb775000000, 138412032) = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6932] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6932] ioctl(5, LOOP_CLR_FD) = 0 [pid 6932] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6932] close(5) = 0 [ 100.685273][ T6975] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 100.705262][ T6927] BTRFS info (device loop3 state M): turning on flush-on-commit [ 100.715511][ T6975] BTRFS info (device loop2): using free-space-tree [pid 6932] close(4 [pid 6937] <... write resumed>) = 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 6937] munmap(0x7fb775000000, 138412032 [pid 5833] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] <... munmap resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6927] <... mount resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 6927] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5833] newfstatat(4, "", [pid 6927] <... openat resumed>) = 4 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 6927] chdir(".") = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 6927] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] getdents64(4, [pid 6927] <... futex resumed>) = 1 [pid 6926] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 6927] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] exit_group(0 [pid 6937] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6927] <... futex resumed>) = ? [pid 6926] <... exit_group resumed>) = ? [pid 5833] close(4 [pid 6937] <... openat resumed>) = 5 [pid 6927] +++ exited with 0 +++ [pid 6926] +++ exited with 0 +++ [pid 6937] ioctl(5, LOOP_SET_FD, 4 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./11/file0" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6926, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=69 /* 0.69 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 100.743551][ T6927] BTRFS info (device loop3 state M): force clearing of disk cache [ 100.751412][ T6927] BTRFS info (device loop3 state M): doing ref verification [ 100.778730][ T6927] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 6937] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... rmdir resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] rmdir("./11" [pid 6937] ioctl(5, LOOP_CLR_FD [pid 5832] <... openat resumed>) = 3 [pid 6937] <... ioctl resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] mkdir("./12", 0777 [pid 5832] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] unlink("./11/binderfs" [pid 6937] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] <... unlink resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 6937] close(5 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5832] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] <... close resumed>) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6937] close(4 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7021 ./strace-static-x86_64: Process 7021 attached [ 100.840314][ T5832] BTRFS info (device loop3): last unmount of filesystem b1c0d177-2309-44c0-a47b-ef58c7e09a12 [pid 7021] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7021] chdir("./12") = 0 [pid 7021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7021] setpgid(0, 0) = 0 [pid 7021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7021] write(3, "1000", 4) = 4 [pid 7021] close(3) = 0 [pid 7021] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6975] <... mount resumed>) = 0 [pid 7021] write(1, "executing program\n", 18 [pid 6975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7021] <... write resumed>) = 18 [pid 6975] <... openat resumed>) = 3 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] chdir("./file0" [pid 7021] <... futex resumed>) = 0 [pid 6975] <... chdir resumed>) = 0 [pid 7021] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 6975] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7021] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6975] <... openat resumed>) = 4 [pid 7021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6975] ioctl(4, LOOP_CLR_FD [pid 7021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6975] <... ioctl resumed>) = 0 [pid 7021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6975] close(4) = 0 [pid 7021] <... mmap resumed>) = 0x7fb77d5e1000 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 6975] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7021] <... mprotect resumed>) = 0 [pid 6975] memfd_create("syzkaller", 0) = 4 [pid 6975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7023 attached => {parent_tid=[7023]}, 88) = 7023 [pid 7021] rt_sigprocmask(SIG_SETMASK, [], [pid 6932] <... close resumed>) = 0 [pid 7021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7023] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7023] <... rseq resumed>) = 0 [pid 7023] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] memfd_create("syzkaller", 0 [pid 6932] <... futex resumed>) = 1 [pid 6929] <... futex resumed>) = 0 [pid 6932] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6932] rename("./file1", "./file0/file0" [pid 7023] <... memfd_create resumed>) = 3 [pid 7023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6932] <... rename resumed>) = 0 [pid 6929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6929] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6932] <... futex resumed>) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6932] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] <... mmap resumed>) = 0x7fb77d5c0000 [pid 6929] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 7025 attached => {parent_tid=[7025]}, 88) = 7025 [pid 7025] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], [pid 7025] <... rseq resumed>) = 0 [pid 6929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6929] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7025] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 7025] rt_sigprocmask(SIG_SETMASK, [], [pid 6929] <... futex resumed>) = 0 [pid 7025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6929] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7025] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7025] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6937] <... close resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6937] rename("./file1", "./file0/file0" [ 101.184882][ T7025] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 101.219197][ T7025] BTRFS info (device loop0 state M): setting nodatasum [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... rename resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6937] <... futex resumed>) = 0 [pid 6934] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] mkdir(".", 0777) = -1 EEXIST (File exists) [ 101.244467][ T7025] BTRFS info (device loop0 state M): setting nodatasum [ 101.274930][ T7025] BTRFS info (device loop0 state M): turning off barriers [pid 6937] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 6934] <... futex resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6934] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6975] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [ 101.297162][ T7025] BTRFS info (device loop0 state M): turning on flush-on-commit [ 101.321408][ T7025] BTRFS info (device loop0 state M): force clearing of disk cache [ 101.338987][ T7025] BTRFS info (device loop0 state M): doing ref verification [pid 5832] rmdir("./11/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./11") = 0 [pid 7025] <... mount resumed>) = 0 [pid 5832] mkdir("./12", 0777 [pid 7025] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5832] <... mkdir resumed>) = 0 [pid 7025] chdir(".") = 0 [pid 7025] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 101.364134][ T6937] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 101.382124][ T7025] BTRFS info (device loop0 state M): max_inline set to 26856 [ 101.390877][ T6937] BTRFS info (device loop1 state M): setting nodatasum [pid 7025] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6929] exit_group(0) = ? [pid 7025] <... futex resumed>) = ? [pid 7025] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 6932] <... futex resumed>) = ? [pid 6932] +++ exited with 0 +++ [pid 6929] +++ exited with 0 +++ [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6929, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=63 /* 0.63 s */} --- [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] close(3 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] <... close resumed>) = 0 [ 101.411759][ T6937] BTRFS info (device loop1 state M): setting nodatasum [ 101.418712][ T6937] BTRFS info (device loop1 state M): turning off barriers [pid 5829] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7026 ./strace-static-x86_64: Process 7026 attached [pid 5829] newfstatat(3, "", [pid 7026] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7026] <... set_robust_list resumed>) = 0 [pid 5829] getdents64(3, [pid 7026] chdir("./12" [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7026] <... chdir resumed>) = 0 [pid 5829] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7026] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7026] <... prctl resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./11/binderfs", [pid 7026] setpgid(0, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7026] <... setpgid resumed>) = 0 [pid 5829] unlink("./11/binderfs" [pid 7026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... unlink resumed>) = 0 [pid 7026] <... openat resumed>) = 3 [ 101.462634][ T6937] BTRFS info (device loop1 state M): turning on flush-on-commit [ 101.470773][ T6937] BTRFS info (device loop1 state M): force clearing of disk cache [ 101.496136][ T6937] BTRFS info (device loop1 state M): doing ref verification [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7026] write(3, "1000", 4) = 4 [pid 7026] close(3) = 0 [pid 7026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7026] write(1, "executing program\n", 18) = 18 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7026] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7027]}, 88) = 7027 [pid 7026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7027 attached [pid 7027] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7027] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7027] memfd_create("syzkaller", 0) = 3 [pid 7027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6975] <... write resumed>) = 16777216 [pid 6975] munmap(0x7fb775000000, 138412032 [pid 6937] <... mount resumed>) = 0 [pid 6937] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 6937] chdir(".") = 0 [pid 6937] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6937] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6934] exit_group(0 [pid 6937] <... futex resumed>) = ? [pid 6934] <... exit_group resumed>) = ? [pid 6937] +++ exited with 0 +++ [pid 6934] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6934, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=62 /* 0.62 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 101.504305][ T5829] BTRFS info (device loop0): last unmount of filesystem d2b1352c-95ff-4963-98d4-9dcd0653b021 [ 101.511598][ T6937] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6975] <... munmap resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./11/binderfs") = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6975] <... openat resumed>) = 5 [pid 6975] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6975] ioctl(5, LOOP_CLR_FD) = 0 [pid 6975] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6975] close(5) = 0 [ 101.589229][ T5830] BTRFS info (device loop1): last unmount of filesystem 45f4fed5-50ad-47cc-868c-5ce72691c311 [pid 6975] close(4 [pid 7023] <... write resumed>) = 16777216 [pid 7023] munmap(0x7fb775000000, 138412032) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7023] close(3) = 0 [pid 7023] close(4) = 0 [pid 7023] mkdir("./file0", 0777) = 0 [pid 7023] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 101.794245][ T7023] loop4: detected capacity change from 0 to 32768 [ 101.834172][ T7023] BTRFS: device /dev/loop4 (7:4) using temp-fsid 2a99d89a-7394-4c50-b4b8-1b78e5f643a0 [pid 5829] getdents64(4, [pid 6975] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./11/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./11") = 0 [pid 7027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] mkdir("./12", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7029 ./strace-static-x86_64: Process 7029 attached [pid 7029] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7029] chdir("./12") = 0 [pid 7029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7029] setpgid(0, 0) = 0 [pid 7029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7029] write(3, "1000", 4) = 4 [pid 7029] close(3) = 0 [pid 7029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6975] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 101.867904][ T7023] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7023) [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6970] <... futex resumed>) = 0 [pid 6975] rename("./file1", "./file0/file0" [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] write(1, "executing program\n", 18) = 18 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7029] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7030]}, 88) = 7030 ./strace-static-x86_64: Process 7030 attached [pid 7029] rt_sigprocmask(SIG_SETMASK, [], [pid 6975] <... rename resumed>) = 0 [pid 7029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7030] set_robust_list(0x7fb77d6019a0, 24 [pid 6975] <... futex resumed>) = 0 [pid 6970] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] <... set_robust_list resumed>) = 0 [pid 6975] mkdir(".", 0777 [pid 6970] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6975] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7030] memfd_create("syzkaller", 0) = 3 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5830] <... umount2 resumed>) = 0 [ 101.954440][ T7023] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 101.979063][ T7023] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 5830] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./11/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./11") = 0 [pid 5830] mkdir("./12", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7037 [ 102.022041][ T7023] BTRFS info (device loop4): using free-space-tree [ 102.034764][ T6975] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW ./strace-static-x86_64: Process 7037 attached [pid 7037] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7037] chdir("./12") = 0 [pid 7037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7037] setpgid(0, 0) = 0 [pid 7037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7037] write(3, "1000", 4) = 4 [pid 7037] close(3) = 0 [pid 7037] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7037] write(1, "executing program\n", 18) = 18 [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [ 102.090075][ T6975] BTRFS info (device loop2 state M): setting nodatasum [pid 7037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7037] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7023] <... mount resumed>) = 0 [pid 7023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 102.144407][ T6975] BTRFS info (device loop2 state M): setting nodatasum [ 102.172855][ T6975] BTRFS info (device loop2 state M): turning off barriers [pid 7023] chdir("./file0"./strace-static-x86_64: Process 7048 attached [pid 7048] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7048] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7048] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7023] <... chdir resumed>) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7023] ioctl(4, LOOP_CLR_FD) = 0 [pid 7023] close(4) = 0 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7023] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7037] <... clone3 resumed> => {parent_tid=[7048]}, 88) = 7048 [pid 7021] <... futex resumed>) = 0 [pid 7037] rt_sigprocmask(SIG_SETMASK, [], [pid 6975] <... mount resumed>) = 0 [pid 7037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = 0 [pid 7037] <... futex resumed>) = 1 [pid 7023] <... futex resumed>) = 0 [pid 7021] <... futex resumed>) = 1 [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7048] memfd_create("syzkaller", 0 [pid 7023] memfd_create("syzkaller", 0 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7023] <... memfd_create resumed>) = 4 [pid 7023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6975] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7023] <... mmap resumed>) = 0x7fb775000000 [pid 6975] <... openat resumed>) = 4 [pid 7048] <... memfd_create resumed>) = 3 [pid 6975] chdir("." [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 6975] <... chdir resumed>) = 0 [pid 6975] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6975] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] <... futex resumed>) = 0 [pid 6970] exit_group(0 [pid 6975] <... futex resumed>) = ? [pid 6970] <... exit_group resumed>) = ? [pid 6975] +++ exited with 0 +++ [pid 6970] +++ exited with 0 +++ [ 102.187394][ T6975] BTRFS info (device loop2 state M): turning on flush-on-commit [ 102.195582][ T6975] BTRFS info (device loop2 state M): force clearing of disk cache [ 102.210788][ T6975] BTRFS info (device loop2 state M): doing ref verification [ 102.220811][ T6975] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6970, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=60 /* 0.60 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 7030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./12/binderfs") = 0 [ 102.356748][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7027] <... write resumed>) = 16777216 [pid 7027] munmap(0x7fb775000000, 138412032 [pid 7048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7027] <... munmap resumed>) = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7027] close(3) = 0 [pid 7027] close(4) = 0 [pid 7027] mkdir("./file0", 0777) = 0 [ 102.520000][ T7027] loop3: detected capacity change from 0 to 32768 [ 102.546573][ T7027] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7027) [pid 7027] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7023] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7030] <... write resumed>) = 16777216 [pid 7030] munmap(0x7fb775000000, 138412032) = 0 [ 102.617464][ T7027] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7030] close(3) = 0 [pid 7030] close(4) = 0 [ 102.661654][ T7027] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 102.670355][ T7027] BTRFS info (device loop3): using free-space-tree [ 102.678158][ T7030] loop0: detected capacity change from 0 to 32768 [pid 5831] <... umount2 resumed>) = 0 [pid 7030] mkdir("./file0", 0777 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7030] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7030] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./12/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./12") = 0 [pid 5831] mkdir("./13", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7055 ./strace-static-x86_64: Process 7055 attached [pid 7055] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7055] chdir("./13") = 0 [pid 7055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7055] setpgid(0, 0) = 0 [pid 7055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7055] write(3, "1000", 4) = 4 [pid 7055] close(3) = 0 [pid 7055] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7055] write(1, "executing program\n", 18) = 18 [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7055] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7055] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7064 attached => {parent_tid=[7064]}, 88) = 7064 [pid 7055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7064] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7064] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7064] memfd_create("syzkaller", 0) = 3 [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 102.742786][ T7030] BTRFS: device /dev/loop0 (7:0) using temp-fsid d6bc83ba-1a24-4c16-aca7-3da6b62c7056 [ 102.772621][ T7030] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7030) [ 102.851975][ T7030] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7027] <... mount resumed>) = 0 [pid 7048] <... write resumed>) = 16777216 [pid 7027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7027] chdir("./file0") = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7027] ioctl(4, LOOP_CLR_FD) = 0 [ 102.897890][ T7030] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 7027] close(4) = 0 [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7026] <... futex resumed>) = 0 [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] munmap(0x7fb775000000, 138412032 [pid 7027] memfd_create("syzkaller", 0 [pid 7026] <... futex resumed>) = 0 [pid 7027] <... memfd_create resumed>) = 4 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7048] <... munmap resumed>) = 0 [ 102.949594][ T7030] BTRFS info (device loop0): using free-space-tree [pid 7048] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7048] close(3) = 0 [pid 7048] close(4) = 0 [pid 7048] mkdir("./file0", 0777) = 0 [ 103.021175][ T7048] loop1: detected capacity change from 0 to 32768 [pid 7048] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7030] <... mount resumed>) = 0 [pid 7030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7030] chdir("./file0") = 0 [ 103.079299][ T7048] BTRFS: device /dev/loop1 (7:1) using temp-fsid 66eb5536-b400-4b8e-9308-dd2c3525bf48 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7030] ioctl(4, LOOP_CLR_FD) = 0 [pid 7023] <... write resumed>) = 16777216 [pid 7030] close(4) = 0 [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7030] memfd_create("syzkaller", 0) = 4 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 103.156276][ T7048] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7048) [pid 7023] munmap(0x7fb775000000, 138412032 [pid 7027] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7023] <... munmap resumed>) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7023] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7023] ioctl(5, LOOP_CLR_FD) = 0 [pid 7023] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7023] close(5) = 0 [ 103.251687][ T7048] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7023] close(4 [ 103.301211][ T7048] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 103.320228][ T7048] BTRFS info (device loop1): using free-space-tree [pid 7064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7023] <... close resumed>) = 0 [pid 7027] <... write resumed>) = 16777216 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] munmap(0x7fb775000000, 138412032 [pid 7023] <... futex resumed>) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7023] rename("./file1", "./file0/file0" [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] <... mount resumed>) = 0 [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7048] chdir("./file0") = 0 [pid 7048] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7048] ioctl(4, LOOP_CLR_FD) = 0 [pid 7048] close(4) = 0 [pid 7027] <... munmap resumed>) = 0 [pid 7023] <... rename resumed>) = 0 [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7048] memfd_create("syzkaller", 0 [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... memfd_create resumed>) = 4 [pid 7037] <... futex resumed>) = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7027] <... openat resumed>) = 5 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... mmap resumed>) = 0x7fb775000000 [pid 7027] ioctl(5, LOOP_SET_FD, 4 [pid 7023] <... futex resumed>) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7027] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7023] mkdir(".", 0777 [pid 7021] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7021] <... futex resumed>) = 0 [pid 7023] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7021] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7027] ioctl(5, LOOP_CLR_FD) = 0 [pid 7027] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7027] close(5) = 0 [pid 7027] close(4 [ 103.692365][ T7023] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 103.741786][ T7023] BTRFS info (device loop4 state M): setting nodatasum [ 103.748923][ T7023] BTRFS info (device loop4 state M): setting nodatasum [ 103.763471][ T7023] BTRFS info (device loop4 state