./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3190211103 <...> Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts. execve("./syz-executor3190211103", ["./syz-executor3190211103"], 0x7ffebc4468e0 /* 10 vars */) = 0 brk(NULL) = 0x5555561d5000 brk(0x5555561d5c40) = 0x5555561d5c40 arch_prctl(ARCH_SET_FS, 0x5555561d5300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3190211103", 4096) = 28 brk(0x5555561f6c40) = 0x5555561f6c40 brk(0x5555561f7000) = 0x5555561f7000 mprotect(0x7f6014223000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5014 mkdir("./syzkaller.DXsU8l", 0700) = 0 chmod("./syzkaller.DXsU8l", 0777) = 0 chdir("./syzkaller.DXsU8l") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561d55d0) = 5015 ./strace-static-x86_64: Process 5015 attached [pid 5015] chdir("./0") = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f600bd62000 syzkaller login: [ 44.033403][ T5015] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5015 'syz-executor319' [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5015] munmap(0x7f600bd62000, 16777216) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./bus", 0777) = 0 [ 44.138795][ T5015] loop0: detected capacity change from 0 to 32768 [ 44.149539][ T5015] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor319 (5015) [ 44.166403][ T5015] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.175296][ T5015] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.186167][ T5015] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.196971][ T5015] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 44.207604][ T5015] BTRFS info (device loop0): trying to use backup root at mount time [ 44.215696][ T5015] BTRFS info (device loop0): use zlib compression, level 3 [ 44.222970][ T5015] BTRFS info (device loop0): enabling ssd optimizations [ 44.229949][ T5015] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5015] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5015] chdir("./bus") = 0 [pid 5015] ioctl(4, LOOP_CLR_FD) = 0 [pid 5015] close(4) = 0 [pid 5015] openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5015] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x74\x68\x72\x6f\x74\x74\x6c\x65\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5015] exit_group(0) = ? [pid 5015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561d6620 /* 4 entries */, 32768) = 104 [ 44.237621][ T5015] BTRFS info (device loop0): using free space tree [ 44.254689][ T5015] BTRFS info (device loop0): auto enabling async discard umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561de660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561de660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555561d6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561d55d0) = 5039 ./strace-static-x86_64: Process 5039 attached [pid 5039] chdir("./1") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] memfd_create("syzkaller", 0) = 3 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f600bd62000 [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5039] munmap(0x7f600bd62000, 16777216) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./bus", 0777) = 0 [ 44.527309][ T5039] loop0: detected capacity change from 0 to 32768 [ 44.536697][ T5039] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor319 (5039) [ 44.551235][ T5039] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.560021][ T5039] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.570825][ T5039] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.581655][ T5039] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 44.592342][ T5039] BTRFS info (device loop0): trying to use backup root at mount time [ 44.600450][ T5039] BTRFS info (device loop0): use zlib compression, level 3 [ 44.607677][ T5039] BTRFS info (device loop0): enabling ssd optimizations [ 44.614612][ T5039] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5039] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5039] chdir("./bus") = 0 [pid 5039] ioctl(4, LOOP_CLR_FD) = 0 [pid 5039] close(4) = 0 [pid 5039] openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5039] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x74\x68\x72\x6f\x74\x74\x6c\x65\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5039] exit_group(0) = ? [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561d6620 /* 4 entries */, 32768) = 104 [ 44.622296][ T5039] BTRFS info (device loop0): using free space tree [ 44.637264][ T5039] BTRFS info (device loop0): auto enabling async discard umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561de660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561de660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555561d6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561d55d0) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] chdir("./2") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f600bd62000 [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5062] munmap(0x7f600bd62000, 16777216) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./bus", 0777) = 0 [ 44.879103][ T5062] loop0: detected capacity change from 0 to 32768 [ 44.888709][ T5062] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor319 (5062) [ 44.904403][ T5062] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.913188][ T5062] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.924107][ T5062] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 44.934937][ T5062] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 44.945653][ T5062] BTRFS info (device loop0): trying to use backup root at mount time [ 44.953834][ T5062] BTRFS info (device loop0): use zlib compression, level 3 [ 44.961140][ T5062] BTRFS info (device loop0): enabling ssd optimizations [ 44.968192][ T5062] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5062] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./bus") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [pid 5062] close(4) = 0 [pid 5062] openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5062] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x74\x68\x72\x6f\x74\x74\x6c\x65\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5062] exit_group(0) = ? [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561d6620 /* 4 entries */, 32768) = 104 [ 44.975840][ T5062] BTRFS info (device loop0): using free space tree [ 44.991532][ T5062] BTRFS info (device loop0): auto enabling async discard umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561de660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561de660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555561d6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561d55d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] chdir("./3") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f600bd62000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5080] munmap(0x7f600bd62000, 16777216) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./bus", 0777) = 0 [ 45.235796][ T5080] loop0: detected capacity change from 0 to 32768 [ 45.245469][ T5080] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor319 (5080) [ 45.260008][ T5080] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.268806][ T5080] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.279701][ T5080] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.290538][ T5080] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 45.301279][ T5080] BTRFS info (device loop0): trying to use backup root at mount time [ 45.309463][ T5080] BTRFS info (device loop0): use zlib compression, level 3 [ 45.316715][ T5080] BTRFS info (device loop0): enabling ssd optimizations [ 45.323659][ T5080] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5080] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5080] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./bus") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5080] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x74\x68\x72\x6f\x74\x74\x6c\x65\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561d6620 /* 4 entries */, 32768) = 104 [ 45.331353][ T5080] BTRFS info (device loop0): using free space tree [ 45.347940][ T5080] BTRFS info (device loop0): auto enabling async discard umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561de660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561de660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555561d6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561d55d0) = 5097 ./strace-static-x86_64: Process 5097 attached [pid 5097] chdir("./4") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f600bd62000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5097] munmap(0x7f600bd62000, 16777216) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./bus", 0777) = 0 [ 45.593829][ T5097] loop0: detected capacity change from 0 to 32768 [ 45.603337][ T5097] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor319 (5097) [ 45.618459][ T5097] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.627260][ T5097] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.638094][ T5097] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.648897][ T5097] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 45.659530][ T5097] BTRFS info (device loop0): trying to use backup root at mount time [ 45.667627][ T5097] BTRFS info (device loop0): use zlib compression, level 3 [ 45.674836][ T5097] BTRFS info (device loop0): enabling ssd optimizations [ 45.681818][ T5097] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5097] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5097] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./bus") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5097] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x74\x68\x72\x6f\x74\x74\x6c\x65\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5097] exit_group(0) = ? [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561d6620 /* 4 entries */, 32768) = 104 [ 45.689480][ T5097] BTRFS info (device loop0): using free space tree [ 45.706461][ T5097] BTRFS info (device loop0): auto enabling async discard umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561de660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561de660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555561d6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561d55d0) = 5114 ./strace-static-x86_64: Process 5114 attached [pid 5114] chdir("./5") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f600bd62000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5114] munmap(0x7f600bd62000, 16777216) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./bus", 0777) = 0 [ 45.951171][ T5114] loop0: detected capacity change from 0 to 32768 [ 45.960751][ T5114] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor319 (5114) [ 45.976221][ T5114] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.985042][ T5114] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 45.995874][ T5114] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 46.006751][ T5114] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 46.017422][ T5114] BTRFS info (device loop0): trying to use backup root at mount time [ 46.025500][ T5114] BTRFS info (device loop0): use zlib compression, level 3 [ 46.032785][ T5114] BTRFS info (device loop0): enabling ssd optimizations [ 46.039779][ T5114] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5114] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./bus") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5114] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x74\x68\x72\x6f\x74\x74\x6c\x65\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561d6620 /* 4 entries */, 32768) = 104 [ 46.047473][ T5114] BTRFS info (device loop0): using free space tree [ 46.062322][ T5114] BTRFS info (device loop0): auto enabling async discard umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555561de660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555561de660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555561d6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561d55d0) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] chdir("./6") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f600bd62000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5134] munmap(0x7f600bd62000, 16777216) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] mkdir("./bus", 0777) = 0 [ 46.314779][ T5134] loop0: detected capacity change from 0 to 32768 [ 46.324097][ T5134] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor319 (5134) [ 46.338927][ T5134] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 46.347670][ T5134] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 46.358504][ T5134] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 46.369280][ T5134] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 46.379890][ T5134] BTRFS info (device loop0): trying to use backup root at mount time [ 46.388004][ T5134] BTRFS info (device loop0): use zlib compression, level 3 [ 46.395205][ T5134] BTRFS info (device loop0): enabling ssd optimizations [ 46.402172][ T5134] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5134] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0 [pid 5134] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./bus") = 0 [pid 5134] ioctl(4, LOOP_CLR_FD) = 0 [pid 5134] close(4) = 0 [pid 5134] openat(AT_FDCWD, "blkio.throttle.io_serviced", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5134] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x74\x68\x72\x6f\x74\x74\x6c\x65\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5134] exit_group(0) = ? [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555561d6620 /* 4 entries */, 32768) = 104 [ 46.409879][ T5134] BTRFS info (device loop0): using free space tree [ 46.424896][ T5134] BTRFS info (device loop0): auto enabling async discard [ 46.480121][ T5014] assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4355 [ 46.489991][ T5014] ------------[ cut here ]------------ [ 46.495448][ T5014] kernel BUG at fs/btrfs/disk-io.c:4355! [ 46.501135][ T5014] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 46.507200][ T5014] CPU: 0 PID: 5014 Comm: syz-executor319 Not tainted 6.4.0-syzkaller-11312-gb5641a5d8b8b #0 [ 46.517309][ T5014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 46.527383][ T5014] RIP: 