M): turning off barriers [ 103.795691][ T7023] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 7030] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7027] <... close resumed>) = 0 [pid 7064] <... write resumed>) = 16777216 [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... mount resumed>) = 0 [pid 7064] munmap(0x7fb775000000, 138412032 [pid 7027] <... futex resumed>) = 1 [pid 7026] <... futex resumed>) = 0 [pid 7023] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... openat resumed>) = 4 [pid 7026] <... futex resumed>) = 0 [pid 7023] chdir("." [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] rename("./file1", "./file0/file0" [pid 7023] <... chdir resumed>) = 0 [ 103.851673][ T7023] BTRFS info (device loop4 state M): force clearing of disk cache [ 103.862629][ T7023] BTRFS info (device loop4 state M): doing ref verification [ 103.869958][ T7023] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7023] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7021] exit_group(0) = ? [pid 7027] <... rename resumed>) = 0 [pid 7023] +++ exited with 0 +++ [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7064] <... munmap resumed>) = 0 [pid 7048] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7026] <... futex resumed>) = 0 [pid 7021] +++ exited with 0 +++ [pid 7064] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7026] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... futex resumed>) = 0 [pid 7026] <... futex resumed>) = 1 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7021, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=66 /* 0.66 s */} --- [pid 7064] <... openat resumed>) = 4 [pid 7027] mkdir(".", 0777 [pid 7026] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7027] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] <... restart_syscall resumed>) = 0 [pid 7064] ioctl(4, LOOP_SET_FD, 3 [pid 7027] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./12/binderfs") = 0 [pid 5833] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7064] <... ioctl resumed>) = 0 [pid 7064] close(3) = 0 [pid 7064] close(4) = 0 [ 103.970718][ T7064] loop2: detected capacity change from 0 to 32768 [ 103.989632][ T5833] BTRFS info (device loop4): last unmount of filesystem 2a99d89a-7394-4c50-b4b8-1b78e5f643a0 [pid 7064] mkdir("./file0", 0777) = 0 [ 104.012263][ T7027] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 104.032255][ T7027] BTRFS info (device loop3 state M): setting nodatasum [ 104.043525][ T7064] BTRFS: device /dev/loop2 (7:2) using temp-fsid b35a8dab-f09d-401f-bc59-1f024eebd02e [ 104.068005][ T7027] BTRFS info (device loop3 state M): setting nodatasum [ 104.072363][ T7064] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7064) [ 104.092214][ T7027] BTRFS info (device loop3 state M): turning off barriers [ 104.116284][ T7027] BTRFS info (device loop3 state M): turning on flush-on-commit [ 104.141830][ T7064] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 104.148960][ T7027] BTRFS info (device loop3 state M): force clearing of disk cache [pid 7064] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7030] <... write resumed>) = 16777216 [ 104.187340][ T7064] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 104.207393][ T7027] BTRFS info (device loop3 state M): doing ref verification [ 104.212837][ T7064] BTRFS info (device loop2): using free-space-tree [pid 7030] munmap(0x7fb775000000, 138412032) = 0 [pid 7027] <... mount resumed>) = 0 [pid 7027] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7027] chdir(".") = 0 [pid 7027] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7027] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7026] <... futex resumed>) = 0 [pid 7030] <... openat resumed>) = 5 [pid 7026] exit_group(0 [pid 7030] ioctl(5, LOOP_SET_FD, 4 [pid 7027] <... futex resumed>) = ? [pid 7026] <... exit_group resumed>) = ? [pid 7030] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7030] ioctl(5, LOOP_CLR_FD) = 0 [pid 7027] +++ exited with 0 +++ [pid 7026] +++ exited with 0 +++ [pid 7030] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7026, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 7030] close(5 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 7030] <... close resumed>) = 0 [pid 7030] close(4 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 104.241683][ T7027] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./12/binderfs") = 0 [ 104.346841][ T5832] BTRFS info (device loop3): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5832] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7064] <... mount resumed>) = 0 [pid 7064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7064] chdir("./file0") = 0 [pid 7064] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7064] ioctl(4, LOOP_CLR_FD) = 0 [pid 7064] close(4) = 0 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] <... futex resumed>) = 0 [pid 7064] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7064] memfd_create("syzkaller", 0 [pid 7055] <... futex resumed>) = 0 [pid 7064] <... memfd_create resumed>) = 4 [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7048] <... write resumed>) = 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 7030] <... close resumed>) = 0 [pid 7048] munmap(0x7fb775000000, 138412032 [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] <... futex resumed>) = 0 [pid 7030] rename("./file1", "./file0/file0" [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 7030] <... rename resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4 [pid 7030] <... futex resumed>) = 1 [pid 7029] <... futex resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] <... futex resumed>) = 0 [pid 7030] mkdir(".", 0777 [pid 7029] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5833] rmdir("./12/file0" [pid 7030] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] <... rmdir resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./12") = 0 [pid 5833] mkdir("./13", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD [pid 7048] <... munmap resumed>) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7120 attached [pid 7048] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7120 [pid 7120] set_robust_list(0x55558bffa6a0, 24 [pid 7048] <... openat resumed>) = 5 [pid 7048] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7048] ioctl(5, LOOP_CLR_FD) = 0 [pid 7048] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7048] close(5) = 0 [pid 7048] close(4 [pid 7120] <... set_robust_list resumed>) = 0 [pid 7120] chdir("./13") = 0 [pid 7120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7120] setpgid(0, 0) = 0 [pid 7120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 104.624636][ T7030] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 104.663388][ T7030] BTRFS info (device loop0 state M): setting nodatasum [pid 7120] write(3, "1000", 4) = 4 [pid 7120] close(3) = 0 [pid 7120] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7120] write(1, "executing program\n", 18) = 18 [ 104.670293][ T7030] BTRFS info (device loop0 state M): setting nodatasum [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7120] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7121 attached => {parent_tid=[7121]}, 88) = 7121 [pid 7120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7121] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] <... rseq resumed>) = 0 [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7064] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7121] memfd_create("syzkaller", 0) = 3 [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 104.733795][ T7030] BTRFS info (device loop0 state M): turning off barriers [ 104.741107][ T7030] BTRFS info (device loop0 state M): turning on flush-on-commit [ 104.755363][ T7030] BTRFS info (device loop0 state M): force clearing of disk cache [pid 5832] <... umount2 resumed>) = 0 [pid 7030] <... mount resumed>) = 0 [pid 7048] <... close resumed>) = 0 [ 104.802350][ T7030] BTRFS info (device loop0 state M): doing ref verification [ 104.809703][ T7030] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7030] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7030] chdir("." [pid 5832] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7030] <... chdir resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7030] <... futex resumed>) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] newfstatat(AT_FDCWD, "./12/file0", [pid 7029] exit_group(0 [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = ? [pid 7029] <... exit_group resumed>) = ? [pid 7048] <... futex resumed>) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7030] +++ exited with 0 +++ [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 7048] rename("./file1", "./file0/file0" [pid 7029] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7029, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=68 /* 0.68 s */} --- [pid 5832] getdents64(4, [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./12/file0" [pid 5829] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5829] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] <... openat resumed>) = 3 [pid 7048] <... rename resumed>) = 0 [pid 5832] close(3 [pid 5829] newfstatat(3, "", [pid 5832] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] rmdir("./12" [pid 5829] getdents64(3, [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./12/binderfs" [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] mkdir("./13", 0777 [pid 5829] <... unlink resumed>) = 0 [pid 7048] <... futex resumed>) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7048] mkdir(".", 0777 [pid 7037] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7048] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7037] <... futex resumed>) = 0 [pid 7048] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7037] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7123 ./strace-static-x86_64: Process 7123 attached [pid 7123] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7123] chdir("./13") = 0 [pid 7123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7123] setpgid(0, 0) = 0 [pid 7123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 7123] write(3, "1000", 4) = 4 [pid 7123] close(3) = 0 [pid 7123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7123] write(1, "executing program\n", 18) = 18 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7123] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7124]}, 88) = 7124 [pid 7123] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7124 attached NULL, 8) = 0 [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7124] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7124] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7124] memfd_create("syzkaller", 0) = 3 [pid 7124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 104.916902][ T7048] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 104.932087][ T5829] BTRFS info (device loop0): last unmount of filesystem d6bc83ba-1a24-4c16-aca7-3da6b62c7056 [ 104.951656][ T7048] BTRFS info (device loop1 state M): setting nodatasum [ 104.969653][ T7048] BTRFS info (device loop1 state M): setting nodatasum [ 104.981680][ T7048] BTRFS info (device loop1 state M): turning off barriers [ 105.001096][ T7048] BTRFS info (device loop1 state M): turning on flush-on-commit [ 105.018192][ T7048] BTRFS info (device loop1 state M): force clearing of disk cache [ 105.051605][ T7048] BTRFS info (device loop1 state M): doing ref verification [pid 7121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7048] <... mount resumed>) = 0 [pid 7048] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7048] chdir(".") = 0 [pid 7048] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7048] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7037] exit_group(0 [pid 7048] <... futex resumed>) = ? [pid 7037] <... exit_group resumed>) = ? [pid 7048] +++ exited with 0 +++ [pid 7037] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7037, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=61 /* 0.61 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./12/binderfs") = 0 [ 105.088367][ T7048] BTRFS info (device loop1 state M): max_inline set to 26856 [ 105.162275][ T5830] BTRFS info (device loop1): last unmount of filesystem 66eb5536-b400-4b8e-9308-dd2c3525bf48 [pid 5830] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7064] <... write resumed>) = 16777216 [pid 7064] munmap(0x7fb775000000, 138412032 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./12/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./12") = 0 [pid 5829] mkdir("./13", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 7064] <... munmap resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7064] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 7125 attached ) = 5 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7125 [pid 7125] set_robust_list(0x55558bffa6a0, 24 [pid 7064] ioctl(5, LOOP_SET_FD, 4 [pid 7125] <... set_robust_list resumed>) = 0 [pid 7064] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7125] chdir("./13" [pid 7064] ioctl(5, LOOP_CLR_FD) = 0 [pid 7125] <... chdir resumed>) = 0 [pid 7125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7064] ioctl(5, LOOP_SET_FD, 4 [pid 7125] setpgid(0, 0 [pid 7064] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7125] <... setpgid resumed>) = 0 [pid 7064] close(5 [pid 7125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7064] <... close resumed>) = 0 [pid 7064] close(4 [pid 7125] <... openat resumed>) = 3 [pid 7125] write(3, "1000", 4) = 4 [pid 7125] close(3) = 0 [pid 7125] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7125] write(1, "executing program\n", 18) = 18 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7125] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7126 attached => {parent_tid=[7126]}, 88) = 7126 [pid 7125] rt_sigprocmask(SIG_SETMASK, [], [pid 7126] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7126] <... rseq resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] set_robust_list(0x7fb77d6019a0, 24 [pid 7125] <... futex resumed>) = 0 [pid 7126] <... set_robust_list resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7126] memfd_create("syzkaller", 0) = 3 [pid 5830] <... umount2 resumed>) = 0 [pid 7126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] <... mmap resumed>) = 0x7fb775000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./12/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./12") = 0 [pid 5830] mkdir("./13", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7128 ./strace-static-x86_64: Process 7128 attached [pid 7128] set_robust_list(0x55558bffa6a0, 24 [pid 7121] <... write resumed>) = 16777216 [pid 7128] <... set_robust_list resumed>) = 0 [pid 7121] munmap(0x7fb775000000, 138412032 [pid 7128] chdir("./13") = 0 [pid 7128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7128] setpgid(0, 0) = 0 [pid 7128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7121] <... munmap resumed>) = 0 [pid 7128] <... openat resumed>) = 3 [pid 7128] write(3, "1000", 4 [pid 7121] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7128] <... write resumed>) = 4 [pid 7121] <... openat resumed>) = 4 [pid 7128] close(3 [pid 7121] ioctl(4, LOOP_SET_FD, 3 [pid 7128] <... close resumed>) = 0 [pid 7128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7128] write(1, "executing program\n", 18executing program ) = 18 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7128] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7128] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7121] <... ioctl resumed>) = 0 [pid 7128] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7121] close(3 [pid 7128] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7121] <... close resumed>) = 0 [pid 7121] close(4./strace-static-x86_64: Process 7129 attached [pid 7128] <... clone3 resumed> => {parent_tid=[7129]}, 88) = 7129 [ 105.581375][ T7121] loop4: detected capacity change from 0 to 32768 [pid 7129] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7128] rt_sigprocmask(SIG_SETMASK, [], [pid 7129] <... rseq resumed>) = 0 [pid 7121] <... close resumed>) = 0 [pid 7064] <... close resumed>) = 0 [pid 7121] mkdir("./file0", 0777) = 0 [pid 7121] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 7129] set_robust_list(0x7fb77d6019a0, 24 [pid 7128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] <... set_robust_list resumed>) = 0 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] <... futex resumed>) = 0 [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] rename("./file1", "./file0/file0" [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7128] <... futex resumed>) = 0 [pid 7129] memfd_create("syzkaller", 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] <... memfd_create resumed>) = 3 [pid 7129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 105.646373][ T7121] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7121) [pid 7124] <... write resumed>) = 16777216 [pid 7064] <... rename resumed>) = 0 [pid 7124] munmap(0x7fb775000000, 138412032 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] <... munmap resumed>) = 0 [pid 7055] <... futex resumed>) = 0 [pid 7064] mkdir(".", 0777 [pid 7055] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7055] <... futex resumed>) = 0 [pid 7064] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7055] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7124] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 105.707063][ T7121] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 105.739794][ T7121] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 7124] ioctl(4, LOOP_SET_FD, 3) = 0 [ 105.765795][ T7121] BTRFS info (device loop4): using free-space-tree [ 105.775734][ T7124] loop3: detected capacity change from 0 to 32768 [ 105.783558][ T7064] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 105.807933][ T7064] BTRFS info (device loop2 state M): setting nodatasum [pid 7124] close(3) = 0 [pid 7124] close(4) = 0 [pid 7124] mkdir("./file0", 0777) = 0 [pid 7126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 105.823400][ T7064] BTRFS info (device loop2 state M): setting nodatasum [ 105.859363][ T7124] BTRFS: device /dev/loop3 (7:3) using temp-fsid 074d424e-b89c-4b0a-a465-894710e075e7 [ 105.881391][ T7064] BTRFS info (device loop2 state M): turning off barriers [ 105.908150][ T7064] BTRFS info (device loop2 state M): turning on flush-on-commit [ 105.915989][ T7124] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7124) [ 105.942133][ T7064] BTRFS info (device loop2 state M): force clearing of disk cache [ 105.963529][ T7064] BTRFS info (device loop2 state M): doing ref verification [ 105.970874][ T7064] BTRFS info (device loop2 state M): max_inline set to 26856 [ 105.981036][ T7124] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7124] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7121] <... mount resumed>) = 0 [pid 7121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7121] chdir("./file0") = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7121] ioctl(4, LOOP_CLR_FD) = 0 [pid 7121] close(4) = 0 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] memfd_create("syzkaller", 0 [pid 7064] <... mount resumed>) = 0 [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] <... memfd_create resumed>) = 4 [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7064] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7064] chdir(".") = 0 [pid 7064] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] <... futex resumed>) = 0 [pid 7064] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7055] exit_group(0) = ? [pid 7064] <... futex resumed>) = ? [pid 7064] +++ exited with 0 +++ [pid 7055] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7055, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=69 /* 0.69 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./13/binderfs") = 0 [ 106.007091][ T7124] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 106.073504][ T7124] BTRFS info (device loop3): using free-space-tree [ 106.082852][ T5831] BTRFS info (device loop2): last unmount of filesystem b35a8dab-f09d-401f-bc59-1f024eebd02e [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] <... write resumed>) = 16777216 [pid 7129] munmap(0x7fb775000000, 138412032) = 0 [pid 7129] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7129] ioctl(4, LOOP_SET_FD, 3 [pid 7121] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7124] <... mount resumed>) = 0 [pid 7124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7124] chdir("./file0") = 0 [pid 7124] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7124] ioctl(4, LOOP_CLR_FD) = 0 [pid 7124] close(4) = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7123] <... futex resumed>) = 0 [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = 0 [pid 7123] <... futex resumed>) = 1 [pid 7124] memfd_create("syzkaller", 0) = 4 [pid 7124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7129] <... ioctl resumed>) = 0 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] close(3) = 0 [pid 7129] close(4) = 0 [pid 7129] mkdir("./file0", 0777) = 0 [ 106.346714][ T7129] loop1: detected capacity change from 0 to 32768 [pid 7129] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5831] <... umount2 resumed>) = 0 [ 106.401633][ T7129] BTRFS: device /dev/loop1 (7:1) using temp-fsid 001da3cd-8cc3-4aed-910e-0a5fa238de15 [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./13/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./13") = 0 [pid 5831] mkdir("./14", 0777) = 0 [ 106.443023][ T7129] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7129) [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 7126] <... write resumed>) = 16777216 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 7126] munmap(0x7fb775000000, 138412032 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7163 ./strace-static-x86_64: Process 7163 attached [pid 7163] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7163] chdir("./14") = 0 [pid 7163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7163] setpgid(0, 0) = 0 [pid 7163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7163] write(3, "1000", 4) = 4 [pid 7163] close(3) = 0 [pid 7163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7163] write(1, "executing program\n", 18) = 18 [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7163] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7165]}, 88) = 7165 [pid 7163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 7165 attached [pid 7165] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7165] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7165] memfd_create("syzkaller", 0) = 3 [pid 7165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 106.534033][ T7129] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 106.569349][ T7129] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 7126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7126] close(3) = 0 [pid 7126] close(4) = 0 [pid 7126] mkdir("./file0", 0777) = 0 [ 106.612913][ T7129] BTRFS info (device loop1): using free-space-tree [ 106.620057][ T7126] loop0: detected capacity change from 0 to 32768 [ 106.648514][ T7126] BTRFS: device /dev/loop0 (7:0) using temp-fsid c988fbd1-373e-4ceb-8b80-4c6d12a4cb1c [pid 7126] mount("/dev/loop0", "./file0", "btrfs", 0, "" [ 106.713927][ T7126] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7126) [pid 7124] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] <... write resumed>) = 16777216 [pid 7165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] munmap(0x7fb775000000, 138412032) = 0 [pid 7129] <... mount resumed>) = 0 [pid 7129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7129] chdir("./file0") = 0 [pid 7129] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7129] ioctl(4, LOOP_CLR_FD) = 0 [pid 7129] close(4) = 0 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7128] <... futex resumed>) = 0 [pid 7129] memfd_create("syzkaller", 0 [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... memfd_create resumed>) = 4 [pid 7128] <... futex resumed>) = 0 [pid 7129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] <... mmap resumed>) = 0x7fb775000000 [ 106.797063][ T7126] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 106.807368][ T7126] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 106.816690][ T7126] BTRFS info (device loop0): using free-space-tree [pid 7121] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7121] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7121] ioctl(5, LOOP_CLR_FD) = 0 [pid 7121] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7121] close(5) = 0 [pid 7121] close(4 [pid 7126] <... mount resumed>) = 0 [pid 7126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7126] chdir("./file0") = 0 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7126] ioctl(4, LOOP_CLR_FD) = 0 [pid 7126] close(4) = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7126] memfd_create("syzkaller", 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] <... memfd_create resumed>) = 4 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7165] <... write resumed>) = 16777216 [pid 7165] munmap(0x7fb775000000, 138412032) = 0 [pid 7121] <... close resumed>) = 0 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7165] ioctl(4, LOOP_SET_FD, 3 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... ioctl resumed>) = 0 [pid 7121] <... futex resumed>) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7165] close(3 [pid 7121] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... close resumed>) = 0 [pid 7121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7120] <... futex resumed>) = 0 [pid 7165] close(4 [pid 7121] rename("./file1", "./file0/file0" [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] <... close resumed>) = 0 [pid 7165] mkdir("./file0", 0777) = 0 [pid 7165] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7121] <... rename resumed>) = 0 [pid 7129] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7121] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.202916][ T7165] loop2: detected capacity change from 0 to 32768 [ 107.237887][ T7165] BTRFS: device /dev/loop2 (7:2) using temp-fsid 7abc3ff4-3ddd-4d33-b1ea-5c14d6ec26e5 [pid 7120] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7121] mkdir(".", 0777) = -1 EEXIST (File exists) [ 107.274157][ T7165] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7165) [ 107.302492][ T7121] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 7121] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7124] <... write resumed>) = 16777216 [ 107.348693][ T7165] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 107.360596][ T7121] BTRFS info (device loop4 state M): setting nodatasum [ 107.387838][ T7121] BTRFS info (device loop4 state M): setting nodatasum [pid 7124] munmap(0x7fb775000000, 138412032) = 0 [pid 7124] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7126] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7124] <... openat resumed>) = 5 [pid 7124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7124] ioctl(5, LOOP_CLR_FD) = 0 [ 107.397213][ T7165] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 107.420014][ T7121] BTRFS info (device loop4 state M): turning off barriers [ 107.427560][ T7165] BTRFS info (device loop2): using free-space-tree [ 107.441656][ T7121] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 7124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7124] close(5) = 0 [pid 7124] close(4 [pid 7121] <... mount resumed>) = 0 [pid 7121] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7121] chdir(".") = 0 [pid 7121] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7121] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] exit_group(0 [pid 7121] <... futex resumed>) = ? [pid 7120] <... exit_group resumed>) = ? [pid 7121] +++ exited with 0 +++ [pid 7120] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7120, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=60 /* 0.60 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./13/binderfs") = 0 [ 107.463795][ T7121] BTRFS info (device loop4 state M): force clearing of disk cache [ 107.483193][ T7121] BTRFS info (device loop4 state M): doing ref verification [ 107.491402][ T7121] BTRFS info (device loop4 state M): max_inline set to 26856 [ 107.556784][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7124] <... close resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7123] <... futex resumed>) = 0 [pid 7124] rename("./file1", "./file0/file0" [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] <... mount resumed>) = 0 [pid 7165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7165] chdir("./file0") = 0 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7165] ioctl(4, LOOP_CLR_FD) = 0 [pid 7165] close(4) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... rename resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... futex resumed>) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7124] <... futex resumed>) = 1 [pid 7123] <... futex resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7123] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7123] <... futex resumed>) = 0 [pid 7124] mkdir(".", 0777 [pid 7123] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7124] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7165] memfd_create("syzkaller", 0 [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7165] <... memfd_create resumed>) = 4 [pid 7163] <... futex resumed>) = 0 [pid 7165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 107.702951][ T7124] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 107.729313][ T7124] BTRFS info (device loop3 state M): setting nodatasum [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] <... write resumed>) = 16777216 [pid 7129] munmap(0x7fb775000000, 138412032) = 0 [ 107.751579][ T7124] BTRFS info (device loop3 state M): setting nodatasum [ 107.758492][ T7124] BTRFS info (device loop3 state M): turning off barriers [pid 7129] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [ 107.812188][ T7124] BTRFS info (device loop3 state M): turning on flush-on-commit [ 107.821200][ T7124] BTRFS info (device loop3 state M): force clearing of disk cache [ 107.851730][ T7124] BTRFS info (device loop3 state M): doing ref verification [pid 7129] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7129] ioctl(5, LOOP_CLR_FD) = 0 [pid 7124] <... mount resumed>) = 0 [ 107.859074][ T7124] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 7129] ioctl(5, LOOP_SET_FD, 4 [pid 7124] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7124] chdir(".") = 0 [pid 7124] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7123] <... futex resumed>) = 0 [pid 7124] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7123] exit_group(0 [pid 7129] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7129] close(5 [pid 7124] <... futex resumed>) = ? [pid 7123] <... exit_group resumed>) = ? [pid 7124] +++ exited with 0 +++ [pid 7123] +++ exited with 0 +++ [pid 7129] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7123, si_uid=0, si_status=0, si_utime=17 /* 0.17 s */, si_stime=61 /* 0.61 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7129] close(4 [pid 5832] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] <... umount2 resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] newfstatat(AT_FDCWD, "./13/file0", [pid 5832] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./13/binderfs" [pid 5833] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... unlink resumed>) = 0 [pid 5833] <... openat resumed>) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./13/file0") = 0 [pid 7126] <... write resumed>) = 16777216 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./13") = 0 [pid 5833] mkdir("./14", 0777 [pid 7126] munmap(0x7fb775000000, 138412032) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 7165] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7126] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] ioctl(3, LOOP_CLR_FD [pid 7126] <... openat resumed>) = 5 [pid 7126] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7126] ioctl(5, LOOP_CLR_FD) = 0 [pid 7126] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7126] close(5) = 0 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7126] close(4 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7216 attached [pid 7216] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7216 [pid 7216] <... set_robust_list resumed>) = 0 [pid 7216] chdir("./14") = 0 [pid 7216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7216] setpgid(0, 0) = 0 [pid 7216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7129] <... close resumed>) = 0 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] write(3, "1000", 4 [pid 7128] <... futex resumed>) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7216] <... write resumed>) = 4 [pid 7129] rename("./file1", "./file0/file0" [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] close(3 [pid 7128] <... futex resumed>) = 0 [ 108.056886][ T5832] BTRFS info (device loop3): last unmount of filesystem 074d424e-b89c-4b0a-a465-894710e075e7 [pid 7216] <... close resumed>) = 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7216] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7216] write(1, "executing program\n", 18) = 18 [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7216] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7216] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7129] <... rename resumed>) = 0 [pid 7216] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7217 attached => {parent_tid=[7217]}, 88) = 7217 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] rt_sigprocmask(SIG_SETMASK, [], [pid 7217] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7128] <... futex resumed>) = 0 [pid 7217] <... rseq resumed>) = 0 [pid 7128] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] set_robust_list(0x7fb77d6019a0, 24 [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] mkdir(".", 0777 [pid 7128] <... futex resumed>) = 0 [pid 7128] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... set_robust_list resumed>) = 0 [pid 7216] <... futex resumed>) = 0 [pid 7129] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7217] rt_sigprocmask(SIG_SETMASK, [], [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7217] memfd_create("syzkaller", 0) = 3 [pid 7217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 108.242037][ T7129] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 108.281587][ T7129] BTRFS info (device loop1 state M): setting nodatasum [ 108.288494][ T7129] BTRFS info (device loop1 state M): setting nodatasum [ 108.341640][ T7129] BTRFS info (device loop1 state M): turning off barriers [ 108.348809][ T7129] BTRFS info (device loop1 state M): turning on flush-on-commit [pid 7126] <... close resumed>) = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.391592][ T7129] BTRFS info (device loop1 state M): force clearing of disk cache [ 108.399459][ T7129] BTRFS info (device loop1 state M): doing ref verification [pid 7126] rename("./file1", "./file0/file0") = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 7125] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7126] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5832] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7129] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7129] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 4 [pid 7129] chdir("." [pid 5832] newfstatat(4, "", [pid 7129] <... chdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7129] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 7129] <... futex resumed>) = 1 [pid 7128] <... futex resumed>) = 0 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7129] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7128] exit_group(0 [pid 5832] getdents64(4, [pid 7129] <... futex resumed>) = ? [pid 7128] <... exit_group resumed>) = ? [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [ 108.468280][ T7129] BTRFS info (device loop1 state M): max_inline set to 26856 [ 108.496279][ T7126] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [pid 7217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7165] <... write resumed>) = 16777216 [pid 7129] +++ exited with 0 +++ [pid 7128] +++ exited with 0 +++ [pid 5832] close(4 [pid 7165] munmap(0x7fb775000000, 138412032 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./13/file0") = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7128, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=57 /* 0.57 s */} --- [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] close(3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./13" [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] mkdir("./14", 0777 [pid 5830] getdents64(3, [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5832] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] unlink("./13/binderfs") = 0 [pid 5830] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 108.533654][ T7126] BTRFS info (device loop0 state M): setting nodatasum [ 108.553511][ T7126] BTRFS info (device loop0 state M): setting nodatasum [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7219 attached [pid 7165] <... munmap resumed>) = 0 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7219 [pid 7219] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7219] chdir("./14") = 0 [pid 7219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7219] setpgid(0, 0) = 0 [pid 7219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7219] write(3, "1000", 4) = 4 [pid 7219] close(3) = 0 [pid 7219] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7219] write(1, "executing program\n", 18) = 18 [pid 7165] <... openat resumed>) = 5 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7219] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7220]}, 88) = 7220 [pid 7219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] ioctl(5, LOOP_SET_FD, 4./strace-static-x86_64: Process 7220 attached [pid 7219] <... futex resumed>) = 0 [pid 7165] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7220] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] <... rseq resumed>) = 0 [pid 7165] ioctl(5, LOOP_CLR_FD [pid 7220] set_robust_list(0x7fb77d6019a0, 24 [pid 7165] <... ioctl resumed>) = 0 [pid 7220] <... set_robust_list resumed>) = 0 [pid 7220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7220] memfd_create("syzkaller", 0) = 3 [pid 7165] ioctl(5, LOOP_SET_FD, 4 [pid 7220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7165] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7220] <... mmap resumed>) = 0x7fb775000000 [pid 7165] close(5) = 0 [ 108.578662][ T7126] BTRFS info (device loop0 state M): turning off barriers [ 108.582221][ T5830] BTRFS info (device loop1): last unmount of filesystem 001da3cd-8cc3-4aed-910e-0a5fa238de15 [ 108.587242][ T7126] BTRFS info (device loop0 state M): turning on flush-on-commit [ 108.649626][ T7126] BTRFS info (device loop0 state M): force clearing of disk cache [ 108.659196][ T7126] BTRFS info (device loop0 state M): doing ref verification [ 108.668165][ T7126] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7165] close(4 [pid 7126] <... mount resumed>) = 0 [pid 7126] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7126] chdir(".") = 0 [pid 7126] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7126] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] exit_group(0) = ? [pid 7126] <... futex resumed>) = ? [pid 7126] +++ exited with 0 +++ [pid 7125] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7125, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=70 /* 0.70 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./13/binderfs") = 0 [ 108.812521][ T5829] BTRFS info (device loop0): last unmount of filesystem c988fbd1-373e-4ceb-8b80-4c6d12a4cb1c [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7165] <... close resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7163] <... futex resumed>) = 0 [pid 7165] rename("./file1", "./file0/file0" [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7217] <... write resumed>) = 16777216 [pid 7217] munmap(0x7fb775000000, 138412032 [pid 7165] <... rename resumed>) = 0 [pid 7217] <... munmap resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7165] <... futex resumed>) = 0 [pid 7163] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] <... umount2 resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7163] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... openat resumed>) = 4 [pid 7165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7163] <... futex resumed>) = 0 [pid 7165] mkdir(".", 0777 [pid 7163] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] ioctl(4, LOOP_SET_FD, 3 [pid 7165] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7165] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7217] <... ioctl resumed>) = 0 [pid 7220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7217] close(3 [pid 5830] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7217] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7217] close(4 [pid 5830] newfstatat(AT_FDCWD, "./13/file0", [pid 7217] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7217] mkdir("./file0", 0777) = 0 [pid 5830] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7217] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 109.012933][ T7217] loop4: detected capacity change from 0 to 32768 [ 109.047557][ T7165] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5830] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [ 109.059633][ T7217] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7217) [ 109.081784][ T7165] BTRFS info (device loop2 state M): setting nodatasum [ 109.098185][ T7217] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./13/file0") = 0 [ 109.108520][ T7165] BTRFS info (device loop2 state M): setting nodatasum [ 109.116009][ T7165] BTRFS info (device loop2 state M): turning off barriers [ 109.123544][ T7217] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 109.133732][ T7165] BTRFS info (device loop2 state M): turning on flush-on-commit [ 109.142813][ T7217] BTRFS info (device loop4): using free-space-tree [ 109.150046][ T7165] BTRFS info (device loop2 state M): force clearing of disk cache [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./13") = 0 [pid 5830] mkdir("./14", 0777 [pid 7165] <... mount resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 7165] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7225 attached [pid 7165] <... openat resumed>) = 4 [pid 7165] chdir("." [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7225 [pid 7225] set_robust_list(0x55558bffa6a0, 24 [pid 7165] <... chdir resumed>) = 0 [pid 7225] <... set_robust_list resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7225] chdir("./14" [pid 7165] <... futex resumed>) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7225] <... chdir resumed>) = 0 [pid 7165] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7163] exit_group(0 [pid 5829] <... umount2 resumed>) = 0 [pid 7163] <... exit_group resumed>) = ? [pid 7225] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7165] <... futex resumed>) = ? [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7225] <... prctl resumed>) = 0 [pid 7225] setpgid(0, 0 [pid 7165] +++ exited with 0 +++ [pid 7163] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7225] <... setpgid resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./13/file0", [pid 7225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7163, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=62 /* 0.62 s */} --- [pid 7225] <... openat resumed>) = 3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 109.158634][ T7165] BTRFS info (device loop2 state M): doing ref verification [ 109.167149][ T7165] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 7225] write(3, "1000", 4 [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7225] <... write resumed>) = 4 [pid 5831] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7225] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7225] <... close resumed>) = 0 [pid 5831] unlink("./14/binderfs" [pid 7225] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... unlink resumed>) = 0 executing program [pid 5829] <... openat resumed>) = 4 [pid 7225] <... symlink resumed>) = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7225] write(1, "executing program\n", 18 [pid 5829] newfstatat(4, "", [pid 7225] <... write resumed>) = 18 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7225] <... futex resumed>) = 0 [pid 7225] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5829] getdents64(4, [pid 7225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5829] getdents64(4, [pid 7225] <... mmap resumed>) = 0x7fb77d5e1000 [pid 5829] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7225] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5829] close(4 [pid 7225] <... mprotect resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 7225] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5829] rmdir("./13/file0" [pid 7225] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 7225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7225] <... clone3 resumed> => {parent_tid=[7228]}, 88) = 7228 [pid 5829] close(3 [pid 7225] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... close resumed>) = 0 [pid 7225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] rmdir("./13" [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... rmdir resumed>) = 0 [pid 7225] <... futex resumed>) = 0 [pid 5829] mkdir("./14", 0777 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7228 attached [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 7228] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7234 attached [pid 7228] <... rseq resumed>) = 0 [pid 7228] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7234] set_robust_list(0x55558bffa6a0, 24 [pid 7228] memfd_create("syzkaller", 0 [pid 7234] <... set_robust_list resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7234 [ 109.233168][ T5831] BTRFS info (device loop2): last unmount of filesystem 7abc3ff4-3ddd-4d33-b1ea-5c14d6ec26e5 [pid 7234] chdir("./14" [pid 7228] <... memfd_create resumed>) = 3 [pid 7228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7234] <... chdir resumed>) = 0 [pid 7234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7234] setpgid(0, 0) = 0 [pid 7234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7234] write(3, "1000", 4) = 4 [pid 7234] close(3) = 0 [pid 7234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7234] write(1, "executing program\n", 18executing program ) = 18 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7220] <... write resumed>) = 16777216 [pid 7217] <... mount resumed>) = 0 [pid 7234] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7220] munmap(0x7fb775000000, 138412032 [pid 7217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7234] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7217] <... openat resumed>) = 3 [pid 7217] chdir("./file0") = 0 [pid 7217] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7217] ioctl(4, LOOP_CLR_FD) = 0 [pid 7217] close(4) = 0 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7216] <... futex resumed>) = 0 [pid 7217] memfd_create("syzkaller", 0 [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... memfd_create resumed>) = 4 [pid 7217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7241 attached => {parent_tid=[7241]}, 88) = 7241 [pid 7220] <... munmap resumed>) = 0 [pid 7234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7241] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7241] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7241] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7241] <... futex resumed>) = 0 [pid 7234] <... futex resumed>) = 1 [pid 7220] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] <... openat resumed>) = 4 [pid 7241] memfd_create("syzkaller", 0) = 3 [pid 7241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7220] close(3) = 0 [ 109.443188][ T7220] loop3: detected capacity change from 0 to 32768 [pid 7220] close(4) = 0 [pid 7220] mkdir("./file0", 0777) = 0 [ 109.534799][ T7220] BTRFS: device /dev/loop3 (7:3) using temp-fsid 7e2cf363-8ac5-4ad9-ab9a-6f001313ab15 [pid 7220] mount("/dev/loop3", "./file0", "btrfs", 0, "" [ 109.584773][ T7220] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7220) [pid 7228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7217] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.640428][ T7220] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [ 109.690393][ T7220] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 109.710877][ T7220] BTRFS info (device loop3): using free-space-tree [pid 5831] rmdir("./14/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./14") = 