0010:close_ctree+0xcf4/0xf70 [ 46.532589][ T5014] Code: d2 1d fe fd 0f 0b e8 3b 75 1a fe b9 03 11 00 00 48 c7 c2 60 10 b5 8a 48 c7 c6 a0 45 b5 8a 48 c7 c7 e0 10 b5 8a e8 ac 1d fe fd <0f> 0b e8 15 75 1a fe 4d 8d a6 f8 07 00 00 4c 89 f7 e8 b6 df ff ff [ 46.552175][ T5014] RSP: 0018:ffffc9000391fbd0 EFLAGS: 00010282 [ 46.558226][ T5014] RAX: 0000000000000051 RBX: ffff888077244d48 RCX: 0000000000000000 [ 46.566178][ T5014] RDX: 0000000000000000 RSI: ffffffff8169197c RDI: 0000000000000005 [ 46.574128][ T5014] RBP: ffff888077244010 R08: 0000000000000005 R09: 0000000000000000 [ 46.582094][ T5014] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8880772459e0 [ 46.590160][ T5014] R13: 0000000000000000 R14: ffff888077244000 R15: ffff888018260c40 [ 46.598133][ T5014] FS: 00005555561d5300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 46.607044][ T5014] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.613620][ T5014] CR2: 00007ffd95af2fe8 CR3: 000000007c969000 CR4: 0000000000350ef0 [ 46.621573][ T5014] Call Trace: [ 46.624828][ T5014] [ 46.627744][ T5014] ? die+0x32/0x90 [ 46.631445][ T5014] ? do_trap+0x1b2/0x3f0 [ 46.635665][ T5014] ? close_ctree+0xcf4/0xf70 [ 46.640263][ T5014] ? close_ctree+0xcf4/0xf70 [ 46.645053][ T5014] ? do_error_trap+0xb1/0x170 [ 46.649983][ T5014] ? close_ctree+0xcf4/0xf70 [ 46.654729][ T5014] ? handle_invalid_op+0x2c/0x30 [ 46.659650][ T5014] ? close_ctree+0xcf4/0xf70 [ 46.664220][ T5014] ? exc_invalid_op+0x2f/0x50 [ 46.668888][ T5014] ? asm_exc_invalid_op+0x1a/0x20 [ 46.673897][ T5014] ? vprintk+0x8c/0xa0 [ 46.677960][ T5014] ? close_ctree+0xcf4/0xf70 [ 46.682576][ T5014] ? do_raw_spin_unlock+0x175/0x230 [ 46.688302][ T5014] ? btrfs_cleanup_transaction.isra.0+0x1340/0x1340 [ 46.695315][ T5014] ? collect_domain_accesses+0x900/0x900 [ 46.700932][ T5014] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 46.706722][ T5014] ? dispose_list+0x1e0/0x1e0 [ 46.711382][ T5014] ? btrfs_sync_fs+0x13a/0x730 [ 46.716125][ T5014] ? sync_blockdev+0x79/0x90 [ 46.720689][ T5014] ? fscrypt_destroy_keyring+0x1a/0x380 [ 46.726219][ T5014] ? btrfs_set_super+0x70/0x70 [ 46.730978][ T5014] generic_shutdown_super+0x158/0x480 [ 46.736325][ T5014] kill_anon_super+0x3a/0x60 [ 46.740893][ T5014] btrfs_kill_super+0x3c/0x50 [ 46.745545][ T5014] deactivate_locked_super+0x98/0x160 [ 46.751334][ T5014] deactivate_super+0xb1/0xd0 [ 46.756000][ T5014] cleanup_mnt+0x2ae/0x3d0 [ 46.760399][ T5014] task_work_run+0x16f/0x270 [ 46.764974][ T5014] ? task_work_cancel+0x30/0x30 [ 46.769807][ T5014] ? __x64_sys_umount+0x118/0x190 [ 46.774812][ T5014] ptrace_notify+0x118/0x140 [ 46.779395][ T5014] syscall_exit_to_user_mode_prepare+0x129/0x220 [ 46.785798][ T5014] syscall_exit_to_user_mode+0xd/0x50 [ 46.791258][ T5014] do_syscall_64+0x46/0xb0 [ 46.795662][ T5014] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.801538][ T5014] RIP: 0033:0x7f60141b0dc7 [ 46.805938][ T5014] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 46.825525][ T5014] RSP: 002b:00007ffd95af3248 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 46.833914][ T5014] RAX: 0000000000000000 RBX: 000000000000b455 RCX: 00007f60141b0dc7 [ 46.841861][ T5014] RDX: 00007ffd95af3307 RSI: 000000000000000a RDI: 00007ffd95af3300 [ 46.849832][ T5014] RBP: 00007ffd95af3300 R08: 00000000ffffffff R09: 00007ffd95af30e0 [ 46.857788][ T5014] R10: 00005555561d6633 R11: 0000000000000206 R12: 00007ffd95af4370 [ 46.865737][ T5014] R13: 00005555561d65f0 R14: 00007ffd95af3270 R15: 0000000000000007 [ 46.873691][ T5014] [ 46.876689][ T5014] Modules linked in: [ 46.880805][ T5014] ---[ end trace 0000000000000000 ]--- [ 46.886359][ T5014] RIP: 0010:close_ctree+0xcf4/0xf70 [ 46.891604][ T5014] Code: d2 1d fe fd 0f 0b e8 3b 75 1a fe b9 03 11 00 00 48 c7 c2 60 10 b5 8a 48 c7 c6 a0 45 b5 8a 48 c7 c7 e0 10 b5 8a e8 ac 1d fe fd <0f> 0b e8 15 75 1a fe 4d 8d a6 f8 07 00 00 4c 89 f7 e8 b6 df ff ff [ 46.911556][ T5014] RSP: 0018:ffffc9000391fbd0 EFLAGS: 00010282 [ 46.917636][ T5014] RAX: 0000000000000051 RBX: ffff888077244d48 RCX: 0000000000000000 [ 46.925700][ T5014] RDX: 0000000000000000 RSI: ffffffff8169197c RDI: 0000000000000005 [ 46.933740][ T5014] RBP: ffff888077244010 R08: 0000000000000005 R09: 0000000000000000 [ 46.941731][ T5014] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8880772459e0 [ 46.949720][ T5014] R13: 0000000000000000 R14: ffff888077244000 R15: ffff888018260c40 [ 46.957705][ T5014] FS: 00005555561d5300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 46.966664][ T5014] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.973268][ T5014] CR2: 00007ffd95af2fe8 CR3: 000000007c969000 CR4: 0000000000350ef0 [ 46.981258][ T5014] Kernel panic - not syncing: Fatal exception [ 46.988097][ T5014] Kernel Offset: disabled [ 46.992403][ T5014] Rebooting in 86400 seconds..