0 [pid 5831] mkdir("./15", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7256 attached , child_tidptr=0x55558bffa690) = 7256 [pid 7256] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7256] chdir("./15") = 0 [pid 7256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7256] setpgid(0, 0) = 0 [pid 7256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7256] write(3, "1000", 4) = 4 [pid 7256] close(3) = 0 [pid 7256] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7256] write(1, "executing program\n", 18) = 18 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7256] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7259]}, 88) = 7259 [pid 7256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7259 attached [pid 7259] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7259] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7259] memfd_create("syzkaller", 0) = 3 [pid 7259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7220] <... mount resumed>) = 0 [pid 7217] <... write resumed>) = 16777216 [pid 7220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7220] chdir("./file0") = 0 [pid 7220] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7220] ioctl(4, LOOP_CLR_FD) = 0 [pid 7220] close(4) = 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] munmap(0x7fb775000000, 138412032 [pid 7219] <... futex resumed>) = 1 [pid 7220] <... futex resumed>) = 0 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] memfd_create("syzkaller", 0) = 4 [pid 7220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7217] <... munmap resumed>) = 0 [pid 7217] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7217] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7217] ioctl(5, LOOP_CLR_FD) = 0 [pid 7217] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7217] close(5) = 0 [pid 7217] close(4 [pid 7228] <... write resumed>) = 16777216 [pid 7228] munmap(0x7fb775000000, 138412032 [pid 7259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7228] <... munmap resumed>) = 0 [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7228] close(3) = 0 [pid 7228] close(4) = 0 [pid 7228] mkdir("./file0", 0777) = 0 [ 110.113414][ T7228] loop1: detected capacity change from 0 to 32768 [ 110.145813][ T7228] BTRFS: device /dev/loop1 (7:1) using temp-fsid e4e08809-fba6-4508-bbb5-1ca3e3d4f617 [ 110.179458][ T7228] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7228) [pid 7228] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7241] <... write resumed>) = 16777216 [pid 7217] <... close resumed>) = 0 [ 110.237708][ T7228] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 110.271404][ T7228] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 7241] munmap(0x7fb775000000, 138412032 [pid 7220] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7241] <... munmap resumed>) = 0 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7216] <... futex resumed>) = 0 [pid 7217] rename("./file1", "./file0/file0" [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7217] <... rename resumed>) = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 110.311687][ T7228] BTRFS info (device loop1): using free-space-tree [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] <... futex resumed>) = 0 [pid 7216] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] <... futex resumed>) = 0 [pid 7241] ioctl(4, LOOP_SET_FD, 3 [pid 7216] <... futex resumed>) = 1 [pid 7217] mkdir(".", 0777 [pid 7216] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7217] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7241] <... ioctl resumed>) = 0 [ 110.356061][ T7241] loop0: detected capacity change from 0 to 32768 [ 110.366621][ T7217] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 110.391732][ T7217] BTRFS info (device loop4 state M): setting nodatasum [pid 7241] close(3) = 0 [pid 7241] close(4) = 0 [pid 7241] mkdir("./file0", 0777) = 0 [ 110.401309][ T7217] BTRFS info (device loop4 state M): setting nodatasum [ 110.413006][ T7217] BTRFS info (device loop4 state M): turning off barriers [ 110.420315][ T7217] BTRFS info (device loop4 state M): turning on flush-on-commit [ 110.468060][ T7241] BTRFS: device /dev/loop0 (7:0) using temp-fsid 681b8f3d-c93d-46a7-a159-a998b54918b5 [ 110.499980][ T7241] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7241) [pid 7241] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7259] <... write resumed>) = 16777216 [pid 7228] <... mount resumed>) = 0 [ 110.515217][ T7217] BTRFS info (device loop4 state M): force clearing of disk cache [pid 7228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7228] chdir("./file0" [pid 7259] munmap(0x7fb775000000, 138412032 [pid 7228] <... chdir resumed>) = 0 [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7259] <... munmap resumed>) = 0 [pid 7228] ioctl(4, LOOP_CLR_FD) = 0 [pid 7228] close(4) = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... write resumed>) = 16777216 [pid 7217] <... mount resumed>) = 0 [ 110.542199][ T7217] BTRFS info (device loop4 state M): doing ref verification [ 110.549818][ T7217] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7228] <... futex resumed>) = 1 [pid 7225] <... futex resumed>) = 0 [pid 7220] munmap(0x7fb775000000, 138412032 [pid 7217] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7228] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... munmap resumed>) = 0 [pid 7228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7225] <... futex resumed>) = 0 [pid 7217] <... openat resumed>) = 4 [pid 7228] memfd_create("syzkaller", 0 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7217] chdir(".") = 0 [pid 7228] <... memfd_create resumed>) = 4 [pid 7217] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7259] ioctl(4, LOOP_SET_FD, 3 [pid 7228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7220] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7217] <... futex resumed>) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7228] <... mmap resumed>) = 0x7fb775000000 [pid 7220] <... openat resumed>) = 5 [pid 7217] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] exit_group(0 [pid 7220] ioctl(5, LOOP_SET_FD, 4 [pid 7216] <... exit_group resumed>) = ? [pid 7259] <... ioctl resumed>) = 0 [pid 7220] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7217] <... futex resumed>) = ? [pid 7259] close(3) = 0 [pid 7259] close(4) = 0 [pid 7259] mkdir("./file0", 0777) = 0 [pid 7259] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7217] +++ exited with 0 +++ [pid 7216] +++ exited with 0 +++ [ 110.594377][ T7241] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 110.608377][ T7259] loop2: detected capacity change from 0 to 32768 [ 110.621866][ T7241] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 110.630568][ T7241] BTRFS info (device loop0): using free-space-tree [pid 7220] ioctl(5, LOOP_CLR_FD) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7216, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=58 /* 0.58 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7220] ioctl(5, LOOP_SET_FD, 4 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7220] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7220] close(5 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/binderfs", [pid 7220] <... close resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7220] close(4 [ 110.642630][ T7259] BTRFS: device /dev/loop2 (7:2) using temp-fsid e1be850d-4d43-457a-b5eb-d23ba8777470 [ 110.672638][ T7259] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7259) [pid 5833] unlink("./14/binderfs") = 0 [ 110.736040][ T7259] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 110.764635][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7228] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7241] <... mount resumed>) = 0 [pid 7241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7241] chdir("./file0") = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7241] ioctl(4, LOOP_CLR_FD) = 0 [pid 7241] close(4) = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7234] <... futex resumed>) = 0 [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7241] memfd_create("syzkaller", 0) = 4 [pid 7241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 110.792338][ T7259] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 110.813951][ T7259] BTRFS info (device loop2): using free-space-tree [pid 7259] <... mount resumed>) = 0 [pid 7259] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7259] chdir("./file0") = 0 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7259] ioctl(4, LOOP_CLR_FD) = 0 [pid 7259] close(4) = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7259] memfd_create("syzkaller", 0) = 4 [pid 7259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7220] <... close resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7220] <... futex resumed>) = 0 [pid 7220] rename("./file1", "./file0/file0") = 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7219] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] mkdir(".", 0777 [pid 7219] <... futex resumed>) = 0 [pid 7220] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7219] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7241] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.202594][ T7220] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 111.241681][ T7220] BTRFS info (device loop3 state M): setting nodatasum [pid 5833] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 7228] <... write resumed>) = 16777216 [pid 5833] rmdir("./14/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3 [pid 7228] munmap(0x7fb775000000, 138412032) = 0 [pid 5833] <... close resumed>) = 0 [pid 5833] rmdir("./14") = 0 [ 111.282127][ T7220] BTRFS info (device loop3 state M): setting nodatasum [ 111.289170][ T7220] BTRFS info (device loop3 state M): turning off barriers [ 111.321738][ T7220] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] mkdir("./15", 0777 [pid 7228] <... openat resumed>) = 5 [pid 5833] <... mkdir resumed>) = 0 [pid 7228] ioctl(5, LOOP_SET_FD, 4 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 7228] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7228] ioctl(5, LOOP_CLR_FD) = 0 [pid 5833] close(3 [pid 7259] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7310 attached [pid 7228] ioctl(5, LOOP_SET_FD, 4 [pid 7310] set_robust_list(0x55558bffa6a0, 24 [pid 7228] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7310 [pid 7310] <... set_robust_list resumed>) = 0 [pid 7310] chdir("./15") = 0 [pid 7310] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7228] close(5 [pid 7310] <... prctl resumed>) = 0 [pid 7228] <... close resumed>) = 0 [pid 7310] setpgid(0, 0) = 0 [pid 7310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7310] write(3, "1000", 4) = 4 [pid 7310] close(3) = 0 [pid 7310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7310] write(1, "executing program\n", 18) = 18 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7310] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7311 attached => {parent_tid=[7311]}, 88) = 7311 [pid 7310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7311] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7220] <... mount resumed>) = 0 executing program [pid 7311] rt_sigprocmask(SIG_SETMASK, [], [pid 7220] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] <... openat resumed>) = 4 [pid 7311] memfd_create("syzkaller", 0 [pid 7228] close(4 [pid 7220] chdir("." [pid 7311] <... memfd_create resumed>) = 3 [pid 7220] <... chdir resumed>) = 0 [pid 7311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7220] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] <... mmap resumed>) = 0x7fb775000000 [pid 7220] <... futex resumed>) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] exit_group(0) = ? [pid 7220] <... futex resumed>) = ? [pid 7220] +++ exited with 0 +++ [pid 7219] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7219, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=56 /* 0.56 s */} --- [ 111.351602][ T7220] BTRFS info (device loop3 state M): force clearing of disk cache [ 111.372971][ T7220] BTRFS info (device loop3 state M): doing ref verification [ 111.380313][ T7220] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./14/binderfs") = 0 [ 111.452422][ T5832] BTRFS info (device loop3): last unmount of filesystem 7e2cf363-8ac5-4ad9-ab9a-6f001313ab15 [pid 5832] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7241] <... write resumed>) = 16777216 [pid 7241] munmap(0x7fb775000000, 138412032) = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7241] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7241] ioctl(5, LOOP_CLR_FD) = 0 [pid 7241] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7241] close(5 [pid 7228] <... close resumed>) = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7241] <... close resumed>) = 0 [pid 7225] <... futex resumed>) = 0 [pid 7241] close(4 [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] rename("./file1", "./file0/file0") = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7225] <... futex resumed>) = 0 [pid 7225] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7228] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7228] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./14/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./14") = 0 [pid 5832] mkdir("./15", 0777) = 0 [ 111.784568][ T7228] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7313 ./strace-static-x86_64: Process 7313 attached [pid 7313] set_robust_list(0x55558bffa6a0, 24 [pid 7259] <... write resumed>) = 16777216 [pid 7313] <... set_robust_list resumed>) = 0 [pid 7313] chdir("./15") = 0 [pid 7259] munmap(0x7fb775000000, 138412032 [pid 7313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7313] setpgid(0, 0) = 0 [pid 7313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 111.847118][ T7228] BTRFS info (device loop1 state M): setting nodatasum [ 111.868059][ T7228] BTRFS info (device loop1 state M): setting nodatasum [pid 7313] write(3, "1000", 4) = 4 [pid 7313] close(3) = 0 [pid 7313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7259] <... munmap resumed>) = 0 [pid 7313] write(1, "executing program\n", 18executing program ) = 18 [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7259] ioctl(5, LOOP_SET_FD, 4 [pid 7313] <... futex resumed>) = 0 [pid 7259] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7313] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7259] ioctl(5, LOOP_CLR_FD [pid 7313] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7259] <... ioctl resumed>) = 0 [pid 7313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7313] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7259] ioctl(5, LOOP_SET_FD, 4 [pid 7313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7259] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7259] close(5) = 0 ./strace-static-x86_64: Process 7315 attached [pid 7259] close(4 [pid 7315] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7313] <... clone3 resumed> => {parent_tid=[7315]}, 88) = 7315 [pid 7315] <... rseq resumed>) = 0 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], [pid 7315] set_robust_list(0x7fb77d6019a0, 24) = 0 [ 111.917850][ T7228] BTRFS info (device loop1 state M): turning off barriers [ 111.947224][ T7228] BTRFS info (device loop1 state M): turning on flush-on-commit [pid 7315] rt_sigprocmask(SIG_SETMASK, [], [pid 7313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7241] <... close resumed>) = 0 [pid 7315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7313] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7315] memfd_create("syzkaller", 0 [pid 7313] <... futex resumed>) = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7241] <... futex resumed>) = 1 [pid 7234] <... futex resumed>) = 0 [pid 7315] <... memfd_create resumed>) = 3 [pid 7241] rename("./file1", "./file0/file0" [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] <... mmap resumed>) = 0x7fb775000000 [ 111.992381][ T7228] BTRFS info (device loop1 state M): force clearing of disk cache [ 112.001126][ T7228] BTRFS info (device loop1 state M): doing ref verification [pid 7228] <... mount resumed>) = 0 [pid 7241] <... rename resumed>) = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7228] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7241] <... futex resumed>) = 0 [pid 7234] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7234] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7241] mkdir(".", 0777 [pid 7234] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7228] <... openat resumed>) = 4 [pid 7241] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7228] chdir(".") = 0 [pid 7228] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7228] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... futex resumed>) = 0 [pid 7225] exit_group(0) = ? [pid 7228] <... futex resumed>) = ? [pid 7228] +++ exited with 0 +++ [pid 7225] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7225, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=58 /* 0.58 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 7241] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./14/binderfs") = 0 [ 112.033394][ T7228] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 5830] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7259] <... close resumed>) = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 112.112158][ T5830] BTRFS info (device loop1): last unmount of filesystem e4e08809-fba6-4508-bbb5-1ca3e3d4f617 [ 112.132045][ T7241] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 112.155227][ T7241] BTRFS info (device loop0 state M): setting nodatasum [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7259] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7259] rename("./file1", "./file0/file0") = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] <... futex resumed>) = 0 [pid 7256] <... futex resumed>) = 1 [pid 7259] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7259] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [ 112.188486][ T7241] BTRFS info (device loop0 state M): setting nodatasum [ 112.221585][ T7241] BTRFS info (device loop0 state M): turning off barriers [ 112.229405][ T7241] BTRFS info (device loop0 state M): turning on flush-on-commit [ 112.262071][ T7241] BTRFS info (device loop0 state M): force clearing of disk cache [ 112.271268][ T7241] BTRFS info (device loop0 state M): doing ref verification [ 112.298724][ T7259] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 7256] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] <... write resumed>) = 16777216 [pid 7311] munmap(0x7fb775000000, 138412032 [pid 7315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7241] <... mount resumed>) = 0 [ 112.302347][ T7241] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7241] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7311] <... munmap resumed>) = 0 [pid 7241] <... openat resumed>) = 4 [pid 7241] chdir(".") = 0 [pid 7241] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7241] <... futex resumed>) = 1 [pid 7311] <... openat resumed>) = 4 [pid 7241] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7234] <... futex resumed>) = 0 [pid 7311] ioctl(4, LOOP_SET_FD, 3 [pid 7234] exit_group(0) = ? [pid 7241] <... futex resumed>) = ? [pid 7241] +++ exited with 0 +++ [pid 7234] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7234, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=72 /* 0.72 s */} --- [pid 7311] <... ioctl resumed>) = 0 [pid 5829] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7311] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 112.352351][ T7259] BTRFS info (device loop2 state M): setting nodatasum [ 112.359262][ T7259] BTRFS info (device loop2 state M): setting nodatasum [ 112.376287][ T7311] loop4: detected capacity change from 0 to 32768 [pid 7311] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7311] close(4 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 7311] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 7311] mkdir("./file0", 0777 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7311] <... mkdir resumed>) = 0 [pid 7311] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 5829] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 112.406327][ T7259] BTRFS info (device loop2 state M): turning off barriers [ 112.431634][ T7259] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 5829] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./14/binderfs") = 0 [ 112.451842][ T7311] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7311) [ 112.472896][ T7259] BTRFS info (device loop2 state M): force clearing of disk cache [ 112.492067][ T5829] BTRFS info (device loop0): last unmount of filesystem 681b8f3d-c93d-46a7-a159-a998b54918b5 [ 112.497974][ T7259] BTRFS info (device loop2 state M): doing ref verification [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7259] <... mount resumed>) = 0 [pid 7259] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7259] chdir(".") = 0 [pid 7259] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7259] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7256] exit_group(0 [pid 7259] <... futex resumed>) = ? [pid 7256] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./14/file0", [pid 7259] +++ exited with 0 +++ [pid 7256] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7256, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=63 /* 0.63 s */} --- [pid 5831] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 112.521289][ T7259] BTRFS info (device loop2 state M): max_inline set to 26856 [ 112.541789][ T7311] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 112.554450][ T7311] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 112.563688][ T7311] BTRFS info (device loop4): using free-space-tree [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./15/binderfs" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./14/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./14") = 0 [pid 5830] mkdir("./15", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7331 attached [pid 7331] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7331 [pid 7331] chdir("./15") = 0 [pid 7331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7331] setpgid(0, 0) = 0 [pid 7331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7331] write(3, "1000", 4) = 4 [pid 7331] close(3) = 0 [pid 7331] symlink("/dev/binderfs", "./binderfs") = 0 [ 112.612671][ T5831] BTRFS info (device loop2): last unmount of filesystem e1be850d-4d43-457a-b5eb-d23ba8777470 executing program [pid 7331] write(1, "executing program\n", 18 [pid 7315] <... write resumed>) = 16777216 [pid 7315] munmap(0x7fb775000000, 138412032 [pid 7331] <... write resumed>) = 18 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7331] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7331] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7332 attached => {parent_tid=[7332]}, 88) = 7332 [pid 7331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7332] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] <... rseq resumed>) = 0 [pid 7331] <... futex resumed>) = 0 [pid 7332] set_robust_list(0x7fb77d6019a0, 24 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7315] <... munmap resumed>) = 0 [pid 7332] <... set_robust_list resumed>) = 0 [pid 7332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7332] memfd_create("syzkaller", 0) = 3 [pid 7332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7315] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7315] close(3) = 0 [pid 7315] close(4) = 0 [pid 7315] mkdir("./file0", 0777 [pid 7311] <... mount resumed>) = 0 [pid 7311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7311] chdir("./file0") = 0 [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7311] ioctl(4, LOOP_CLR_FD) = 0 [ 112.704822][ T7315] loop3: detected capacity change from 0 to 32768 [pid 7311] close(4 [pid 7315] <... mkdir resumed>) = 0 [pid 7311] <... close resumed>) = 0 [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7315] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7311] memfd_create("syzkaller", 0) = 4 [pid 7311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 112.782570][ T7315] BTRFS: device /dev/loop3 (7:3) using temp-fsid ae6ff08d-8ee1-4208-a081-0b40c2378a0c [ 112.818323][ T7315] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7315) [ 112.868737][ T7315] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 112.890079][ T7315] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 112.927271][ T7315] BTRFS info (device loop3): using free-space-tree [pid 7332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7311] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./14/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./14") = 0 [pid 5829] mkdir("./15", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7349 attached [pid 7349] set_robust_list(0x55558bffa6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x55558bffa690) = 7349 [pid 7349] <... set_robust_list resumed>) = 0 [pid 7349] chdir("./15") = 0 [pid 7349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... umount2 resumed>) = 0 [pid 7349] <... prctl resumed>) = 0 [pid 7349] setpgid(0, 0) = 0 [pid 7349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7349] write(3, "1000", 4) = 4 [pid 7349] close(3) = 0 [pid 7349] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7349] <... symlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 7349] write(1, "executing program\n", 18 [pid 5831] newfstatat(AT_FDCWD, "./15/file0", [pid 7349] <... write resumed>) = 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7349] <... futex resumed>) = 0 [pid 7349] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7349] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5831] getdents64(4, ./strace-static-x86_64: Process 7352 attached 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7349] <... clone3 resumed> => {parent_tid=[7352]}, 88) = 7352 [pid 7349] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] getdents64(4, [pid 7349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7352] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7349] <... futex resumed>) = 0 [pid 7352] <... rseq resumed>) = 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] close(4 [pid 7352] set_robust_list(0x7fb77d6019a0, 24 [pid 5831] <... close resumed>) = 0 [pid 7352] <... set_robust_list resumed>) = 0 [pid 5831] rmdir("./15/file0" [pid 7352] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... rmdir resumed>) = 0 [pid 7352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] getdents64(3, [pid 7352] memfd_create("syzkaller", 0 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7352] <... memfd_create resumed>) = 3 [pid 7352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] close(3 [pid 7352] <... mmap resumed>) = 0x7fb775000000 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./15") = 0 [pid 5831] mkdir("./16", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 7315] <... mount resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5831] close(3 [pid 7315] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 7315] chdir("./file0" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7353 attached [pid 7315] <... chdir resumed>) = 0 [pid 7353] set_robust_list(0x55558bffa6a0, 24 [pid 7315] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7353 [pid 7353] <... set_robust_list resumed>) = 0 [pid 7353] chdir("./16") = 0 [pid 7353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7353] setpgid(0, 0 [pid 7315] <... openat resumed>) = 4 [pid 7315] ioctl(4, LOOP_CLR_FD) = 0 [pid 7353] <... setpgid resumed>) = 0 [pid 7315] close(4) = 0 [pid 7315] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7315] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7353] write(3, "1000", 4 [pid 7313] <... futex resumed>) = 0 [pid 7353] <... write resumed>) = 4 [pid 7353] close(3) = 0 [pid 7353] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7353] write(1, "executing program\n", 18 [pid 7313] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] <... write resumed>) = 18 [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] <... futex resumed>) = 0 [pid 7313] <... futex resumed>) = 1 [pid 7353] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7353] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7315] memfd_create("syzkaller", 0 [pid 7353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7315] <... memfd_create resumed>) = 4 [pid 7353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7353] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7315] <... mmap resumed>) = 0x7fb775000000 [pid 7353] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7355 attached => {parent_tid=[7355]}, 88) = 7355 [pid 7355] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7353] rt_sigprocmask(SIG_SETMASK, [], [pid 7355] <... rseq resumed>) = 0 [pid 7353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7355] set_robust_list(0x7fb77d6019a0, 24 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] <... set_robust_list resumed>) = 0 [pid 7353] <... futex resumed>) = 0 [pid 7355] rt_sigprocmask(SIG_SETMASK, [], [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7355] memfd_create("syzkaller", 0) = 3 [pid 7355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7332] <... write resumed>) = 16777216 [pid 7332] munmap(0x7fb775000000, 138412032 [pid 7352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7332] <... munmap resumed>) = 0 [pid 7332] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7332] close(3) = 0 [pid 7332] close(4) = 0 [pid 7332] mkdir("./file0", 0777) = 0 [pid 7332] mount("/dev/loop1", "./file0", "btrfs", 0, "" [ 113.514086][ T7332] loop1: detected capacity change from 0 to 32768 [ 113.535350][ T7332] BTRFS: device /dev/loop1 (7:1) using temp-fsid 1c28e17f-5c6c-499a-8466-2b6bc80da0e6 [pid 7315] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7311] <... write resumed>) = 16777216 [pid 7311] munmap(0x7fb775000000, 138412032) = 0 [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7311] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7311] ioctl(5, LOOP_CLR_FD) = 0 [pid 7311] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7311] close(5 [pid 7355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7311] <... close resumed>) = 0 [ 113.568061][ T7332] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7332) [ 113.637907][ T7332] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 113.683948][ T7332] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 113.713516][ T7332] BTRFS info (device loop1): using free-space-tree [pid 7311] close(4) = 0 [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7311] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] <... futex resumed>) = 0 [pid 7310] <... futex resumed>) = 1 [pid 7311] rename("./file1", "./file0/file0" [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7311] <... rename resumed>) = 0 [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7310] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7311] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7352] <... write resumed>) = 16777216 [pid 7352] munmap(0x7fb775000000, 138412032) = 0 [pid 7332] <... mount resumed>) = 0 [pid 7332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7352] ioctl(4, LOOP_SET_FD, 3 [pid 7332] chdir("./file0") = 0 [pid 7352] <... ioctl resumed>) = 0 [pid 7332] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7352] close(3 [pid 7332] <... openat resumed>) = 4 [pid 7332] ioctl(4, LOOP_CLR_FD) = 0 [pid 7352] <... close resumed>) = 0 [pid 7332] close(4 [pid 7352] close(4) = 0 [pid 7332] <... close resumed>) = 0 [pid 7352] mkdir("./file0", 0777) = 0 [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7332] <... futex resumed>) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7332] memfd_create("syzkaller", 0 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7332] <... memfd_create resumed>) = 4 [ 113.957975][ T7311] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 113.976266][ T7352] loop0: detected capacity change from 0 to 32768 [ 113.997148][ T7352] BTRFS: device /dev/loop0 (7:0) using temp-fsid 1d1694e7-30d8-45af-80cb-e5f0815d0579 [pid 7332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 114.016436][ T7311] BTRFS info (device loop4 state M): setting nodatasum [ 114.045601][ T7311] BTRFS info (device loop4 state M): setting nodatasum [ 114.051781][ T7352] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7352) [pid 7355] <... write resumed>) = 16777216 [pid 7315] <... write resumed>) = 16777216 [ 114.068784][ T7311] BTRFS info (device loop4 state M): turning off barriers [ 114.090340][ T7311] BTRFS info (device loop4 state M): turning on flush-on-commit [pid 7355] munmap(0x7fb775000000, 138412032 [pid 7315] munmap(0x7fb775000000, 138412032 [pid 7355] <... munmap resumed>) = 0 [pid 7315] <... munmap resumed>) = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 114.111641][ T7311] BTRFS info (device loop4 state M): force clearing of disk cache [ 114.120893][ T7352] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 114.130485][ T7311] BTRFS info (device loop4 state M): doing ref verification [ 114.142432][ T7352] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 114.161652][ T7311] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7315] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7355] <... openat resumed>) = 4 [pid 7315] <... openat resumed>) = 5 [pid 7355] ioctl(4, LOOP_SET_FD, 3 [pid 7315] ioctl(5, LOOP_SET_FD, 4 [pid 7311] <... mount resumed>) = 0 [pid 7315] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7315] ioctl(5, LOOP_CLR_FD [pid 7311] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7315] <... ioctl resumed>) = 0 [pid 7311] <... openat resumed>) = 4 [pid 7311] chdir("." [pid 7315] ioctl(5, LOOP_SET_FD, 4 [pid 7311] <... chdir resumed>) = 0 [pid 7315] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7311] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7315] close(5 [pid 7311] <... futex resumed>) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7315] <... close resumed>) = 0 [pid 7311] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7310] exit_group(0 [pid 7315] close(4 [pid 7311] <... futex resumed>) = ? [pid 7310] <... exit_group resumed>) = ? [pid 7311] +++ exited with 0 +++ [pid 7310] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7310, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=64 /* 0.64 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7355] <... ioctl resumed>) = 0 [pid 7355] close(3) = 0 [pid 5833] <... restart_syscall resumed>) = 0 [pid 7355] close(4 [ 114.162477][ T7355] loop2: detected capacity change from 0 to 32768 [ 114.177807][ T7352] BTRFS info (device loop0): using free-space-tree [pid 5833] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7355] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7355] mkdir("./file0", 0777 [pid 5833] <... openat resumed>) = 3 [pid 7355] <... mkdir resumed>) = 0 [pid 5833] newfstatat(3, "", [pid 7355] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7332] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./15/binderfs") = 0 [ 114.236092][ T7355] BTRFS: device /dev/loop2 (7:2) using temp-fsid cb016b5e-0144-4aa1-bcce-1c6f10dcec63 [ 114.259249][ T7355] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7355) [ 114.305832][ T7355] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5833] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7352] <... mount resumed>) = 0 [pid 7352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7352] chdir("./file0") = 0 [pid 7352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 114.349259][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 114.381663][ T7355] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 114.390361][ T7355] BTRFS info (device loop2): using free-space-tree [pid 7352] ioctl(4, LOOP_CLR_FD) = 0 [pid 7352] close(4) = 0 [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] memfd_create("syzkaller", 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7352] <... memfd_create resumed>) = 4 [pid 7352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7315] <... close resumed>) = 0 [pid 7315] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7313] <... futex resumed>) = 0 [pid 7315] rename("./file1", "./file0/file0" [pid 7313] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7313] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5c0000 [pid 7313] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 7405 attached => {parent_tid=[7405]}, 88) = 7405 [pid 7405] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], [pid 7405] <... rseq resumed>) = 0 [pid 7313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7405] set_robust_list(0x7fb77d5e09a0, 24 [pid 7313] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... set_robust_list resumed>) = 0 [pid 7313] <... futex resumed>) = 0 [pid 7405] rt_sigprocmask(SIG_SETMASK, [], [pid 7313] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7405] mkdir(".", 0777 [pid 7315] <... rename resumed>) = 0 [pid 7405] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7405] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7315] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7315] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7355] <... mount resumed>) = 0 [pid 7355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7355] chdir("./file0") = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7355] ioctl(4, LOOP_CLR_FD) = 0 [pid 7355] close(4) = 0 [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7355] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] <... futex resumed>) = 0 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7355] <... futex resumed>) = 0 [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 114.598022][ T7405] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [pid 7355] memfd_create("syzkaller", 0) = 4 [pid 7355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 114.641629][ T7405] BTRFS info (device loop3 state M): setting nodatasum [ 114.671600][ T7405] BTRFS info (device loop3 state M): setting nodatasum [ 114.681861][ T7405] BTRFS info (device loop3 state M): turning off barriers [ 114.689027][ T7405] BTRFS info (device loop3 state M): turning on flush-on-commit [ 114.738871][ T7405] BTRFS info (device loop3 state M): force clearing of disk cache [ 114.771777][ T7405] BTRFS info (device loop3 state M): doing ref verification [pid 7352] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7405] <... mount resumed>) = 0 [pid 7405] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7405] chdir(".") = 0 [pid 7405] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7313] <... futex resumed>) = 0 [pid 7313] exit_group(0 [pid 7405] futex(0x7fb77d6dd6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 7313] <... exit_group resumed>) = ? [pid 7405] +++ exited with 0 +++ [pid 7315] <... futex resumed>) = ? [pid 7315] +++ exited with 0 +++ [pid 7313] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7313, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=64 /* 0.64 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./15/binderfs") = 0 [pid 5832] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7332] <... write resumed>) = 16777216 [pid 5833] <... umount2 resumed>) = 0 [pid 7332] munmap(0x7fb775000000, 138412032 [pid 5833] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [ 114.811662][ T7405] BTRFS info (device loop3 state M): max_inline set to 26856 [ 114.840306][ T5832] BTRFS info (device loop3): last unmount of filesystem ae6ff08d-8ee1-4208-a081-0b40c2378a0c [pid 5833] rmdir("./15/file0") = 0 [pid 7332] <... munmap resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./15") = 0 [pid 5833] mkdir("./16", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7407 attached [pid 7407] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7407] chdir("./16") = 0 [pid 7407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7407] setpgid(0, 0) = 0 [pid 7407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7407 [pid 7407] <... openat resumed>) = 3 [pid 7332] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7407] write(3, "1000", 4 [pid 7332] <... openat resumed>) = 5 [pid 7407] <... write resumed>) = 4 [pid 7407] close(3) = 0 [pid 7407] symlink("/dev/binderfs", "./binderfs" [pid 7332] ioctl(5, LOOP_SET_FD, 4 [pid 7407] <... symlink resumed>) = 0 [pid 7332] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7407] write(1, "executing program\n", 18 [pid 7332] ioctl(5, LOOP_CLR_FDexecuting program [pid 7407] <... write resumed>) = 18 [pid 7332] <... ioctl resumed>) = 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7332] ioctl(5, LOOP_SET_FD, 4 [pid 7407] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7332] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7332] close(5 [pid 7407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7407] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7332] <... close resumed>) = 0 [pid 7332] close(4./strace-static-x86_64: Process 7408 attached [pid 7407] <... clone3 resumed> => {parent_tid=[7408]}, 88) = 7408 [pid 7407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7408] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] <... rseq resumed>) = 0 [pid 7407] <... futex resumed>) = 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7408] set_robust_list(0x7fb77d6019a0, 24 [pid 7355] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7408] <... set_robust_list resumed>) = 0 [pid 7408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7408] memfd_create("syzkaller", 0) = 3 [pid 7408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] <... umount2 resumed>) = 0 [pid 7352] <... write resumed>) = 16777216 [pid 5832] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7352] munmap(0x7fb775000000, 138412032 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7352] <... munmap resumed>) = 0 [pid 7332] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7331] <... futex resumed>) = 0 [pid 7352] <... openat resumed>) = 5 [pid 7332] <... futex resumed>) = 1 [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] getdents64(4, [pid 7331] <... futex resumed>) = 0 [pid 7352] ioctl(5, LOOP_SET_FD, 4 [pid 5832] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7332] rename("./file1", "./file0/file0" [pid 7352] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] getdents64(4, [pid 7352] ioctl(5, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./15/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 7352] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./15") = 0 [pid 7352] ioctl(5, LOOP_SET_FD, 4 [pid 5832] mkdir("./16", 0777 [pid 7352] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... mkdir resumed>) = 0 [pid 7352] close(5 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7352] <... close resumed>) = 0 [pid 7352] close(4 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7332] <... rename resumed>) = 0 [pid 5832] close(3) = 0 [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7332] <... futex resumed>) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7332] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7331] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7410 [pid 7332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7331] <... futex resumed>) = 0 [pid 7332] mkdir(".", 0777 [pid 7331] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7410 attached [pid 7332] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7410] set_robust_list(0x55558bffa6a0, 24 [pid 7332] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7410] <... set_robust_list resumed>) = 0 [pid 7410] chdir("./16") = 0 [pid 7410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7410] setpgid(0, 0) = 0 [pid 7410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7410] write(3, "1000", 4) = 4 [pid 7410] close(3) = 0 [pid 7410] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7410] write(1, "executing program\n", 18) = 18 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7410] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7410] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7411 attached [pid 7411] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7410] <... clone3 resumed> => {parent_tid=[7411]}, 88) = 7411 [pid 7411] <... rseq resumed>) = 0 [pid 7410] rt_sigprocmask(SIG_SETMASK, [], [pid 7411] set_robust_list(0x7fb77d6019a0, 24 [pid 7410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7411] <... set_robust_list resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7411] rt_sigprocmask(SIG_SETMASK, [], [pid 7410] <... futex resumed>) = 0 [pid 7411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7411] memfd_create("syzkaller", 0) = 3 [pid 7411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 115.296083][ T7332] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 115.335414][ T7332] BTRFS info (device loop1 state M): setting nodatasum [ 115.368009][ T7332] BTRFS info (device loop1 state M): setting nodatasum [ 115.398785][ T7332] BTRFS info (device loop1 state M): turning off barriers [ 115.431613][ T7332] BTRFS info (device loop1 state M): turning on flush-on-commit [ 115.439310][ T7332] BTRFS info (device loop1 state M): force clearing of disk cache [pid 7408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7355] <... write resumed>) = 16777216 [pid 7352] <... close resumed>) = 0 [pid 7355] munmap(0x7fb775000000, 138412032 [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7352] rename("./file1", "./file0/file0" [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7352] <... rename resumed>) = 0 [pid 7332] <... mount resumed>) = 0 [pid 7355] <... munmap resumed>) = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] <... openat resumed>) = 5 [pid 7352] <... futex resumed>) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7355] ioctl(5, LOOP_SET_FD, 4 [pid 7352] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7349] <... futex resumed>) = 0 [pid 7355] ioctl(5, LOOP_CLR_FD [pid 7352] mkdir(".", 0777 [pid 7349] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7355] <... ioctl resumed>) = 0 [pid 7352] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7352] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7332] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7332] chdir(".") = 0 [pid 7332] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7332] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7331] exit_group(0 [pid 7355] ioctl(5, LOOP_SET_FD, 4 [pid 7332] <... futex resumed>) = ? [pid 7331] <... exit_group resumed>) = ? [pid 7355] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7332] +++ exited with 0 +++ [pid 7331] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7331, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=59 /* 0.59 s */} --- [pid 7355] close(5) = 0 [ 115.481709][ T7332] BTRFS info (device loop1 state M): doing ref verification [ 115.507693][ T7332] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7355] close(4 [pid 5830] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./15/binderfs") = 0 [pid 5830] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 115.592183][ T5830] BTRFS info (device loop1): last unmount of filesystem 1c28e17f-5c6c-499a-8466-2b6bc80da0e6 [ 115.613068][ T7352] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 115.656669][ T7352] BTRFS info (device loop0 state M): setting nodatasum [ 115.691035][ T7352] BTRFS info (device loop0 state M): setting nodatasum [ 115.720203][ T7352] BTRFS info (device loop0 state M): turning off barriers [ 115.747612][ T7352] BTRFS info (device loop0 state M): turning on flush-on-commit [ 115.781612][ T7352] BTRFS info (device loop0 state M): force clearing of disk cache [ 115.789481][ T7352] BTRFS info (device loop0 state M): doing ref verification [pid 7411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7355] <... close resumed>) = 0 [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7353] <... futex resumed>) = 0 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7355] rename("./file1", "./file0/file0" [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7352] <... mount resumed>) = 0 [pid 7352] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7355] <... rename resumed>) = 0 [pid 7352] chdir(".") = 0 [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] <... futex resumed>) = 0 [pid 7352] <... futex resumed>) = 1 [pid 7355] <... futex resumed>) = 1 [pid 7353] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] <... futex resumed>) = 0 [pid 7353] <... futex resumed>) = 0 [pid 7349] exit_group(0 [pid 7353] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7352] <... futex resumed>) = ? [pid 7349] <... exit_group resumed>) = ? [pid 7352] +++ exited with 0 +++ [pid 7349] +++ exited with 0 +++ [ 115.827379][ T7352] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7355] mkdir(".", 0777 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7349, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=71 /* 0.71 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7355] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7355] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5829] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7408] <... write resumed>) = 16777216 [pid 5829] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7408] munmap(0x7fb775000000, 138412032 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 7408] <... munmap resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./15/binderfs", [pid 7408] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7408] <... openat resumed>) = 4 [pid 5829] unlink("./15/binderfs" [pid 7408] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... unlink resumed>) = 0 [pid 5829] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7408] <... ioctl resumed>) = 0 [pid 7408] close(3) = 0 [pid 7408] close(4) = 0 [pid 7408] mkdir("./file0", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 7408] <... mkdir resumed>) = 0 [pid 5830] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7408] mount("/dev/loop4", "./file0", "btrfs", 0, "" [ 115.923521][ T7408] loop4: detected capacity change from 0 to 32768 [ 115.925353][ T7355] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 115.947839][ T5829] BTRFS info (device loop0): last unmount of filesystem 1d1694e7-30d8-45af-80cb-e5f0815d0579 [pid 5830] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./15/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [ 115.987549][ T7408] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7408) [ 115.987811][ T7355] BTRFS info (device loop2 state M): setting nodatasum [pid 5830] rmdir("./15" [pid 7411] <... write resumed>) = 16777216 [pid 5830] <... rmdir resumed>) = 0 [pid 7411] munmap(0x7fb775000000, 138412032 [pid 5830] mkdir("./16", 0777 [pid 7411] <... munmap resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 7411] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 116.048606][ T7355] BTRFS info (device loop2 state M): setting nodatasum [ 116.057360][ T7355] BTRFS info (device loop2 state M): turning off barriers [ 116.063940][ T7408] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 116.067058][ T7355] BTRFS info (device loop2 state M): turning on flush-on-commit [pid 7411] ioctl(4, LOOP_SET_FD, 3 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 7411] <... ioctl resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7411] close(3./strace-static-x86_64: Process 7414 attached ) = 0 [pid 7414] set_robust_list(0x55558bffa6a0, 24 [pid 7411] close(4 [pid 5830] <... clone resumed>, child_tidptr=0x55558bffa690) = 7414 [pid 7414] <... set_robust_list resumed>) = 0 [pid 7411] <... close resumed>) = 0 [pid 7414] chdir("./16" [pid 7411] mkdir("./file0", 0777 [pid 7414] <... chdir resumed>) = 0 [pid 7411] <... mkdir resumed>) = 0 [ 116.095874][ T7411] loop3: detected capacity change from 0 to 32768 [ 116.107511][ T7355] BTRFS info (device loop2 state M): force clearing of disk cache [ 116.136961][ T7408] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 7414] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7411] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7414] <... prctl resumed>) = 0 [pid 7414] setpgid(0, 0) = 0 [ 116.146892][ T7411] BTRFS: device /dev/loop3 (7:3) using temp-fsid 55d6e47c-0265-42f4-afa9-6c9b49fa9c5e [ 116.163076][ T7355] BTRFS info (device loop2 state M): doing ref verification [ 116.185169][ T7355] BTRFS info (device loop2 state M): max_inline set to 26856 [pid 7414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7414] write(3, "1000", 4) = 4 [pid 7414] close(3) = 0 [pid 7355] <... mount resumed>) = 0 [pid 7355] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7355] chdir(".") = 0 executing program [pid 7414] symlink("/dev/binderfs", "./binderfs" [pid 7355] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7353] <... futex resumed>) = 0 [pid 7414] <... symlink resumed>) = 0 [pid 7355] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] exit_group(0 [pid 7414] write(1, "executing program\n", 18 [pid 7355] <... futex resumed>) = ? [pid 7353] <... exit_group resumed>) = ? [pid 7414] <... write resumed>) = 18 [pid 7355] +++ exited with 0 +++ [pid 7353] +++ exited with 0 +++ [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7414] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7418 attached [ 116.195114][ T7408] BTRFS info (device loop4): using free-space-tree [ 116.201830][ T7411] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7411) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7353, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=71 /* 0.71 s */} --- [pid 7414] <... clone3 resumed> => {parent_tid=[7418]}, 88) = 7418 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 7418] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... restart_syscall resumed>) = 0 [pid 7418] <... rseq resumed>) = 0 [pid 7418] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 5831] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7418] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7418] <... memfd_create resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 7418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 116.240615][ T7411] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 5831] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./16/binderfs") = 0 [ 116.288535][ T7411] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 116.312185][ T5831] BTRFS info (device loop2): last unmount of filesystem cb016b5e-0144-4aa1-bcce-1c6f10dcec63 [pid 5831] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7408] <... mount resumed>) = 0 [pid 7408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7408] chdir("./file0") = 0 [pid 7408] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7408] ioctl(4, LOOP_CLR_FD) = 0 [pid 7408] close(4) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] memfd_create("syzkaller", 0 [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] <... memfd_create resumed>) = 4 [pid 7407] <... futex resumed>) = 0 [pid 7408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7408] <... mmap resumed>) = 0x7fb775000000 [ 116.342188][ T7411] BTRFS info (device loop3): using free-space-tree [pid 5829] <... umount2 resumed>) = 0 [pid 7418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./15/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./15") = 0 [pid 5829] mkdir("./16", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7446 ./strace-static-x86_64: Process 7446 attached [pid 7446] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7446] chdir("./16") = 0 [pid 7446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7446] setpgid(0, 0) = 0 [pid 7446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7446] write(3, "1000", 4) = 4 [pid 7446] close(3) = 0 [pid 7446] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7446] write(1, "executing program\n", 18) = 18 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7446] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7446] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7449]}, 88) = 7449 [pid 7446] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7449 attached [pid 7449] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7449] <... rseq resumed>) = 0 [pid 7449] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7449] memfd_create("syzkaller", 0) = 3 [pid 7449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7411] <... mount resumed>) = 0 [pid 7411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7449] <... mmap resumed>) = 0x7fb775000000 [pid 7411] <... openat resumed>) = 3 [pid 7411] chdir("./file0") = 0 [pid 7408] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7411] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7411] ioctl(4, LOOP_CLR_FD) = 0 [pid 7411] close(4) = 0 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7411] <... futex resumed>) = 1 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7411] memfd_create("syzkaller", 0) = 4 [pid 7411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./16/file0") = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./16") = 0 [pid 5831] mkdir("./17", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7450 attached [pid 7450] set_robust_list(0x55558bffa6a0, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7450 [pid 7450] <... set_robust_list resumed>) = 0 [pid 7450] chdir("./17") = 0 [pid 7450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7450] setpgid(0, 0) = 0 [pid 7450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7450] write(3, "1000", 4) = 4 [pid 7450] close(3) = 0 [pid 7450] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7450] write(1, "executing program\n", 18) = 18 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7450] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7418] <... write resumed>) = 16777216 [pid 7450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7411] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7408] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 7451 attached [pid 7408] munmap(0x7fb775000000, 138412032 [pid 7451] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7450] <... clone3 resumed> => {parent_tid=[7451]}, 88) = 7451 [pid 7418] munmap(0x7fb775000000, 138412032 [pid 7408] <... munmap resumed>) = 0 [pid 7451] <... rseq resumed>) = 0 [pid 7450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7451] memfd_create("syzkaller", 0) = 3 [pid 7451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7408] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7408] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7408] ioctl(5, LOOP_CLR_FD) = 0 [pid 7408] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7408] close(5) = 0 [pid 7408] close(4 [pid 7418] <... munmap resumed>) = 0 [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7418] close(3) = 0 [pid 7418] close(4) = 0 [pid 7418] mkdir("./file0", 0777) = 0 [ 117.015343][ T7418] loop1: detected capacity change from 0 to 32768 [ 117.064803][ T7418] BTRFS: device /dev/loop1 (7:1) using temp-fsid e8830850-d67a-4307-b1dd-4341c754b76e [ 117.096892][ T7418] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7418) [pid 7418] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7408] <... close resumed>) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] rename("./file1", "./file0/file0" [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.171712][ T7418] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 117.201325][ T7418] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7408] <... rename resumed>) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] mkdir(".", 0777 [pid 7407] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7407] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7408] <... mkdir resumed>) = -1 EEXIST (File exists) [ 117.226207][ T7418] BTRFS info (device loop1): using free-space-tree [ 117.284616][ T7408] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 117.301590][ T7408] BTRFS info (device loop4 state M): setting nodatasum [ 117.312496][ T7408] BTRFS info (device loop4 state M): setting nodatasum [pid 7408] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7449] <... write resumed>) = 16777216 [pid 7449] munmap(0x7fb775000000, 138412032 [pid 7411] <... write resumed>) = 16777216 [pid 7411] munmap(0x7fb775000000, 138412032 [pid 7408] <... mount resumed>) = 0 [pid 7408] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7408] chdir(".") = 0 [pid 7449] <... munmap resumed>) = 0 [pid 7408] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7407] exit_group(0 [pid 7449] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7407] <... exit_group resumed>) = ? [pid 7449] <... openat resumed>) = 4 [ 117.329435][ T7408] BTRFS info (device loop4 state M): turning off barriers [ 117.339633][ T7408] BTRFS info (device loop4 state M): turning on flush-on-commit [ 117.359934][ T7408] BTRFS info (device loop4 state M): force clearing of disk cache [ 117.369231][ T7408] BTRFS info (device loop4 state M): doing ref verification [ 117.376703][ T7408] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 7449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7411] <... munmap resumed>) = 0 [pid 7408] +++ exited with 0 +++ [pid 7407] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7407, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=62 /* 0.62 s */} --- [pid 5833] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7411] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5833] newfstatat(3, "", [pid 7449] close(3 [pid 7411] <... openat resumed>) = 5 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7449] <... close resumed>) = 0 [pid 7411] ioctl(5, LOOP_SET_FD, 4 [pid 5833] getdents64(3, [pid 7449] close(4 [pid 7411] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7411] ioctl(5, LOOP_CLR_FD [pid 5833] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7449] <... close resumed>) = 0 [pid 7411] <... ioctl resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./16/binderfs", [pid 7449] mkdir("./file0", 0777 [pid 5833] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7449] <... mkdir resumed>) = 0 [pid 5833] unlink("./16/binderfs" [pid 7449] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7418] <... mount resumed>) = 0 [pid 5833] <... unlink resumed>) = 0 [pid 7418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7411] ioctl(5, LOOP_SET_FD, 4 [pid 5833] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7418] <... openat resumed>) = 3 [pid 7411] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7418] chdir("./file0" [pid 7411] close(5 [pid 7418] <... chdir resumed>) = 0 [pid 7411] <... close resumed>) = 0 [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7411] close(4 [pid 7418] <... openat resumed>) = 4 [pid 7418] ioctl(4, LOOP_CLR_FD) = 0 [ 117.402821][ T7449] loop0: detected capacity change from 0 to 32768 [pid 7418] close(4) = 0 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7418] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7414] <... futex resumed>) = 0 [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7418] <... futex resumed>) = 0 [pid 7418] memfd_create("syzkaller", 0) = 4 [ 117.466103][ T7449] BTRFS: device /dev/loop0 (7:0) using temp-fsid d0d6e0f2-3b08-469a-9817-eebe38067de2 [ 117.502837][ T5833] BTRFS info (device loop4): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 117.516389][ T7449] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7449) [ 117.597256][ T7449] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 117.642355][ T7449] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 117.651061][ T7449] BTRFS info (device loop0): using free-space-tree [pid 7411] <... close resumed>) = 0 [pid 7451] <... write resumed>) = 16777216 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7451] munmap(0x7fb775000000, 138412032 [pid 5833] <... umount2 resumed>) = 0 [pid 7411] <... futex resumed>) = 1 [pid 7410] <... futex resumed>) = 0 [pid 5833] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7411] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7411] <... futex resumed>) = 0 [pid 7410] <... futex resumed>) = 1 [pid 5833] newfstatat(AT_FDCWD, "./16/file0", [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7411] rename("./file1", "./file0/file0" [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, [pid 7411] <... rename resumed>) = 0 [pid 5833] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7411] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] close(4 [pid 7410] <... futex resumed>) = 1 [pid 7411] <... futex resumed>) = 0 [pid 7410] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... close resumed>) = 0 [pid 7411] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7411] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] rmdir("./16/file0" [pid 7451] <... munmap resumed>) = 0 [pid 5833] <... rmdir resumed>) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./16") = 0 [pid 5833] mkdir("./17", 0777 [pid 7451] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5833] <... mkdir resumed>) = 0 [pid 7451] <... openat resumed>) = 4 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7451] ioctl(4, LOOP_SET_FD, 3 [pid 5833] <... openat resumed>) = 3 [pid 7418] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3 [pid 7451] <... ioctl resumed>) = 0 [pid 7451] close(3) = 0 [pid 7451] close(4) = 0 [pid 7451] mkdir("./file0", 0777) = 0 [ 117.788172][ T7451] loop2: detected capacity change from 0 to 32768 [ 117.815387][ T7411] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 117.866106][ T7451] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7451) [ 117.896787][ T7411] BTRFS info (device loop3 state M): setting nodatasum [pid 7451] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 7449] <... mount resumed>) = 0 [pid 7449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7449] chdir("./file0") = 0 [pid 7449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7449] ioctl(4, LOOP_CLR_FD) = 0 [pid 7449] close(4) = 0 [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7449] memfd_create("syzkaller", 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7449] <... memfd_create resumed>) = 4 [pid 7446] <... futex resumed>) = 0 [pid 7449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7449] <... mmap resumed>) = 0x7fb775000000 [ 117.931224][ T7451] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 117.942311][ T7451] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 117.950995][ T7451] BTRFS info (device loop2): using free-space-tree [ 117.957912][ T7411] BTRFS info (device loop3 state M): setting nodatasum [ 117.965965][ T7411] BTRFS info (device loop3 state M): turning off barriers [ 117.973428][ T7411] BTRFS info (device loop3 state M): turning on flush-on-commit [pid 7411] <... mount resumed>) = 0 [pid 7411] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7411] chdir(".") = 0 [pid 7411] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7410] <... futex resumed>) = 0 [pid 7411] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7410] exit_group(0 [pid 7411] <... futex resumed>) = ? [pid 7410] <... exit_group resumed>) = ? [pid 7411] +++ exited with 0 +++ [pid 7410] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7410, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=54 /* 0.54 s */} --- [ 117.981098][ T7411] BTRFS info (device loop3 state M): force clearing of disk cache [ 117.989354][ T7411] BTRFS info (device loop3 state M): doing ref verification [ 117.997087][ T7411] BTRFS info (device loop3 state M): max_inline set to 26856 [pid 5832] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./16/binderfs") = 0 [ 118.076892][ T5832] BTRFS info (device loop3): last unmount of filesystem 55d6e47c-0265-42f4-afa9-6c9b49fa9c5e [pid 5832] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7451] <... mount resumed>) = 0 [pid 7451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7451] chdir("./file0") = 0 [pid 7451] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7451] ioctl(4, LOOP_CLR_FD) = 0 [pid 7451] close(4) = 0 [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7451] memfd_create("syzkaller", 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] <... memfd_create resumed>) = 4 [pid 7451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7418] <... write resumed>) = 16777216 [pid 7418] munmap(0x7fb775000000, 138412032 [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7502 attached [pid 7502] set_robust_list(0x55558bffa6a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55558bffa690) = 7502 [pid 7502] <... set_robust_list resumed>) = 0 [pid 7502] chdir("./17") = 0 [pid 7502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7502] setpgid(0, 0) = 0 [pid 7502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7502] write(3, "1000", 4) = 4 [pid 7502] close(3) = 0 [pid 7418] <... munmap resumed>) = 0 [pid 7502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7502] write(1, "executing program\n", 18executing program ) = 18 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7502] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7502] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7503 attached => {parent_tid=[7503]}, 88) = 7503 [pid 7502] rt_sigprocmask(SIG_SETMASK, [], [pid 7503] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7503] <... rseq resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7503] set_robust_list(0x7fb77d6019a0, 24 [pid 7502] <... futex resumed>) = 0 [pid 7503] <... set_robust_list resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7503] memfd_create("syzkaller", 0) = 3 [pid 7503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 7418] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7418] ioctl(5, LOOP_CLR_FD) = 0 [pid 7418] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7418] close(5) = 0 [pid 7418] close(4 [pid 7449] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7451] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./16/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./16") = 0 [pid 5832] mkdir("./17", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7506 attached [pid 7418] <... close resumed>) = 0 [pid 7506] set_robust_list(0x55558bffa6a0, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558bffa690) = 7506 [pid 7506] <... set_robust_list resumed>) = 0 [pid 7506] chdir("./17") = 0 [pid 7503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7418] <... futex resumed>) = 1 [pid 7414] <... futex resumed>) = 0 [pid 7418] rename("./file1", "./file0/file0" [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] <... prctl resumed>) = 0 [pid 7414] <... futex resumed>) = 0 [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7506] setpgid(0, 0) = 0 [pid 7506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7506] write(3, "1000", 4) = 4 [pid 7506] close(3) = 0 [pid 7506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7506] write(1, "executing program\n", 18executing program ) = 18 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7506] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7418] <... rename resumed>) = 0 [pid 7506] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7418] <... futex resumed>) = 1 [pid 7414] <... futex resumed>) = 0 [pid 7506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7418] mkdir(".", 0777 [pid 7414] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7414] <... futex resumed>) = 0 [pid 7506] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7418] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7414] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7506] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7507 attached [pid 7418] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7506] <... clone3 resumed> => {parent_tid=[7507]}, 88) = 7507 [pid 7506] rt_sigprocmask(SIG_SETMASK, [], [pid 7507] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7507] <... rseq resumed>) = 0 [pid 7507] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7507] memfd_create("syzkaller", 0) = 3 [pid 7507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 118.752985][ T7418] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 118.801603][ T7418] BTRFS info (device loop1 state M): setting nodatasum [ 118.821601][ T7418] BTRFS info (device loop1 state M): setting nodatasum [ 118.841645][ T7418] BTRFS info (device loop1 state M): turning off barriers [ 118.861610][ T7418] BTRFS info (device loop1 state M): turning on flush-on-commit [ 118.892017][ T7418] BTRFS info (device loop1 state M): force clearing of disk cache [ 118.899943][ T7418] BTRFS info (device loop1 state M): doing ref verification [pid 7418] <... mount resumed>) = 0 [pid 7418] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7418] chdir(".") = 0 [pid 7449] <... write resumed>) = 16777216 [pid 7418] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7414] <... futex resumed>) = 0 [pid 7418] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7414] exit_group(0 [pid 7418] <... futex resumed>) = ? [pid 7414] <... exit_group resumed>) = ? [pid 7418] +++ exited with 0 +++ [pid 7414] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7414, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=60 /* 0.60 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [ 118.922679][ T7418] BTRFS info (device loop1 state M): max_inline set to 26856 [pid 7449] munmap(0x7fb775000000, 138412032 [pid 7451] <... write resumed>) = 16777216 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./16/binderfs") = 0 [pid 5830] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7451] munmap(0x7fb775000000, 138412032 [pid 7449] <... munmap resumed>) = 0 [pid 7449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7449] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7449] ioctl(5, LOOP_CLR_FD) = 0 [pid 7449] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7451] <... munmap resumed>) = 0 [pid 7449] close(5 [pid 7451] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7449] <... close resumed>) = 0 [pid 7451] <... openat resumed>) = 5 [pid 7451] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7449] close(4 [pid 7451] ioctl(5, LOOP_CLR_FD) = 0 [pid 7503] <... write resumed>) = 16777216 [pid 7451] ioctl(5, LOOP_SET_FD, 4 [pid 7503] munmap(0x7fb775000000, 138412032 [pid 7451] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7451] close(5) = 0 [ 119.005377][ T5830] BTRFS info (device loop1): last unmount of filesystem e8830850-d67a-4307-b1dd-4341c754b76e [pid 7451] close(4 [pid 7507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7503] <... munmap resumed>) = 0 [pid 7503] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7503] close(3) = 0 [pid 7503] close(4) = 0 [ 119.103323][ T7503] loop4: detected capacity change from 0 to 32768 [pid 7503] mkdir("./file0", 0777) = 0 [ 119.181165][ T7503] BTRFS: device /dev/loop4 (7:4) using temp-fsid ff6dc4c5-7f3d-45d5-bf38-108ba9e312a9 [ 119.218437][ T7503] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7503) [pid 7503] mount("/dev/loop4", "./file0", "btrfs", 0, "" [pid 7449] <... close resumed>) = 0 [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7449] rename("./file1", "./file0/file0" [pid 7446] <... futex resumed>) = 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7451] <... close resumed>) = 0 [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.301655][ T7503] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 119.339635][ T7503] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 7451] rename("./file1", "./file0/file0" [pid 7449] <... rename resumed>) = 0 [pid 7451] <... rename resumed>) = 0 [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7446] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7446] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7449] mkdir(".", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./16/file0", [pid 7451] <... futex resumed>) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7449] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7449] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7450] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7450] <... futex resumed>) = 0 [pid 7450] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 7451] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [ 119.404335][ T7503] BTRFS info (device loop4): using free-space-tree [pid 5830] rmdir("./16/file0") = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./16") = 0 [pid 5830] mkdir("./17", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 119.460645][ T7449] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 119.472599][ T7451] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7523 attached , child_tidptr=0x55558bffa690) = 7523 [pid 7523] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7523] chdir("./17") = 0 [pid 7523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7523] setpgid(0, 0) = 0 [ 119.529735][ T7449] BTRFS info (device loop0 state M): setting nodatasum [ 119.538188][ T7451] BTRFS info (device loop2 state M): setting nodatasum [ 119.563088][ T7449] BTRFS info (device loop0 state M): setting nodatasum [ 119.571187][ T7449] BTRFS info (device loop0 state M): turning off barriers [pid 7523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7523] write(3, "1000", 4) = 4 [ 119.579312][ T7449] BTRFS info (device loop0 state M): turning on flush-on-commit [ 119.581203][ T7451] BTRFS info (device loop2 state M): setting nodatasum [ 119.588375][ T7449] BTRFS info (device loop0 state M): force clearing of disk cache [ 119.601129][ T7451] BTRFS info (device loop2 state M): turning off barriers [ 119.609268][ T7451] BTRFS info (device loop2 state M): turning on flush-on-commit [ 119.618078][ T7451] BTRFS info (device loop2 state M): force clearing of disk cache [pid 7523] close(3executing program ) = 0 [pid 7503] <... mount resumed>) = 0 [pid 7503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7503] chdir("./file0") = 0 [pid 7503] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7503] ioctl(4, LOOP_CLR_FD) = 0 [pid 7503] close(4) = 0 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7503] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7523] write(1, "executing program\n", 18) = 18 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7502] <... futex resumed>) = 0 [pid 7451] <... mount resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7523] <... futex resumed>) = 0 [pid 7523] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7523] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7503] <... futex resumed>) = 0 [pid 7502] <... futex resumed>) = 1 [pid 7503] memfd_create("syzkaller", 0 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7503] <... memfd_create resumed>) = 4 [pid 7503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7451] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7523] <... clone3 resumed> => {parent_tid=[7527]}, 88) = 7527 [pid 7451] <... openat resumed>) = 4 [pid 7523] rt_sigprocmask(SIG_SETMASK, [], [pid 7451] chdir("."./strace-static-x86_64: Process 7527 attached [pid 7523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7451] <... chdir resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7451] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7451] <... futex resumed>) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7527] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7451] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7527] <... rseq resumed>) = 0 [pid 7450] exit_group(0 [pid 7527] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7527] memfd_create("syzkaller", 0 [pid 7451] <... futex resumed>) = ? [pid 7450] <... exit_group resumed>) = ? [pid 7449] <... mount resumed>) = 0 [pid 7451] +++ exited with 0 +++ [pid 7527] <... memfd_create resumed>) = 3 [pid 7450] +++ exited with 0 +++ [pid 7449] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7449] <... openat resumed>) = 4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7450, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=71 /* 0.71 s */} --- [pid 7527] <... mmap resumed>) = 0x7fb775000000 [ 119.626618][ T7451] BTRFS info (device loop2 state M): doing ref verification [ 119.634273][ T7451] BTRFS info (device loop2 state M): max_inline set to 26856 [ 119.642607][ T7449] BTRFS info (device loop0 state M): doing ref verification [ 119.649930][ T7449] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7449] chdir("." [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 7449] <... chdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./17/binderfs") = 0 [pid 5831] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7449] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7446] <... futex resumed>) = 0 [pid 7449] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7446] exit_group(0 [pid 7449] <... futex resumed>) = ? [pid 7446] <... exit_group resumed>) = ? [pid 7449] +++ exited with 0 +++ [pid 7446] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7446, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=57 /* 0.57 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./16/binderfs") = 0 [pid 5829] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7507] <... write resumed>) = 16777216 [ 119.686973][ T5831] BTRFS info (device loop2): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 119.726995][ T5829] BTRFS info (device loop0): last unmount of filesystem d0d6e0f2-3b08-469a-9817-eebe38067de2 [pid 7507] munmap(0x7fb775000000, 138412032) = 0 [pid 7507] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7507] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7507] close(3) = 0 [pid 7507] close(4) = 0 [pid 7507] mkdir("./file0", 0777) = 0 [ 119.785590][ T7507] loop3: detected capacity change from 0 to 32768 [ 119.824608][ T7507] BTRFS: device /dev/loop3 (7:3) using temp-fsid db7fbd10-5a0b-47fc-901d-407e57e4fb25 [ 119.867085][ T7507] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7507) [pid 7507] mount("/dev/loop3", "./file0", "btrfs", 0, "" [ 119.916781][ T7507] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 119.945506][ T7507] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 7503] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 119.976992][ T7507] BTRFS info (device loop3): using free-space-tree [pid 7527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./16/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./16") = 0 [pid 5829] mkdir("./17", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7542 ./strace-static-x86_64: Process 7542 attached [pid 7542] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7542] chdir("./17" [pid 5831] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7542] <... chdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./17/file0", [pid 7542] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7542] <... prctl resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 7542] setpgid(0, 0 [pid 5831] newfstatat(4, "", [pid 7542] <... setpgid resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 7542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7542] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 7542] write(3, "1000", 4 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7542] <... write resumed>) = 4 [pid 5831] close(4 [pid 7542] close(3 [pid 5831] <... close resumed>) = 0 [pid 7542] <... close resumed>) = 0 [pid 5831] rmdir("./17/file0" [pid 7542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] <... rmdir resumed>) = 0 executing program [pid 7542] write(1, "executing program\n", 18 [pid 5831] getdents64(3, [pid 7542] <... write resumed>) = 18 [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7542] <... futex resumed>) = 0 [pid 5831] close(3 [pid 7542] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 5831] <... close resumed>) = 0 [pid 7542] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5831] rmdir("./17" [pid 7542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... rmdir resumed>) = 0 [pid 7542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 5831] mkdir("./18", 0777 [pid 7542] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7542] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... mkdir resumed>) = 0 [pid 7542] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 7545 attached [pid 7545] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 5831] <... openat resumed>) = 3 [pid 7545] <... rseq resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 7545] set_robust_list(0x7fb77d6019a0, 24 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7545] <... set_robust_list resumed>) = 0 [pid 5831] close(3 [pid 7545] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... close resumed>) = 0 [pid 7545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7542] <... clone3 resumed> => {parent_tid=[7545]}, 88) = 7545 [pid 7507] <... mount resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7545] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7542] rt_sigprocmask(SIG_SETMASK, [], [pid 7507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7507] <... openat resumed>) = 3 ./strace-static-x86_64: Process 7546 attached [pid 7542] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7507] chdir("./file0" [pid 7546] set_robust_list(0x55558bffa6a0, 24 [pid 7545] <... futex resumed>) = 0 [pid 7542] <... futex resumed>) = 1 [pid 7507] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7546 [pid 7546] <... set_robust_list resumed>) = 0 [pid 7545] memfd_create("syzkaller", 0 [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7507] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7546] chdir("./18" [pid 7545] <... memfd_create resumed>) = 3 [pid 7507] <... openat resumed>) = 4 [pid 7545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7507] ioctl(4, LOOP_CLR_FD [pid 7545] <... mmap resumed>) = 0x7fb775000000 [pid 7507] <... ioctl resumed>) = 0 [pid 7507] close(4) = 0 [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7546] <... chdir resumed>) = 0 [pid 7507] <... futex resumed>) = 1 [pid 7506] <... futex resumed>) = 0 [pid 7546] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7507] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7546] <... prctl resumed>) = 0 [pid 7507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7506] <... futex resumed>) = 0 [pid 7546] setpgid(0, 0 [pid 7507] memfd_create("syzkaller", 0 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7546] <... setpgid resumed>) = 0 [pid 7546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7507] <... memfd_create resumed>) = 4 [pid 7507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7546] <... openat resumed>) = 3 [pid 7507] <... mmap resumed>) = 0x7fb775000000 [pid 7546] write(3, "1000", 4) = 4 [pid 7546] close(3) = 0 [pid 7503] <... write resumed>) = 16777216 [pid 7546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7503] munmap(0x7fb775000000, 138412032 executing program [pid 7546] write(1, "executing program\n", 18 [pid 7503] <... munmap resumed>) = 0 [pid 7546] <... write resumed>) = 18 [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7503] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7546] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7503] <... openat resumed>) = 5 [pid 7546] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7503] ioctl(5, LOOP_SET_FD, 4 [pid 7546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7503] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7503] ioctl(5, LOOP_CLR_FD [pid 7546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7503] <... ioctl resumed>) = 0 [pid 7546] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7546] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 7503] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7503] close(5./strace-static-x86_64: Process 7547 attached [pid 7547] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7503] <... close resumed>) = 0 [pid 7503] close(4 [pid 7547] <... rseq resumed>) = 0 [pid 7547] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7547] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] <... clone3 resumed> => {parent_tid=[7547]}, 88) = 7547 [pid 7546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7547] <... futex resumed>) = 0 [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7547] memfd_create("syzkaller", 0) = 3 [pid 7547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7507] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7503] <... close resumed>) = 0 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7502] <... futex resumed>) = 0 [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7503] rename("./file1", "./file0/file0") = 0 [pid 7527] <... write resumed>) = 16777216 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7527] munmap(0x7fb775000000, 138412032 [pid 7503] <... futex resumed>) = 1 [pid 7502] <... futex resumed>) = 0 [pid 7503] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7502] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7503] <... futex resumed>) = 0 [pid 7502] <... futex resumed>) = 1 [pid 7503] mkdir(".", 0777 [pid 7502] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7503] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7503] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7527] <... munmap resumed>) = 0 [pid 7527] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 120.669637][ T7527] loop1: detected capacity change from 0 to 32768 [ 120.669837][ T7503] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [pid 7527] close(3) = 0 [pid 7527] close(4) = 0 [pid 7527] mkdir("./file0", 0777) = 0 [ 120.721598][ T7503] BTRFS info (device loop4 state M): setting nodatasum [ 120.758438][ T7503] BTRFS info (device loop4 state M): setting nodatasum [ 120.766888][ T7527] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor323 (7527) [ 120.798996][ T7503] BTRFS info (device loop4 state M): turning off barriers [ 120.806439][ T7527] BTRFS info (device loop1): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 120.827853][ T7503] BTRFS info (device loop4 state M): turning on flush-on-commit [ 120.828389][ T7527] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 120.861634][ T7527] BTRFS info (device loop1): using free-space-tree [ 120.861768][ T7503] BTRFS info (device loop4 state M): force clearing of disk cache [pid 7527] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 7507] <... write resumed>) = 16777216 [pid 7507] munmap(0x7fb775000000, 138412032 [pid 7503] <... mount resumed>) = 0 [pid 7507] <... munmap resumed>) = 0 [pid 7503] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7503] chdir(".") = 0 [pid 7503] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7502] <... futex resumed>) = 0 [pid 7502] exit_group(0) = ? [pid 7507] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 7507] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7507] ioctl(5, LOOP_CLR_FD) = 0 [pid 7503] +++ exited with 0 +++ [pid 7502] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7502, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=71 /* 0.71 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 7507] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7507] close(5) = 0 [pid 7507] close(4 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5833] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./17/binderfs") = 0 [ 120.906943][ T7503] BTRFS info (device loop4 state M): doing ref verification [ 120.915421][ T7503] BTRFS info (device loop4 state M): max_inline set to 26856 [pid 5833] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7527] <... mount resumed>) = 0 [pid 7527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7527] chdir("./file0") = 0 [pid 7527] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7527] ioctl(4, LOOP_CLR_FD) = 0 [pid 7527] close(4) = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7545] <... write resumed>) = 16777216 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 120.966244][ T5833] BTRFS info (device loop4): last unmount of filesystem ff6dc4c5-7f3d-45d5-bf38-108ba9e312a9 [pid 7527] memfd_create("syzkaller", 0) = 4 [pid 7527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7545] munmap(0x7fb775000000, 138412032) = 0 [pid 7545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7545] close(3) = 0 [pid 7545] close(4) = 0 [pid 7545] mkdir("./file0", 0777) = 0 [ 121.117486][ T7545] loop0: detected capacity change from 0 to 32768 [pid 7545] mount("/dev/loop0", "./file0", "btrfs", 0, "" [pid 7547] <... write resumed>) = 16777216 [ 121.170532][ T7545] BTRFS: device /dev/loop0 (7:0) using temp-fsid b97ae5cb-e052-4aa3-bd85-7f4f29453738 [ 121.196103][ T7545] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor323 (7545) [pid 7547] munmap(0x7fb775000000, 138412032 [pid 7507] <... close resumed>) = 0 [pid 7547] <... munmap resumed>) = 0 [pid 7547] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 121.252631][ T7545] BTRFS info (device loop0): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 121.283412][ T7545] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 121.284681][ T7547] loop2: detected capacity change from 0 to 32768 [pid 7547] ioctl(4, LOOP_SET_FD, 3 [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7507] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7506] <... futex resumed>) = 0 [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7507] <... futex resumed>) = 0 [pid 7507] rename("./file1", "./file0/file0" [pid 7547] <... ioctl resumed>) = 0 [pid 7547] close(3) = 0 [pid 7507] <... rename resumed>) = 0 [pid 7547] close(4) = 0 [pid 7547] mkdir("./file0", 0777) = 0 [pid 7547] mount("/dev/loop2", "./file0", "btrfs", 0, "" [ 121.309619][ T7545] BTRFS info (device loop0): using free-space-tree [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7527] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7507] <... futex resumed>) = 1 [pid 7506] <... futex resumed>) = 0 [pid 7506] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7506] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7507] mkdir(".", 0777) = -1 EEXIST (File exists) [ 121.353559][ T7547] BTRFS: device /dev/loop2 (7:2) using temp-fsid b6805e05-5997-4701-a4ef-0b086314ca84 [ 121.398854][ T7507] BTRFS warning (device loop3 state M): remount supports changing free space tree only from RO to RW [ 121.412967][ T7547] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor323 (7547) [ 121.431783][ T7507] BTRFS info (device loop3 state M): setting nodatasum [ 121.438867][ T7507] BTRFS info (device loop3 state M): setting nodatasum [pid 7507] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 5833] <... umount2 resumed>) = 0 [pid 5833] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./17/file0") = 0 [pid 5833] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./17") = 0 [pid 5833] mkdir("./18", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3) = 0 [ 121.459167][ T7507] BTRFS info (device loop3 state M): turning off barriers [ 121.466701][ T7507] BTRFS info (device loop3 state M): turning on flush-on-commit [ 121.476683][ T7507] BTRFS info (device loop3 state M): force clearing of disk cache [ 121.484844][ T7507] BTRFS info (device loop3 state M): doing ref verification [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7576 attached , child_tidptr=0x55558bffa690) = 7576 [pid 7507] <... mount resumed>) = 0 [pid 7576] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7576] chdir("./18" [pid 7507] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 7576] <... chdir resumed>) = 0 [pid 7576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7507] <... openat resumed>) = 4 [pid 7576] <... prctl resumed>) = 0 [pid 7576] setpgid(0, 0) = 0 [pid 7507] chdir("." [pid 7576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7507] <... chdir resumed>) = 0 [pid 7507] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7506] <... futex resumed>) = 0 [pid 7507] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7576] <... openat resumed>) = 3 [pid 7506] exit_group(0 [pid 7507] <... futex resumed>) = ? [pid 7506] <... exit_group resumed>) = ? [pid 7576] write(3, "1000", 4 [pid 7507] +++ exited with 0 +++ [pid 7506] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7506, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=67 /* 0.67 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 121.503052][ T7507] BTRFS info (device loop3 state M): max_inline set to 26856 [ 121.517874][ T7547] BTRFS info (device loop2): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7576] <... write resumed>) = 4 [pid 5832] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7576] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./17/binderfs") = 0 [pid 5832] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7576] <... close resumed>) = 0 [pid 7576] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7576] write(1, "executing program\n", 18) = 18 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7576] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7576] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} => {parent_tid=[7584]}, 88) = 7584 ./strace-static-x86_64: Process 7584 attached [pid 7576] rt_sigprocmask(SIG_SETMASK, [], [pid 7584] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7584] <... rseq resumed>) = 0 [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] set_robust_list(0x7fb77d6019a0, 24 [pid 7576] <... futex resumed>) = 0 [pid 7584] <... set_robust_list resumed>) = 0 [pid 7584] rt_sigprocmask(SIG_SETMASK, [], [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7584] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 121.565087][ T5832] BTRFS info (device loop3): last unmount of filesystem db7fbd10-5a0b-47fc-901d-407e57e4fb25 [ 121.582837][ T7547] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [pid 7584] memfd_create("syzkaller", 0 [pid 7545] <... mount resumed>) = 0 [pid 7584] <... memfd_create resumed>) = 3 [pid 7545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7545] chdir("./file0" [pid 7584] <... mmap resumed>) = 0x7fb775000000 [pid 7545] <... chdir resumed>) = 0 [pid 7545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7545] ioctl(4, LOOP_CLR_FD) = 0 [pid 7545] close(4) = 0 [ 121.610243][ T7547] BTRFS info (device loop2): using free-space-tree [pid 7545] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7542] <... futex resumed>) = 0 [pid 7542] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7545] memfd_create("syzkaller", 0 [pid 7542] <... futex resumed>) = 0 [pid 7545] <... memfd_create resumed>) = 4 [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7547] <... mount resumed>) = 0 [pid 7547] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7547] chdir("./file0") = 0 [pid 7547] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7547] ioctl(4, LOOP_CLR_FD) = 0 [pid 7547] close(4) = 0 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7547] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7546] <... futex resumed>) = 0 [pid 7547] memfd_create("syzkaller", 0 [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7547] <... memfd_create resumed>) = 4 [pid 7547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./17/file0") = 0 [pid 5832] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 7527] <... write resumed>) = 16777216 [pid 5832] rmdir("./17") = 0 [pid 5832] mkdir("./18", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7600 attached , child_tidptr=0x55558bffa690) = 7600 [pid 7600] set_robust_list(0x55558bffa6a0, 24) = 0 [pid 7600] chdir("./18" [pid 7527] munmap(0x7fb775000000, 138412032 [pid 7600] <... chdir resumed>) = 0 [pid 7600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7600] setpgid(0, 0) = 0 [pid 7600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7527] <... munmap resumed>) = 0 [pid 7600] <... openat resumed>) = 3 [pid 7600] write(3, "1000", 4) = 4 [pid 7600] close(3 [pid 7547] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7600] <... close resumed>) = 0 [pid 7600] symlink("/dev/binderfs", "./binderfs" [pid 7545] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7527] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7600] <... symlink resumed>) = 0 [pid 7527] <... openat resumed>) = 5 [pid 7527] ioctl(5, LOOP_SET_FD, 4 [pid 7600] write(1, "executing program\n", 18 [pid 7527] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 7527] ioctl(5, LOOP_CLR_FDexecuting program [pid 7600] <... write resumed>) = 18 [pid 7527] <... ioctl resumed>) = 0 [pid 7527] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7527] close(5) = 0 [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7600] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 7527] close(4 [pid 7600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7600] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7601 attached [pid 7601] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7600] <... clone3 resumed> => {parent_tid=[7601]}, 88) = 7601 [pid 7601] <... rseq resumed>) = 0 [pid 7600] rt_sigprocmask(SIG_SETMASK, [], [pid 7601] set_robust_list(0x7fb77d6019a0, 24) = 0 [pid 7600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7601] rt_sigprocmask(SIG_SETMASK, [], [pid 7600] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7600] <... futex resumed>) = 0 [pid 7601] memfd_create("syzkaller", 0 [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7601] <... memfd_create resumed>) = 3 [pid 7601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7527] <... close resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7584] <... write resumed>) = 16777216 [pid 7527] rename("./file1", "./file0/file0" [pid 7584] munmap(0x7fb775000000, 138412032 [pid 7527] <... rename resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7523] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7523] <... futex resumed>) = 0 [pid 7527] mkdir(".", 0777 [pid 7523] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7527] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7584] <... munmap resumed>) = 0 [pid 7527] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7584] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7584] close(3) = 0 [pid 7584] close(4) = 0 [pid 7584] mkdir("./file0", 0777) = 0 [ 122.361181][ T7527] BTRFS warning (device loop1 state M): remount supports changing free space tree only from RO to RW [ 122.383139][ T7584] loop4: detected capacity change from 0 to 32768 [ 122.389698][ T7527] BTRFS info (device loop1 state M): setting nodatasum [pid 7584] mount("/dev/loop4", "./file0", "btrfs", 0, "" [ 122.408910][ T7584] BTRFS: device /dev/loop4 (7:4) using temp-fsid 706f90f5-c6c5-4a9d-9667-c4ad004708c0 [ 122.424155][ T7584] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor323 (7584) [ 122.445395][ T7527] BTRFS info (device loop1 state M): setting nodatasum [pid 7601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7545] <... write resumed>) = 16777216 [pid 7547] <... write resumed>) = 16777216 [pid 7545] munmap(0x7fb775000000, 138412032 [ 122.461761][ T7527] BTRFS info (device loop1 state M): turning off barriers [ 122.483356][ T7527] BTRFS info (device loop1 state M): turning on flush-on-commit [ 122.491865][ T7527] BTRFS info (device loop1 state M): force clearing of disk cache [ 122.499719][ T7527] BTRFS info (device loop1 state M): doing ref verification [pid 7547] munmap(0x7fb775000000, 138412032 [pid 7545] <... munmap resumed>) = 0 [pid 7547] <... munmap resumed>) = 0 [pid 7545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7545] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7545] ioctl(5, LOOP_CLR_FD) = 0 [pid 7547] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 7547] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7547] ioctl(5, LOOP_CLR_FD) = 0 [pid 7545] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7545] close(5) = 0 [pid 7545] close(4 [pid 7547] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7547] close(5) = 0 [pid 7547] close(4 [pid 7527] <... mount resumed>) = 0 [ 122.518903][ T7527] BTRFS info (device loop1 state M): max_inline set to 26856 [ 122.527183][ T7584] BTRFS info (device loop4): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7527] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7527] chdir(".") = 0 [pid 7527] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7523] <... futex resumed>) = 0 [pid 7527] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7523] exit_group(0) = ? [pid 7527] <... futex resumed>) = ? [pid 7527] +++ exited with 0 +++ [pid 7523] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7523, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=52 /* 0.52 s */} --- [ 122.565260][ T7584] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 122.597420][ T7584] BTRFS info (device loop4): using free-space-tree [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./17/binderfs") = 0 [pid 5830] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7601] <... write resumed>) = 16777216 [ 122.722128][ T5830] BTRFS info (device loop1): last unmount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [pid 7601] munmap(0x7fb775000000, 138412032) = 0 [pid 7601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7545] <... close resumed>) = 0 [pid 7601] <... openat resumed>) = 4 [pid 7584] <... mount resumed>) = 0 [pid 7601] ioctl(4, LOOP_SET_FD, 3 [pid 7584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 7545] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7584] <... openat resumed>) = 3 [pid 7542] <... futex resumed>) = 0 [pid 7542] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7584] chdir("./file0" [pid 7545] rename("./file1", "./file0/file0" [pid 7542] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7601] <... ioctl resumed>) = 0 [pid 7584] <... chdir resumed>) = 0 [pid 7601] close(3 [pid 7584] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7601] <... close resumed>) = 0 [pid 7584] <... openat resumed>) = 4 [ 122.818022][ T7601] loop3: detected capacity change from 0 to 32768 [pid 7601] close(4) = 0 [pid 7547] <... close resumed>) = 0 [pid 7601] mkdir("./file0", 0777 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] <... mkdir resumed>) = 0 [pid 7584] ioctl(4, LOOP_CLR_FD [pid 7547] <... futex resumed>) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7601] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 7547] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7546] <... futex resumed>) = 0 [pid 7584] <... ioctl resumed>) = 0 [pid 7547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7542] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] close(4 [pid 7542] <... futex resumed>) = 0 [pid 7584] <... close resumed>) = 0 [pid 7542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7584] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] <... mmap resumed>) = 0x7fb77d5c0000 [pid 7584] <... futex resumed>) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7542] mprotect(0x7fb77d5c1000, 131072, PROT_READ|PROT_WRITE [pid 7584] memfd_create("syzkaller", 0 [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] <... mprotect resumed>) = 0 [pid 7584] <... memfd_create resumed>) = 4 [pid 7576] <... futex resumed>) = 0 [pid 7542] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7542] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7584] <... mmap resumed>) = 0x7fb775000000 [pid 7545] <... rename resumed>) = 0 [pid 7542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d5e0990, parent_tid=0x7fb77d5e0990, exit_signal=0, stack=0x7fb77d5c0000, stack_size=0x20300, tls=0x7fb77d5e06c0}./strace-static-x86_64: Process 7621 attached [pid 7547] rename("./file1", "./file0/file0" [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7542] <... clone3 resumed> => {parent_tid=[7621]}, 88) = 7621 [pid 7542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7542] futex(0x7fb77d6dd6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7621] rseq(0x7fb77d5e0fe0, 0x20, 0, 0x53053053 [pid 7545] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7542] futex(0x7fb77d6dd6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7621] <... rseq resumed>) = 0 [pid 7621] set_robust_list(0x7fb77d5e09a0, 24) = 0 [pid 7545] <... futex resumed>) = 0 [pid 7545] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 122.903395][ T7601] BTRFS: device fsid c0ead524-1f1c-4ccc-9384-0f6d362fec31 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor323 (7601) [pid 7621] mkdir(".", 0777 [pid 7547] <... rename resumed>) = 0 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7621] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7621] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7547] <... futex resumed>) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7547] mkdir(".", 0777 [pid 7546] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7547] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7546] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 122.950089][ T7601] BTRFS info (device loop3): first mount of filesystem c0ead524-1f1c-4ccc-9384-0f6d362fec31 [ 122.993958][ T7621] BTRFS warning (device loop0 state M): remount supports changing free space tree only from RO to RW [ 123.012169][ T7601] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 123.034327][ T7547] BTRFS warning (device loop2 state M): remount supports changing free space tree only from RO to RW [ 123.041845][ T7621] BTRFS info (device loop0 state M): setting nodatasum [ 123.062156][ T7601] BTRFS info (device loop3): using free-space-tree [ 123.073707][ T7621] BTRFS info (device loop0 state M): setting nodatasum [ 123.080610][ T7621] BTRFS info (device loop0 state M): turning off barriers [ 123.081601][ T7547] BTRFS info (device loop2 state M): setting nodatasum [ 123.125997][ T7621] BTRFS info (device loop0 state M): turning on flush-on-commit [ 123.126578][ T7547] BTRFS info (device loop2 state M): setting nodatasum [ 123.140726][ T7547] BTRFS info (device loop2 state M): turning off barriers [ 123.147921][ T7547] BTRFS info (device loop2 state M): turning on flush-on-commit [ 123.162923][ T7547] BTRFS info (device loop2 state M): force clearing of disk cache [pid 7547] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"...) = 0 [pid 7547] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7547] chdir(".") = 0 [pid 7547] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7546] <... futex resumed>) = 0 [pid 7546] exit_group(0) = ? [ 123.170794][ T7547] BTRFS info (device loop2 state M): doing ref verification [ 123.178308][ T7547] BTRFS info (device loop2 state M): max_inline set to 26856 [ 123.192673][ T7621] BTRFS info (device loop0 state M): force clearing of disk cache [ 123.201100][ T7621] BTRFS info (device loop0 state M): doing ref verification [pid 7547] +++ exited with 0 +++ [pid 7546] +++ exited with 0 +++ [pid 5830] <... umount2 resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7546, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=59 /* 0.59 s */} --- [pid 5830] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./17/file0", [pid 5831] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7621] <... mount resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7621] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 7621] chdir("." [pid 5831] newfstatat(3, "", [pid 5830] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7621] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7621] futex(0x7fb77d6dd6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] getdents64(3, [pid 5830] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7621] <... futex resumed>) = 1 [pid 7542] <... futex resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 7542] exit_group(0 [pid 5830] <... openat resumed>) = 4 [ 123.218697][ T7621] BTRFS info (device loop0 state M): max_inline set to 26856 [pid 7545] <... futex resumed>) = ? [pid 7542] <... exit_group resumed>) = ? [pid 5831] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 7545] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5830] getdents64(4, [pid 7621] +++ exited with 0 +++ [pid 7542] +++ exited with 0 +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5831] unlink("./18/binderfs" [pid 5830] getdents64(4, [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7542, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=63 /* 0.63 s */} --- [pid 5830] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] close(4 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./17/file0") = 0 [pid 5830] getdents64(3, [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./17/binderfs") = 0 [pid 5829] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7584] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./17") = 0 [pid 5830] mkdir("./18", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7638 ./strace-static-x86_64: Process 7638 attached [pid 7601] <... mount resumed>) = 0 [pid 7638] set_robust_list(0x55558bffa6a0, 24 [pid 7601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7638] <... set_robust_list resumed>) = 0 [pid 7638] chdir("./18") = 0 [pid 7601] chdir("./file0" [pid 7638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7601] <... chdir resumed>) = 0 [pid 7601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7638] setpgid(0, 0 [pid 7601] <... openat resumed>) = 4 [pid 7638] <... setpgid resumed>) = 0 [pid 7638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7601] ioctl(4, LOOP_CLR_FD) = 0 [pid 7638] <... openat resumed>) = 3 [pid 7601] close(4) = 0 [pid 7638] write(3, "1000", 4 [pid 7601] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7638] <... write resumed>) = 4 [pid 7600] <... futex resumed>) = 0 [pid 7601] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7600] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7638] close(3 [pid 7601] <... futex resumed>) = 0 [pid 7600] <... futex resumed>) = 1 [pid 7638] <... close resumed>) = 0 [pid 7601] memfd_create("syzkaller", 0 [pid 7638] symlink("/dev/binderfs", "./binderfs" [pid 7600] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7638] <... symlink resumed>) = 0 [ 123.273544][ T5831] BTRFS info (device loop2): last unmount of filesystem b6805e05-5997-4701-a4ef-0b086314ca84 [ 123.284556][ T5829] BTRFS info (device loop0): last unmount of filesystem b97ae5cb-e052-4aa3-bd85-7f4f29453738 executing program [pid 7638] write(1, "executing program\n", 18) = 18 [pid 7638] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] <... memfd_create resumed>) = 4 [pid 7601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7638] <... futex resumed>) = 0 [pid 7638] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7601] <... mmap resumed>) = 0x7fb775000000 [pid 7638] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb77d5e1000 [pid 7638] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7639 attached => {parent_tid=[7639]}, 88) = 7639 [pid 7639] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 [pid 7638] rt_sigprocmask(SIG_SETMASK, [], [pid 7639] set_robust_list(0x7fb77d6019a0, 24 [pid 7638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7639] <... set_robust_list resumed>) = 0 [pid 7639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7639] futex(0x7fb77d6dd6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7638] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7639] <... futex resumed>) = 0 [pid 7639] memfd_create("syzkaller", 0) = 3 [pid 7638] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [pid 7584] <... write resumed>) = 16777216 [pid 7584] munmap(0x7fb775000000, 138412032) = 0 [pid 7584] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 7584] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7584] ioctl(5, LOOP_CLR_FD) = 0 [pid 7584] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7584] close(5) = 0 [pid 7584] close(4 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55558c003770 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55558c003770 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./17/file0") = 0 [pid 5829] getdents64(3, 0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./17") = 0 [pid 5829] mkdir("./18", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bffa690) = 7640 ./strace-static-x86_64: Process 7640 attached [pid 5831] <... umount2 resumed>) = 0 [pid 7640] set_robust_list(0x55558bffa6a0, 24 [pid 5831] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7640] <... set_robust_list resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7640] chdir("./18" [pid 5831] newfstatat(AT_FDCWD, "./18/file0", [pid 7640] <... chdir resumed>) = 0 [pid 7640] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7640] <... prctl resumed>) = 0 [pid 5831] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7640] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7601] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... openat resumed>) = 4 [pid 7640] <... openat resumed>) = 3 [pid 5831] newfstatat(4, "", [pid 7640] write(3, "1000", 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7640] <... write resumed>) = 4 [pid 7640] close(3 [pid 5831] getdents64(4, [pid 7640] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 2 entries */, 32768) = 48 [pid 7640] symlink("/dev/binderfs", "./binderfs" [pid 5831] getdents64(4, executing program [pid 7640] <... symlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55558c003770 /* 0 entries */, 32768) = 0 [pid 7640] write(1, "executing program\n", 18 [pid 5831] close(4 [pid 7640] <... write resumed>) = 18 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./18/file0" [pid 7640] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 7640] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, NULL, 8) = 0 [pid 5831] getdents64(3, [pid 7640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5831] <... getdents64 resumed>0x55558bffb730 /* 0 entries */, 32768) = 0 [pid 7640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] close(3 [pid 7640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./18" [pid 7640] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7640] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE [pid 5831] <... rmdir resumed>) = 0 [pid 7640] <... mprotect resumed>) = 0 [pid 5831] mkdir("./19", 0777 [pid 7640] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5831] <... mkdir resumed>) = 0 [pid 7640] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0} [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3./strace-static-x86_64: Process 7642 attached ) = 0 [pid 7640] <... clone3 resumed> => {parent_tid=[7642]}, 88) = 7642 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7642] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053) = 0 ./strace-static-x86_64: Process 7643 attached [pid 7642] set_robust_list(0x7fb77d6019a0, 24 [pid 7640] rt_sigprocmask(SIG_SETMASK, [], [pid 7643] set_robust_list(0x55558bffa6a0, 24 [pid 7642] <... set_robust_list resumed>) = 0 [pid 7640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55558bffa690) = 7643 [pid 7640] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7640] <... futex resumed>) = 0 [pid 7642] memfd_create("syzkaller", 0 [pid 7643] <... set_robust_list resumed>) = 0 [pid 7642] <... memfd_create resumed>) = 3 [pid 7640] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7643] chdir("./19" [pid 7642] <... mmap resumed>) = 0x7fb775000000 [pid 7643] <... chdir resumed>) = 0 [pid 7643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7643] setpgid(0, 0) = 0 [pid 7643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7643] write(3, "1000", 4) = 4 [pid 7643] close(3) = 0 [pid 7643] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7584] <... close resumed>) = 0 [pid 7643] write(1, "executing program\n", 18 [pid 7584] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7643] <... write resumed>) = 18 [pid 7643] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] <... futex resumed>) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7643] <... futex resumed>) = 0 [pid 7643] rt_sigaction(SIGRT_1, {sa_handler=0x7fb77d6713a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb77d662550}, [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7643] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7576] <... futex resumed>) = 0 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7584] rename("./file1", "./file0/file0" [pid 7643] <... mmap resumed>) = 0x7fb77d5e1000 [pid 7643] mprotect(0x7fb77d5e2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb77d601990, parent_tid=0x7fb77d601990, exit_signal=0, stack=0x7fb77d5e1000, stack_size=0x20300, tls=0x7fb77d6016c0}./strace-static-x86_64: Process 7644 attached [pid 7584] <... rename resumed>) = 0 [pid 7644] rseq(0x7fb77d601fe0, 0x20, 0, 0x53053053 [pid 7643] <... clone3 resumed> => {parent_tid=[7644]}, 88) = 7644 [pid 7644] <... rseq resumed>) = 0 [pid 7643] rt_sigprocmask(SIG_SETMASK, [], [pid 7644] set_robust_list(0x7fb77d6019a0, 24 [pid 7643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7644] <... set_robust_list resumed>) = 0 [pid 7643] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7584] futex(0x7fb77d6dd6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 7644] rt_sigprocmask(SIG_SETMASK, [], [pid 7584] <... futex resumed>) = 1 [pid 7576] <... futex resumed>) = 0 [pid 7584] mkdir(".", 0777 [pid 7576] futex(0x7fb77d6dd6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7584] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 7576] <... futex resumed>) = 0 [pid 7576] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7584] mount(NULL, ".", 0x20000180, MS_NODEV|MS_REMOUNT|MS_MANDLOCK|MS_MOVE, "treelog,nodatacow,max_inline=m3x9e6,space_cache,nodatasum,nobarrier,flushoncommit,user_subvol_rm_all"... [pid 7644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7643] futex(0x7fb77d6dd6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7644] memfd_create("syzkaller", 0) = 3 [pid 7644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb775000000 [ 123.958727][ T7584] BTRFS warning (device loop4 state M): remount supports changing free space tree only from RO to RW [ 123.996476][ T7584] BTRFS info (device loop4 state M): setting nodatasum [ 124.022652][ T7584] BTRFS info (device loop4 state M): setting nodatasum [ 124.052288][ T7584] BTRFS info (device loop4 state M): turning off barriers [ 124.059601][ T7584] BTRFS info (device loop4 state M): turning on flush-on-commit [ 124.091624][ T7584] BTRFS info (d